Hallo Cosinus,
zwei Logs habe ich Dir angehängt. Bei
Osam erhalte ich folgendes Log:
Code:
Alles auswählen Aufklappen ATTFilter
Report of OSAM : Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:14:23 on 22.10.2012
OS: Windows 7 Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0.1
Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures
Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries
Risk Name Publisher Full Path Status
Common
%SystemRoot%\Tasks
|||||| "Adobe Flash Player Updater.job" "Adobe Systems Incorporated" C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "BCMWLCPL.CPL" "Dell Inc." C:\Windows\system32\BCMWLCPL.CPL File exists
|||||| "DivXControlPanelApplet.cpl" "DivX, Inc." C:\Windows\system32\DivXControlPanelApplet.cpl File exists
"FlashPlayerCPLApp.cpl" "Adobe Systems Incorporated" C:\Windows\system32\FlashPlayerCPLApp.cpl File exists
|||||| "nvcpl.cpl" "NVIDIA Corporation" C:\Windows\system32\nvcpl.cpl File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "bcmwlcpl.cpl" "Dell Inc." C:\Windows\System32\bcmwlcpl.cpl File exists
|||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL File exists
"QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
"aswMBR" (aswMBR) C:\Users\DANIEL~1\AppData\Local\Temp\aswMBR.sys Hidden registry entry, rootkit activity | File not found
"avgntflt" (avgntflt) "Avira GmbH" C:\Windows\System32\DRIVERS\avgntflt.sys File exists
"avipbb" (avipbb) "Avira GmbH" C:\Windows\System32\DRIVERS\avipbb.sys File exists
|||||| "avkmgr" (avkmgr) "Avira GmbH" C:\Windows\System32\DRIVERS\avkmgr.sys File exists
|||||| "BCM42RLY" (BCM42RLY) "Broadcom Corporation" C:\Windows\System32\drivers\BCM42RLY.sys File exists
"catchme" (catchme) C:\Users\DANIEL~1\AppData\Local\Temp\catchme.sys File not found
|||||| "Citrix USB Monitor Driver" (ctxusbm) "Citrix Systems, Inc." C:\Windows\System32\DRIVERS\ctxusbm.sys File exists
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) C:\Windows\System32\DRIVERS\ewusbmdm.sys File not found
"Huawei DataCard USB PNP Device" (hwusbdev) C:\Windows\System32\DRIVERS\ewusbdev.sys File not found
"kgddypoc" (kgddypoc) "GMER" C:\kgddypoc.sys Hidden registry entry, rootkit activity
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" C:\Windows\System32\Drivers\PxHelp20.sys File exists
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" "Citrix Systems, Inc." C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll File exists
|||||| {CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" "Citrix Systems, Inc." C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll File exists
|||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
|||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL File exists
|||| {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" "Skype Technologies S.A." C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File exists
|||||| {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" "Microsoft Corporation" C:\Program Files\Windows Live\Mail\mailcomm.dll File exists
|||||| {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" "NVIDIA Corporation" C:\Windows\system32\nvcpl.dll File exists
|| {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" "DivX, Inc." C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll File exists
|| {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" "DivX, Inc." C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" "NVIDIA Corporation" C:\Windows\system32\nvshext.dll File exists
|||||| {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" "NVIDIA Corporation" C:\Windows\system32\nvcpl.dll File exists
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL File exists
{1AC06E4B-5A0A-4B62-B24A-F48389402CCE} "PowerLame" File not found | COM-object registry key not found
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\shlext.dll File exists
|||||| {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
|||||| {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe File exists
|||||| {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll File exists
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" C:\Program Files\WinRAR\rarext.dll File exists
|||||| {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" "Microsoft Corporation" C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" "Microsoft Corporation" C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll File exists
|| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL File exists
|||| {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" "Skype Technologies S.A." C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|||| {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" "Microsoft Corporation." C:\Program Files\Microsoft\BingBar\BingExt.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||| {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" "Microsoft Corporation." C:\Program Files\Microsoft\BingBar\BingExt.dll File exists
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
|||| {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" "Skype Technologies S.A." C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File exists
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" File not found | COM-object registry key not found
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\Daniel Kort\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
|||| "Google Calendar Sync.lnk" "Google" C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe Shortcut exists | File exists
"McAfee Security Scan Plus.lnk" "McAfee, Inc." C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe Shortcut exists | File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"DKab1err" "Dell, Inc." C:\Program Files\Dell\Printer Software\ErrorApp\DKab1err.exe File exists
|||| "Skype" "Skype Technologies S.A." "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File exists
"APSDaemon" "Apple Inc." "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" File exists
"avgnt" "Avira Operations GmbH & Co. KG" "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min File exists
|||| "Broadcom Wireless Manager UI" "Dell Inc." C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe File exists
|||| "ConnectionCenter" "Citrix Systems, Inc." "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup File exists
"DBRMTray" "Microsoft" C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe File exists
"FreePDF Assistant" "shbox.de" "C:\Program Files\FreePDF_XP\fpassist.exe" File exists
|||||| "NvCplDaemon" "NVIDIA Corporation" RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup File exists
"NVHotkey" "NVIDIA Corporation" rundll32.exe C:\Windows\system32\nvHotkey.dll,Start File exists
|||| "PDVDDXSrv" "CyberLink Corp." "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" File exists
"QuickTime Task" "Apple Inc." "C:\Program Files\QuickTime\QTTask.exe" -atboottime File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
"DBRMTray" "Microsoft" C:\Dell\DBRM\Reminder\TrayApp.exe File exists
Network Providers
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
|||||| "Dell Wireless WLAN Card Logon Provider" "Dell Inc." C:\Windows\System32\BCMLogon.dll File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
"Dell Enhanced TCP/IP Port" " " C:\Windows\system32\dkablmpm.dll File exists
|||||| "Redirected Port" C:\Windows\system32\redmonnt.dll File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
|| "Adobe Acrobat Update Service" (AdobeARMservice) "Adobe Systems Incorporated" C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe File exists
|||||| "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) "Adobe Systems Incorporated" C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe File exists
"Avira Browser Schutz" (AntiVirWebService) "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE File exists
"Avira Echtzeit Scanner" (AntiVirService) "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\avguard.exe File exists
"Avira Email Schutz" (AntiVirMailService) "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\avmailc.exe File exists
"Avira Planer" (AntiVirSchedulerService) "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\sched.exe File exists
|||||| "BBUpdate" (BBUpdate) "Microsoft Corporation" C:\Program Files\Microsoft\BingBar\SeaPort.EXE File exists
|||| "Bing Bar Update Service" (BBSvc) "Microsoft Corporation." C:\Program Files\Microsoft\BingBar\BBSvc.EXE File exists
|||||| "Dell Wireless WLAN Tray Service" (wltrysvc) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE File found, but it contains no detailed information
"dkab_device" (dkab_device) " " C:\Windows\system32\DKabcoms.exe File exists
"Freemake Improver" (Freemake Improver) "Freemake" C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe File exists
|||||| "McAfee Security Scan Component Host Service" (McComponentHostService) "McAfee, Inc." C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe File exists
|||||| "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) "Microsoft Corporation" C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe File exists
|||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
"Mozilla Maintenance Service" (MozillaMaintenance) "Mozilla Foundation" C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe File exists
|||||| "NVIDIA Display Driver Service" (nvsvc) "NVIDIA Corporation" C:\Windows\system32\nvvsvc.exe File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Skype Updater" (SkypeUpdate) "Skype Technologies" C:\Program Files\Skype\Updater\Updater.exe File exists
|||||| "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) "Microsoft Corporation" c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe File exists
|||||| "SQL Server VSS Writer" (SQLWriter) "Microsoft Corporation" c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe File exists
|||||| "SQL Server-Browser" (SQLBrowser) "Microsoft Corporation" c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe File exists
|||||| "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) "Microsoft Corporation" C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe File exists
|||||| "stllssvr" (stllssvr) "MicroVision Development, Inc." C:\Program Files\Common Files\SureThing Shared\stllssvr.exe File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
"AVSDA" "Avira Operations GmbH & Co. KG" C:\Program Files\Avira\AntiVir Desktop\avsda.dll File exists
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Dank Dir!
22.10.2012, 11:17
Baum-Darstellung