|
Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.08.2010, 21:44 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor eingefangen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
27.08.2010, 22:07 | #19 |
| Antimalware Doctor eingefangen ok osam log. gmer will noch nicht so recht.... ich hoff das log passt so. wenn dus anders willst grad sagen, bitte!! ich kanns dir z.b als pdf dran hängen, dann schauts übersichtlicher aus? danke für deine mühen - ich kanns gar nicht oft genug sagen... <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Report of OSAM: Autorun Manager v5.0.11926.0</title> <style type="text/css"> body { margin : 10px 10px 10px 20px; color : #000000; background-color : #fffbf0; font : 10pt Tahoma, Verdana, Arial, Helvetica, sans-serif; scrollbar-3dlight-color : #fffbf0; scrollbar-arrow-color : #000000; scrollbar-darkshadow-color: #000000; scrollbar-face-color : #fffbf0; scrollbar-highlight-color : #000000; scrollbar-shadow-color : #fffbf0; scrollbar-track-color : #fffbf0; } a:link { color: #e15616; } a:visited { color: #e15616; } a:hover { color: #e4743f; } a:active { color: #e4743f; } .header1 { font-size : 115%; font-weight: bold; margin-left: 0px; } table { border-collapse: collapse; border : 1px solid #000000; cellpadding : 0; cellspacing : 0; width : 90%; } td,th { font-size : 12px; color : #000000; background : #fffbf0; border : 1px solid #000000; text-align : left; vertical-align: top; padding : 2px 4px 2px 4px; } .cap { font-weight: bold; font-size : 10pt; padding : 2px 4px 2px 4px; border : 1px solid #000000; } .group { font-weight: bold; font-size : 10pt; padding : 2px 4px 2px 4px; text-align : center; } .reg { font-weight: bold; font-size : 10pt; border : 0px none; padding : 2px 4px 2px 4px; } .notfound { background-color: #B3DDFF; } .blocked { background-color: #FF96EB; } .nodetails { background-color: #FFFF75; } .trusted { background-color: #C8FFC8; } .rootkit { background-color: #FF8696; } td.rs { text-align: center; vertical-align: center; font-family: courier; } td.rs.rm { background: #F90424; title: "Malware"; } td.rs.ri { background: #F90424; title: "Infected"; color: #21F411; } td.rs.rw { background: #F90424; title: "Unwanted"; } td.rs.rs { background: #F90424; title: "Suspicious"; } td.rs.rt { background: #21F411; title: "Trusted"; } td.rs.rc { background: #21F411; title: "Checked"; } td.rs.ry { background: #21F411; title: "Up-to-You"; } td.rs.rr { background: #F6EB13; title: "Riskware"; } td.rs.ru { background: #D4D0C8; title: "Unknown"; } td.rs.rn { background: #FFFFFF; title: "Not checked"; } </style> </head> <body> <p><span class="header1">Report of OSAM: Autorun Manager v5.0.11926.0</span><br> <a href="hxxp://www.online-solutions.ru/en/" target="_blank">hxxp://www.online-solutions.ru/en/</a><br> Saved at 23:03:07 on 27.08.2010</p> <b>OS</b>: Windows Vista Home Premium Edition (Build 6000), 32-bit<br> <b>Default Browser</b>: Mozilla Corporation Firefox 3.6.8<br> <br><b>Scanner Settings</b><br> <input type="checkbox" disabled checked>Rootkits detection (hidden registry)<br> <input type="checkbox" disabled checked>Rootkits detection (hidden files)<br> <input type="checkbox" disabled checked>Retrieve files information<br> <input type="checkbox" disabled checked>Check Microsoft signatures<br> <br><b>Filters</b><br> <input type="checkbox" disabled>Trusted entries<br> <input type="checkbox" disabled>Empty entries<br> <input type="checkbox" disabled checked>Hidden registry entries (rootkit activity)<br> <input type="checkbox" disabled checked>Exclusively opened files<br> <input type="checkbox" disabled checked>Not found files<br> <input type="checkbox" disabled checked>Files without detailed information<br> <input type="checkbox" disabled checked>Existing files<br> <input type="checkbox" disabled>Non-startable services<br> <input type="checkbox" disabled>Non-startable drivers<br> <input type="checkbox" disabled checked>Active entries<br> <input type="checkbox" disabled checked>Disabled entries<br> <br> <table border="1" cellpadding="0" cellspacing="0"> <tr> <th class="cap" width="20"> </th> <th class="cap">Risk</th> <th class="cap">Name</th> <th class="cap">Publisher</th> <th class="cap">Full Path</th> <th class="cap">Status</th> </tr> <tr> <td class="group" colspan="6">Control Panel Objects</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Nero BurnRights"</td> <td>"Nero AG"</td> <td>C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Drivers</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"avgntflt" (avgntflt)</td> <td>"Avira GmbH"</td> <td>C:\Windows\System32\DRIVERS\avgntflt.sys</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"avipbb" (avipbb)</td> <td>"Avira GmbH"</td> <td>C:\Windows\System32\DRIVERS\avipbb.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"catchme" (catchme)</td> <td class="notfound"></td> <td class="notfound">C:\Users\admin\AppData\Local\Temp\catchme.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="nodetails"><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td class="nodetails">"Hotkey" (Hotkey)</td> <td class="nodetails"></td> <td class="nodetails">C:\Windows\system32\drivers\Hotkey.sys</td> <td class="nodetails">File found, but it contains no detailed information</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"IP in IP Tunnel Driver" (IpInIp)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\System32\DRIVERS\ipinip.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"IPX Traffic Filter Driver" (NwlnkFlt)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\System32\DRIVERS\nwlnkflt.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"IPX Traffic Forwarder Driver" (NwlnkFwd)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\System32\DRIVERS\nwlnkfwd.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"IVI ASPI Shell" (Iviaspi)</td> <td>"InterVideo, Inc."</td> <td>C:\Windows\System32\drivers\iviaspi.sys</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"mailKmd" (mailKmd)</td> <td class="notfound"></td> <td class="notfound">C:\Windows\system32\drivers\mailKmd.sys</td> <td class="notfound">File not found</td> </tr> <tr> <td class="rootkit"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="rootkit">"mbr" (mbr)</td> <td class="rootkit"></td> <td class="rootkit">C:\Users\admin\AppData\Local\Temp\mbr.sys</td> <td class="rootkit">Hidden registry entry, rootkit activity | File not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"ssmdrv" (ssmdrv)</td> <td>"Avira GmbH"</td> <td>C:\Windows\System32\DRIVERS\ssmdrv.sys</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Explorer</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Classes\Folder\shellex\ColumnHandlers</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class"</td> <td>"Nero AG"</td> <td>C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension"</td> <td>"Adobe Systems, Inc."</td> <td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Filter</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Classes\Protocols\Handler</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class"</td> <td>"Skype Technologies"</td> <td>C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{828030A1-22C1-4009-854F-8E305202313F} "livecall"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{828030A1-22C1-4009-854F-8E305202313F} "msnim"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{00020d75-0000-0000-c000-000000000046} "lnkfile"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler"</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Microsoft Office\Office12\msohevi.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class"</td> <td>"Nero AG"</td> <td>C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class"</td> <td>"Nero AG"</td> <td>C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning"</td> <td>"Avira GmbH"</td> <td>C:\Program Files\Avira\AntiVir Desktop\shlext.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class"</td> <td>"Ulead Systems, Inc."</td> <td>C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR"</td> <td>"Alexander Roshal"</td> <td>C:\Program Files\WinRAR\rarext.dll</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Internet Explorer</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}"<br>hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research"</td> <td>"Microsoft Corporation"</td> <td>C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader"</td> <td>"Adobe Systems Incorporated"</td> <td>C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll</td> <td>File exists</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}"</td> <td class="notfound"></td> <td class="notfound"></td> <td class="notfound">File not found | COM-object registry key not found</td> </tr> <tr> <td class="group" colspan="6">Logon</td> </tr> <tr> <td class="reg" colspan="6">%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"desktop.ini"</td> <td></td> <td>C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"desktop.ini"</td> <td></td> <td>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini</td> <td>File exists</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd</td> </tr> <tr> <td class="notfound"><input type="checkbox" disabled checked></td> <td class="rs rn"> </td> <td class="notfound">"StartupPrograms"</td> <td class="notfound"></td> <td class="notfound">rdpclip</td> <td class="notfound">File not found</td> </tr> <tr> <td class="reg" colspan="6">HKLM\Software\Microsoft\Windows\CurrentVersion\Run</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"avgnt"</td> <td>"Avira GmbH"</td> <td>"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"HotkeyApp"</td> <td>"Wistron"</td> <td>"C:\Program Files\Launch Manager\HotkeyApp.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"IAAnotif"</td> <td>"Intel Corporation"</td> <td>"C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"LaunchAp"</td> <td></td> <td>"C:\Program Files\Launch Manager\LaunchAp.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"LMgrOSD"</td> <td>"Wistron Corp."</td> <td>"C:\Program Files\Launch Manager\OSD.exe"</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"NeroFilterCheck"</td> <td>"Nero AG"</td> <td>C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Wbutton"</td> <td></td> <td>"C:\Program Files\Launch Manager\Wbutton.exe"</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Print Monitors</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Microsoft Document Imaging Writer Monitor"</td> <td>"Microsoft Corporation"</td> <td>C:\Windows\system32\mdimon.dll</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Send To Microsoft OneNote Monitor"</td> <td>"Microsoft Corporation"</td> <td>C:\Windows\system32\msonpmon.dll</td> <td>File exists</td> </tr> <tr> <td class="group" colspan="6">Services</td> </tr> <tr> <td class="reg" colspan="6">HKLM\SYSTEM\CurrentControlSet\Services</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Avira AntiVir Guard" (AntiVirService)</td> <td>"Avira GmbH"</td> <td>C:\Program Files\Avira\AntiVir Desktop\avguard.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Avira AntiVir Planer" (AntiVirSchedulerService)</td> <td>"Avira GmbH"</td> <td>C:\Program Files\Avira\AntiVir Desktop\sched.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance)</td> <td>"MAGIX®"</td> <td>C:\Program Files\Hofer Foto Service\Common\Database\bin\fbserver.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Intel(R) Matrix Storage Event Monitor" (IAANTMON)</td> <td>"Intel Corporation"</td> <td>C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"IviRegMgr" (IviRegMgr)</td> <td>"InterVideo"</td> <td>C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"LightScribeService Direct Disc Labeling Service" (LightScribeService)</td> <td>"Hewlett-Packard Company"</td> <td>C:\Program Files\Common Files\LightScribe\LSSrvc.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs ry">|||| </td> <td>"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc)</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\MSN Messenger\usnsvc.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Microsoft Office Diagnostics Service" (odserv)</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"NBService" (NBService)</td> <td>"Nero AG"</td> <td>C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"NMIndexingService" (NMIndexingService)</td> <td>"Nero AG"</td> <td>C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Office Source Engine" (ose)</td> <td>"Microsoft Corporation"</td> <td>C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"Ulead Burning Helper" (UleadBurningHelper)</td> <td>"Ulead Systems, Inc."</td> <td>C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe</td> <td>File exists</td> </tr> <tr> <td><input type="checkbox" disabled checked></td> <td class="rs rt">||||||</td> <td>"WisLMSvc" (WisLMSvc)</td> <td>"Wistron Corp."</td> <td>C:\Program Files\Launch Manager\WisLMSvc.exe</td> <td>File exists</td> </tr> </table> <p>If You have questions or want to get some help, You can visit <a href="hxxp://forum.online-solutions.ru" target="_blank">hxxp://forum.online-solutions.ru</a></p> </body></html> |
27.08.2010, 22:15 | #20 |
| Antimalware Doctor eingefangen und hier das bootkit log als anhang |
27.08.2010, 23:17 | #22 |
| Antimalware Doctor eingefangen oh sorry. hatte es unter html gespeichert... hier also nochmal OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 00:15:51 on 28.08.2010 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\admin\AppData\Local\Temp\catchme.sys (File not found) "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\Windows\System32\drivers\iviaspi.sys "mailKmd" (mailKmd) - ? - C:\Windows\system32\drivers\mailKmd.sys (File not found) "mbr" (mbr) - ? - C:\Users\admin\AppData\Local\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe" "LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "Wbutton" - ? - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Hofer Foto Service\Common\Database\bin\fbserver.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Program Files\MSN Messenger\usnsvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe ===[ Logfile end ]=========================================[ Logfile end ]=== |
28.08.2010, 13:03 | #24 |
| Antimalware Doctor eingefangen gesagt getan.... hat wohl auch was von avvira gelöscht - jetzt funzt der guard nicht mehr und ich kann das "mailkmd" nicht "vom storage deleten"? was ist denn eigentlich das hier "catchme" (catchme) - ? - C:\Users\admin\AppData\Local\Temp\catchme.sys (File not found) "mbr" (mbr) - ? - C:\Users\admin\AppData\Local\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) hier also der osam report (Success) HKLM\SYSTEM\CurrentControlSet\Services\AntiVirService Avira AntiVir Guard Avira GmbH C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Shell Extension for Malware scanning Avira GmbH C:\Program Files\Avira\AntiVir Desktop\shlext.dll (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Sam Account Folder (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Explorer Query Band (Success) HKLM\SYSTEM\CurrentControlSet\Services\Iviaspi IVI ASPI Shell InterVideo, Inc. C:\Windows\System32\drivers\iviaspi.sys (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Run avgnt Avira GmbH C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ActiveDirectory Folder (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved NeroDigitalPropSheetHandler Class Nero AG C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Success) HKLM\SYSTEM\CurrentControlSet\Services\IAANTMON Intel(R) Matrix Storage Event Monitor Intel Corporation C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Success) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49} An OneNote senden Microsoft Corporation C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls Nero BurnRights Nero AG C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl (Success) HKLM\Software\Classes\Protocols\Handler\skype4com IEProtocolHandler Class Skype Technologies C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved USIShellExt Class Ulead Systems, Inc. C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Run LMgrOSD Wistron Corp. C:\Program Files\Launch Manager\OSD.exe (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Run HotkeyApp Wistron C:\Program Files\Launch Manager\HotkeyApp.exe (Success) HKLM\SYSTEM\CurrentControlSet\Services\ssmdrv ssmdrv Avira GmbH C:\Windows\System32\DRIVERS\ssmdrv.sys (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Run IAAnotif Intel Corporation C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Success) HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882} NeroDigitalColumnHandler Class Nero AG C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Success) HKLM\SYSTEM\CurrentControlSet\Services\avgntflt avgntflt Avira GmbH C:\Windows\System32\DRIVERS\avgntflt.sys (Success) HKLM\Software\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} PDF Shell Extension Adobe Systems, Inc. C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (Success) HKLM\SYSTEM\CurrentControlSet\Services\NMIndexingService NMIndexingService Nero AG C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Microsoft Office OneNote Namespace Extension for Windows Desktop Search Microsoft Corporation C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Run Wbutton C:\Program Files\Launch Manager\Wbutton.exe (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Meine freigegebenen Ordner Microsoft Corporation C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll (Success) HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Microsoft Document Imaging Writer Monitor Microsoft Document Imaging Writer Monitor Microsoft Corporation C:\Windows\system32\mdimon.dll (Success) HKLM\SYSTEM\CurrentControlSet\Services\WisLMSvc WisLMSvc Wistron Corp. C:\Program Files\Launch Manager\WisLMSvc.exe (Success) HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved NeroDigitalIconHandler Class Nero AG C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Run NeroFilterCheck Nero AG C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Success) HKLM\SYSTEM\CurrentControlSet\Services\ose Office Source Engine Microsoft Corporation C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Success) HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFlt IPX Traffic Filter Driver C:\Windows\System32\DRIVERS\nwlnkflt.sys (Success) HKLM\SYSTEM\CurrentControlSet\Services\FirebirdServerMAGIXInstance Firebird Server - MAGIX Instance MAGIX® C:\Program Files\Hofer Foto Service\Common\Database\bin\fbserver.exe (Success) HKLM\Software\Classes\Protocols\Handler\livecall livecall Microsoft Corporation C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Microsoft Office Metadata Handler Microsoft Corporation C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Contacts folder (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved lnkfile (Success) HKLM\SYSTEM\CurrentControlSet\Services\IviRegMgr IviRegMgr InterVideo C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Success) HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwd IPX Traffic Forwarder Driver C:\Windows\System32\DRIVERS\nwlnkfwd.sys (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Microsoft Office Thumbnail Handler Microsoft Corporation C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll (Success) HKLM\Software\Classes\Protocols\Filter\text/xml Microsoft Office InfoPath XML Mime Filter Microsoft Corporation C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved WinRAR Alexander Roshal C:\Program Files\WinRAR\rarext.dll (Success) HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd StartupPrograms rdpclip (Success) HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\Send To Microsoft OneNote Monitor Send To Microsoft OneNote Monitor Microsoft Corporation C:\Windows\system32\msonpmon.dll (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045} {7E853D72-626A-48EC-A868-BA8D5E23E045} (Success) HKLM\SYSTEM\CurrentControlSet\Services\NBService NBService Nero AG C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Success) HKLM\SYSTEM\CurrentControlSet\Services\LightScribeService LightScribeService Direct Disc Labeling Service Hewlett-Packard Company C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Success) HKLM\SYSTEM\CurrentControlSet\Services\catchme catchme C:\Users\admin\AppData\Local\Temp\catchme.sys (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ActiveDirectory Folder (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Sam Account Folder (Success) HKLM\SYSTEM\CurrentControlSet\Services\UleadBurningHelper Ulead Burning Helper Ulead Systems, Inc. C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks {AEB6717E-7E19-11d0-97EE-00C04FD91972} (Success) HKLM\Software\Classes\Protocols\Handler\ms-itss Microsoft Infotech Storage Protocol for IE 4.0 Microsoft Corporation C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Adobe PDF Reader Adobe Systems Incorporated C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Run LaunchAp C:\Program Files\Launch Manager\LaunchAp.exe (Success) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} Research Microsoft Corporation C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Success) C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup desktop.ini C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini (Success) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup desktop.ini C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini (Success) HKLM\Software\Classes\Protocols\Handler\ms-help HxProtocol Class Microsoft Corporation C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved .cab or .zip files (Success) HKLM\SYSTEM\CurrentControlSet\Services\IpInIp IP in IP Tunnel Driver C:\Windows\System32\DRIVERS\ipinip.sys (Success) HKLM\SYSTEM\CurrentControlSet\Services\Hotkey Hotkey C:\Windows\system32\drivers\Hotkey.sys (Success) HKLM\SYSTEM\CurrentControlSet\Services\odserv Microsoft Office Diagnostics Service Microsoft Corporation C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Success) HKLM\Software\Classes\Protocols\Handler\msnim msnim Microsoft Corporation C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Microsoft Office HTML Icon Handler Microsoft Corporation C:\Program Files\Microsoft Office\Office12\msohevi.dll (Success) HKLM\SYSTEM\CurrentControlSet\Services\avipbb avipbb Avira GmbH C:\Windows\System32\DRIVERS\avipbb.sys (Success) HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Windows Search Shell Service (Success) HKLM\SYSTEM\CurrentControlSet\Services\usnjsvc Messenger USN Journal Reader-Service für freigegebene Ordner Microsoft Corporation C:\Program Files\MSN Messenger\usnsvc.exe (Success) HKLM\SYSTEM\CurrentControlSet\Services\AntiVirSchedulerService Avira AntiVir Planer Avira GmbH C:\Program Files\Avira\AntiVir Desktop\sched.exe Geändert von bina (28.08.2010 um 13:08 Uhr) |
28.08.2010, 13:15 | #25 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor eingefangen Was hast Du da alles gelöscht?? Alle von Dir zitierten EInträge???
__________________ Logfiles bitte immer in CODE-Tags posten |
28.08.2010, 13:16 | #26 |
| Antimalware Doctor eingefangen die hats gelöscht als ich das was du mir geschrieben hast angekreiuzt habe, statt entfernt - ach scheiße bin sogar zum lesen zu blöd ... super. soll ich die systemwiederherstellung machen? - es gibt nen punkt von heute, wegen den updates.... |
28.08.2010, 13:26 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Antimalware Doctor eingefangen Du solltest nur den Eintrag mit mailkmd wegmachen! Probier die Systemwiederherstellung.
__________________ Logfiles bitte immer in CODE-Tags posten |
28.08.2010, 13:41 | #28 |
| Antimalware Doctor eingefangen ich weiß doch... könnt mich ja selbst auf den mond schiessen... systemwiederherstellung scheint geklppt zu haben.... hier das neueste osam log (geh ich richtig in der annahme, dass ich mailkmd wegmachen soll?) OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 14:39:50 on 28.08.2010 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\admin\AppData\Local\Temp\catchme.sys (File not found) "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\Windows\System32\drivers\iviaspi.sys "mailKmd" (mailKmd) - ? - C:\Windows\system32\drivers\mailKmd.sys (File not found) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe" "LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "Wbutton" - ? - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Hofer Foto Service\Common\Database\bin\fbserver.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Program Files\MSN Messenger\usnsvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe ===[ Logfile end ]=========================================[ Logfile end ]=== |
28.08.2010, 19:13 | #30 |
| Antimalware Doctor eingefangen oja... grooooßes Glück also hier der report (Failed) Cannot find object seltsam oder? hab grad noch nen log gemacht, und das is es auch nicht mehr drinnen - gut oder schlecht? OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:12:02 on 28.08.2010 OS: Windows Vista Home Premium Edition (Build 6000), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.8 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "catchme" (catchme) - ? - C:\Users\admin\AppData\Local\Temp\catchme.sys (File not found) "Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\Windows\System32\drivers\iviaspi.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\MSN Messenger\msnmsgr.exe" /background -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe" "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe" "LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe" "NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "Wbutton" - ? - "C:\Program Files\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Hofer Foto Service\Common\Database\bin\fbserver.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe "Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Program Files\MSN Messenger\usnsvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Ulead Burning Helper" (UleadBurningHelper) - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe "WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe ===[ Logfile end ]=========================================[ Logfile end ]=== |
Themen zu Antimalware Doctor eingefangen |
antimalware, antivir, außen, avira, avira antivir, daten, einfach, eingefangen, entdeck, entdeckt, erkennen, gen, heute, malwarebytes, neu, nicht mehr, recovery, recovery cd, rescue, scan, stunden, system, threads, versucht, vista |