TR/Fakealert.kit1

new-commer · 07.05.2010, 20:10

Geschaft, hier ist der Osam Scan.
Gruß

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:08:52 on 07.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CMDVDPak.cpl" - "Sonic Solutions" - D:\WINDOWS\system32\CMDVDPak.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\infocardcpl.cpl
"jpicpl32.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\jpicpl32.cpl
"pmxusb.cpl" - ? - D:\WINDOWS\system32\pmxusb.cpl (File signed by Microsoft | File found, but it contains no detailed information)
"QuickTime.cpl" - "Apple Computer, Inc." - D:\WINDOWS\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\ANTIVI~1\avconfig.cpl (File not found)
"Nero BurnRights" - "Nero AG" - D:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a7mb0ste" (a7mb0ste) - "Microsoft Corporation" - D:\WINDOWS\system32\drivers\a7mb0ste.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Acronis Snapshots Manager" (snapman) - "Acronis" - D:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM ISDN-Controller A1" (a1base) - "AVM GmbH" - D:\WINDOWS\System32\DRIVERS\fbase.sys
"AVM NDIS WAN CAPI Treiber" (AVMWAN) - "AVM Berlin" - D:\WINDOWS\System32\DRIVERS\avmwan.sys
"AVMPORT" (AVMPORT) - "AVM Berlin" - D:\WINDOWS\System32\drivers\avmport.sys
"catchme" (catchme) - ? - D:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys (File not found)
"fixustor" (fixustor) - "Genesys Logic" - D:\WINDOWS\System32\drivers\fixustor.sys
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"MEMSWEEP2" (MEMSWEEP2) - ? - D:\WINDOWS\system32\6.tmp (File not found)
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - D:\WINDOWS\System32\drivers\Afc.sys
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - D:\WINDOWS\system32\drivers\PQNTDrv.sys
"rvsport" (rvsport) - "RVS Datentechnik GmbH, München" - D:\WINDOWS\System32\drivers\rvsport.sys
"SANDRA" (SANDRA) - ? - D:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - D:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"SVKP" (SVKP) - "AntiCracking" - D:\WINDOWS\system32\SVKP.sys
"Telekom Eumex 504PC SE" (dtwmnic5) - ? - D:\WINDOWS\System32\DRIVERS\dtwmnic5.sys (File not found)
"ulisa" (ulisa) - ? - D:\WINDOWS\System32\Drivers\ulisa.sys (File not found)
"VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber" (FETNDIS) - ? - D:\WINDOWS\System32\DRIVERS\fetnd5.sys (File not found)
"WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - hxxp://i7.ebayimg.com/03/i/001/17/df/72bc_12.JPG (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32A9D769-5B55-4a25-9A62-86B5683FE50A} "NikonView Drop Extension" - "Nikon Corporation" - D:\Programme\Nikon\NkView6\NkvDropExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} "Java Plug-in 1.4.1_02" - ? - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll (File not found) / hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
"Location" - "InterTrust Technologies Corporation, Inc." - D:\Programme\Internet Explorer\Plugins\NPDocBox.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - ? - (File not found | COM-object registry key not found)
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - D:\WINDOWS\system32\relog_ap.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"NkvMon.exe.lnk.disabled" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk.disabled
"Sonic CinePlayer Quick Launch.lnk" - "Sonic Solutions" - D:\Programme\Gemeinsame Dateien\Sonic Shared\CineTray.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit Arcor.lnk" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\Verknüpfung mit Arcor.lnk (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"UMonit" - "General" - D:\WINDOWS\system32\umonit.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - "internet-support foehr.com" - D:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Anwendungsverwaltung" (AppMgmt) - ? - D:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"NBService" (NBService) - "Nero AG" - D:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - D:\WINDOWS\system32\IoctlSvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - D:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 07.05.2010, 21:22

GMER Log ist schonmal ok.

Zitat:

"MEMSWEEP2" (MEMSWEEP2) - ? - D:\WINDOWS\system32\6.tmp (File not found)

Sieht nach einem Überbleibsel aus. Bitte mit OSAM deaktivieren + löschen.

new-commer · 08.05.2010, 07:21

Hallo
ich verstehe leider nicht so richtig, wie ich das mit osam machen kann.
Bitte mal kurz erläutern oder screenshoz.
Danke

cosinus · 09.05.2010, 12:52

Das ist alles da beschrieben => http://www.trojaner-board.de/85306-anleitung-osam.html

new-commer · 19.05.2010, 08:27

Hallo Arne,
habe jetzt erst Zeit gefunde.
Hier der erste Logfile nach deaktivieren:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:25:05 on 19.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CMDVDPak.cpl" - "Sonic Solutions" - D:\WINDOWS\system32\CMDVDPak.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\infocardcpl.cpl
"jpicpl32.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\jpicpl32.cpl
"pmxusb.cpl" - ? - D:\WINDOWS\system32\pmxusb.cpl (File signed by Microsoft | File found, but it contains no detailed information)
"QuickTime.cpl" - "Apple Computer, Inc." - D:\WINDOWS\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\ANTIVI~1\avconfig.cpl (File not found)
"Nero BurnRights" - "Nero AG" - D:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - D:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"aqdvwtc5" (aqdvwtc5) - "Microsoft Corporation" - D:\WINDOWS\system32\drivers\aqdvwtc5.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM ISDN-Controller A1" (a1base) - "AVM GmbH" - D:\WINDOWS\System32\DRIVERS\fbase.sys
"AVM NDIS WAN CAPI Treiber" (AVMWAN) - "AVM Berlin" - D:\WINDOWS\System32\DRIVERS\avmwan.sys
"AVMPORT" (AVMPORT) - "AVM Berlin" - D:\WINDOWS\System32\drivers\avmport.sys
"catchme" (catchme) - ? - D:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys (File not found)
"fixustor" (fixustor) - "Genesys Logic" - D:\WINDOWS\System32\drivers\fixustor.sys
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - D:\WINDOWS\System32\drivers\Afc.sys
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - D:\WINDOWS\system32\drivers\PQNTDrv.sys
"rvsport" (rvsport) - "RVS Datentechnik GmbH, München" - D:\WINDOWS\System32\drivers\rvsport.sys
"SANDRA" (SANDRA) - ? - D:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - D:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"SVKP" (SVKP) - "AntiCracking" - D:\WINDOWS\system32\SVKP.sys
"Telekom Eumex 504PC SE" (dtwmnic5) - ? - D:\WINDOWS\System32\DRIVERS\dtwmnic5.sys (File not found)
"ulisa" (ulisa) - ? - D:\WINDOWS\System32\Drivers\ulisa.sys (File not found)
"VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber" (FETNDIS) - ? - D:\WINDOWS\System32\DRIVERS\fetnd5.sys (File not found)
"WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found)
(Disabled) "MEMSWEEP2" (MEMSWEEP2) - ? - D:\WINDOWS\system32\6.tmp (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - hxxp://i7.ebayimg.com/03/i/001/17/df/72bc_12.JPG (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32A9D769-5B55-4a25-9A62-86B5683FE50A} "NikonView Drop Extension" - "Nikon Corporation" - D:\Programme\Nikon\NkView6\NkvDropExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} "Java Plug-in 1.4.1_02" - ? - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll (File not found) / hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
"Location" - "InterTrust Technologies Corporation, Inc." - D:\Programme\Internet Explorer\Plugins\NPDocBox.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - ? - (File not found | COM-object registry key not found)
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - D:\WINDOWS\system32\relog_ap.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"NkvMon.exe.lnk.disabled" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk.disabled
"Sonic CinePlayer Quick Launch.lnk" - "Sonic Solutions" - D:\Programme\Gemeinsame Dateien\Sonic Shared\CineTray.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit Arcor.lnk" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\Verknüpfung mit Arcor.lnk (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"UMonit" - "General" - D:\WINDOWS\system32\umonit.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - "internet-support foehr.com" - D:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Anwendungsverwaltung" (AppMgmt) - ? - D:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"NBService" (NBService) - "Nero AG" - D:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - D:\WINDOWS\system32\IoctlSvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - D:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

new-commer · 19.05.2010, 08:54

Hallo,
keine Arnung ob das jetzt alles richtig war.
Sag mal bitte was dazu.

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:52:07 on 19.05.2010

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.3

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CMDVDPak.cpl" - "Sonic Solutions" - D:\WINDOWS\system32\CMDVDPak.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - D:\WINDOWS\system32\infocardcpl.cpl
"jpicpl32.cpl" - "Sun Microsystems, Inc." - D:\WINDOWS\system32\jpicpl32.cpl
"pmxusb.cpl" - ? - D:\WINDOWS\system32\pmxusb.cpl (File signed by Microsoft | File found, but it contains no detailed information)
"QuickTime.cpl" - "Apple Computer, Inc." - D:\WINDOWS\system32\QuickTime.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - D:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\ANTIVI~1\avconfig.cpl (File not found)
"Nero BurnRights" - "Nero AG" - D:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a8wjd169" (a8wjd169) - "Microsoft Corporation" - D:\WINDOWS\system32\drivers\a8wjd169.sys (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Acronis Snapshots Manager" (snapman) - "Acronis" - D:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - D:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"avgio" (avgio) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\avipbb.sys
"AVM ISDN-Controller A1" (a1base) - "AVM GmbH" - D:\WINDOWS\System32\DRIVERS\fbase.sys
"AVM NDIS WAN CAPI Treiber" (AVMWAN) - "AVM Berlin" - D:\WINDOWS\System32\DRIVERS\avmwan.sys
"AVMPORT" (AVMPORT) - "AVM Berlin" - D:\WINDOWS\System32\drivers\avmport.sys
"catchme" (catchme) - ? - D:\cofi\catchme.sys (File not found)
"Changer" (Changer) - ? - D:\WINDOWS\system32\drivers\Changer.sys (File not found)
"fixustor" (fixustor) - "Genesys Logic" - D:\WINDOWS\System32\drivers\fixustor.sys
"i2omgmt" (i2omgmt) - ? - D:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"lbrtfdc" (lbrtfdc) - ? - D:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"PCIDump" (PCIDump) - ? - D:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - D:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - D:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - D:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - D:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - D:\WINDOWS\System32\drivers\Afc.sys
"PQNTDrv" (PQNTDrv) - "PowerQuest Corporation" - D:\WINDOWS\system32\drivers\PQNTDrv.sys
"rvsport" (rvsport) - "RVS Datentechnik GmbH, München" - D:\WINDOWS\System32\drivers\rvsport.sys
"SANDRA" (SANDRA) - ? - D:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x86\Sandra.sys (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - D:\WINDOWS\System32\Drivers\sptd.sys (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - D:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"SVKP" (SVKP) - "AntiCracking" - D:\WINDOWS\system32\SVKP.sys
"Telekom Eumex 504PC SE" (dtwmnic5) - ? - D:\WINDOWS\System32\DRIVERS\dtwmnic5.sys (File not found)
"ulisa" (ulisa) - ? - D:\WINDOWS\System32\Drivers\ulisa.sys (File not found)
"VIA PCI 10/100-MBit/s-Fast Ethernetadapter-NT-Treiber" (FETNDIS) - ? - D:\WINDOWS\System32\DRIVERS\fetnd5.sys (File not found)
"WDICA" (WDICA) - ? - D:\WINDOWS\system32\drivers\WDICA.sys (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - hxxp://i7.ebayimg.com/03/i/001/17/df/72bc_12.JPG (HTTP value)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - D:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Extension" - "Acronis" - D:\Programme\Acronis\TrueImageHome\tishell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found)
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? - (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found)
{32A9D769-5B55-4a25-9A62-86B5683FE50A} "NikonView Drop Extension" - "Nikon Corporation" - D:\Programme\Nikon\NkView6\NkvDropExt.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - D:\Programme\OpenOffice.org 2.0\program\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - D:\WINDOWS\system32\dfshim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - D:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing LP" - D:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
<binary data> "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} "Java Plug-in 1.4.1_02" - ? - C:\Programme\Java\j2re1.4.1_02\bin\npjpi141_02.dll (File not found) / hxxp://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
"ICQ6" - "ICQ, LLC." - D:\Programme\ICQ6.5\ICQ.exe
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension )-----
"Location" - "InterTrust Technologies Corporation, Inc." - D:\Programme\Internet Explorer\Plugins\NPDocBox.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - ? - (File not found | COM-object registry key not found)
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} "PDFCreator Toolbar" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{C451C08A-EC37-45DF-AAAD-18B51AB5E837} "PDFCreator Toolbar Helper" - ? - D:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Authentication packages" - "Acronis" - D:\WINDOWS\system32\relog_ap.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"NkvMon.exe.lnk.disabled" - ? - D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk.disabled
"Sonic CinePlayer Quick Launch.lnk" - "Sonic Solutions" - D:\Programme\Gemeinsame Dateien\Sonic Shared\CineTray.exe (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\desktop.ini
"Verknüpfung mit Arcor.lnk" - ? - D:\Dokumente und Einstellungen\M&S Weber\Startmenü\Programme\Autostart\Verknüpfung mit Arcor.lnk (Shortcut exists | File not found)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "D:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acronis Scheduler2 Service" - "Acronis" - "D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"avgnt" - "Avira GmbH" - "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"UMonit" - "General" - D:\WINDOWS\system32\umonit.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - "internet-support foehr.com" - D:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - D:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Anwendungsverwaltung" (AppMgmt) - ? - D:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatische Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll (File not found)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - D:\Programme\Avira\AntiVir Desktop\sched.exe
"NBService" (NBService) - "Nero AG" - D:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - D:\WINDOWS\system32\IoctlSvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - D:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 19.05.2010, 12:09

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

new-commer · 19.05.2010, 12:52

Was mache ich dann eigendlich mit den ganzen Programmen?
Einfach auf dem Rechner lassen?
Ohne Anleitung soll man sie doch eh nicht benutzen, oder?
Könnte ich eins davon nutzen, um mich generell besser zu schützen?

cosinus · 19.05.2010, 13:09

Vorsichtig sein musst Du besonders bei CF. Aber ansonsten können die Programme runter. Malwarebytes kannst Du ja drauf lassen und regelmäßig aktualisieren, evtl mal auch 1x Monat das System vollscannen!

Zitat:

Könnte ich eins davon nutzen, um mich generell besser zu schützen?

Siehe Malwarebytes. Du solltest aber besser darauf achten, dass Malware auf Dein System erst garnicht mehr ausgeführt wird. Halte Dich am besten grob an diese fünf Regeln:

1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
2) Halte Windows und alle verwendeten Programme immer aktuell
3) Führe regelmäßig Backups auf externe Medien durch
4) Arbeite mit eingeschränkten Rechten
5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

09.05.2010, 12:52	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Fakealert.kit1 Das ist alles da beschrieben => http://www.trojaner-board.de/85306-anleitung-osam.html __________________ Logfiles bitte immer in CODE-Tags posten

19.05.2010, 12:09	#22
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/Fakealert.kit1 Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

TR/Fakealert.kit1

Plagegeister aller Art und deren Bekämpfung: TR/Fakealert.kit1