Osam hier und MBR im Anhang:
OSAM Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
Report of OSAM : Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:36:38 on 26.06.2011
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 5.0
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - F:\WINDOWS\system32\sdnclean.exe
[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - F:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - F:\Programme\Google\Update\GoogleUpdate.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ALSNDMGR.CPL" - ? - F:\WINDOWS\system32\ALSNDMGR.CPL (File found, but it contains no detailed information)
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - F:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - F:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - F:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - F:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgio" (avgio) - "Avira GmbH" - F:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\avipbb.sys
"C-Media PCI Audio Driver (WDM)" (cmpci) - "C-Media Inc" - F:\WINDOWS\System32\drivers\cmaudio.sys
"catchme" (catchme) - ? - F:\ComboFix\catchme.sys (File not found)
"Changer" (Changer) - ? - F:\WINDOWS\system32\drivers\Changer.sys (File not found)
"epmntdrv" (epmntdrv) - ? - F:\WINDOWS\system32\epmntdrv.sys (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - F:\WINDOWS\system32\EuGdiDrv.sys (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - F:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - F:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - F:\WINDOWS\system32\drivers\mbam.sys
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - F:\WINDOWS\system32\drivers\mbamswissarmy.sys
"PCASp50 NDIS Protocol Driver" (PCASp50) - ? - F:\WINDOWS\System32\Drivers\PCASp50.sys (File not found)
"PCIDump" (PCIDump) - ? - F:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - F:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - F:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - F:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - F:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - F:\WINDOWS\System32\Drivers\PxHelp20.sys
"Service for Realtek AC97 Audio (WDM)" (ALCXWDM) - "Realtek Semiconductor Corp." - F:\WINDOWS\System32\drivers\ALCXWDM.SYS
"snhyyre" (snhyyre) - ? - F:\WINDOWS\System32\drivers\rxqeub.sys (File not found)
"Speedport W 102 Stick IEEE 802.11n USB 2.0 Driver" (rt2870) - ? - F:\WINDOWS\System32\DRIVERS\rt2870.sys (File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - F:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - F:\WINDOWS\system32\drivers\WDICA.sys (File not found)
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - F:\WINDOWS\system32\Rundll32.exe F:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - F:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - F:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - F:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - F:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? - (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - F:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - F:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - F:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - F:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - F:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - F:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - F:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - F:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll
{44176360-2BBF-4EC1-93CE-384B8681A0BC} "Spybot-S&D Explorer Integration" - "Safer-Networking Ltd." - F:\Programme\Spybot - Search & Destroy 2\SDECon32.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - "Simply Super Software" - F:\PROGRA~1\TROJAN~1\Trshlex.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - F:\Programme\WinRAR\rarext.dll
[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
DirectAnimation Java Classes "DirectAnimation Java Classes" - ? - (File not found | COM-object registry key not found) / file://F:\WINDOWS\Java\classes\dajava.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - F:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - F:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - F:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Microsoft XML Parser for Java "Microsoft XML Parser for Java" - ? - (File not found | COM-object registry key not found) / file://F:\WINDOWS\Java\classes\xmldso.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Macromedia, Inc." - F:\WINDOWS\system32\Macromed\Flash\Flash6.ocx / https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? - (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer-Networking Ltd." - F:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - F:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{11222041-111B-46E3-BD29-EFB2449479B1} "IEPlugin Class" - "ArcSoft, Inc." - F:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - F:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - F:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer-Networking Ltd." - F:\Programme\Spybot - Search & Destroy 2\SDHelper.dll
[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - F:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Philips GoGear ARIA Device Manager.lnk" - "Philips" - F:\Programme\Philips\GoGear ARIA Device Manager\GoGear_Aria_DeviceManager.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - F:\Dokumente und Einstellungen\m\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.0.lnk" - ? - F:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "F:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - F:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
"ATICCC" - "ATI Technologies Inc." - "F:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
"avgnt" - "Avira GmbH" - "F:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"C-Media Mixer" - "C-Media Electronic Inc. (www.cmedia.com.tw)" - Mixer.exe /startup
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "F:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"SDTray" - "Safer-Networking Ltd." - "F:\Programme\Spybot - Search & Destroy 2\SDTray.exe"
"SoundMan" - "Realtek Semiconductor Corp." - SOUNDMAN.EXE
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "F:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"THGuard" - "Mischel Internet Security" - "F:\Programme\TrojanHunter 5.3\THGuard.exe"
"TrojanScanner" - "Simply Super Software" - F:\Programme\Trojan Remover\Trjscan.exe /boot
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - F:\WINDOWS\System32\appmgmts.dll (File not found)
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - F:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"ATI Smart" (ATI Smart) - ? - F:\WINDOWS\system32\ati2sgag.exe
"Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - F:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - F:\Programme\Avira\AntiVir Desktop\sched.exe
"Creative Service for CDROM Access" (Creative Service for CDROM Access) - "Creative Technology Ltd" - F:\WINDOWS\system32\CTsvcCDA.exe
"CT Device Query service" (CTDevice_Srv) - "Creative Technology Ltd" - F:\Programme\Creative\Shared Files\CTDevSrv.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - F:\Programme\Google\Update\GoogleUpdate.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - F:\Programme\Java\jre6\bin\jqs.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - F:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - F:\WINDOWS\system32\HPZinw12.dll
"NMSAccessU" (NMSAccessU) - ? - F:\Programme\CDBurnerXP\NMSAccessU.exe (File found, but it contains no detailed information)
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - F:\WINDOWS\system32\HPZipm12.dll
"Spybot-S&D 2 Firewall Service" (SDFirewallService) - "Safer-Networking Ltd." - F:\Programme\Spybot - Search & Destroy 2\SDFWSvc.exe
"Spybot-S&D 2 Monitoring Service" (SDMonitorService) - "Safer-Networking Ltd." - F:\Programme\Spybot - Search & Destroy 2\SDMonSvc.exe
"Spybot-S&D 2 Scanner Service" (SDScannerService) - "Safer-Networking Ltd." - F:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
"Spybot-S&D 2 Security Center Service" (SDWSCService) - "Safer-Networking Ltd." - F:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
"Spybot-S&D 2 Updating Service" (SDUpdateService) - "Safer-Networking Ltd." - F:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
"TabletServicePen" (TabletServicePen) - "Wacom Technology, Corp." - F:\Programme\Tablet\Pen\Pen_Tablet.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - F:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
26.06.2011, 16:39
Baum-Darstellung