FIREFOX und IE8 stürzen ab oder Vista fährt herunter. (JAVA/Agent.M.1?)

Eldrick

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 09:17:39 on 06.09.2010
OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Control Panel Objects
HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls
|||||| "mlcfg32.cpl" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL File exists
|||||| "QuickTime" "Apple Inc." C:\Program Files\QuickTime\QTSystem\QuickTime.cpl File exists
"ToSysCnf" "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToSysCnf.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
"catchme" (catchme) C:\Users\flynico\AppData\Local\Temp\catchme.sys File not found
"IP in IP Tunnel Driver" (IpInIp) C:\Windows\System32\DRIVERS\ipinip.sys File not found
"IPX Traffic Filter Driver" (NwlnkFlt) C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
"IPX Traffic Forwarder Driver" (NwlnkFwd) C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
|||||| "MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS File exists
|||||| "NetGroup Packet Filter Driver" (NPF) "CACE Technologies" C:\Windows\System32\drivers\npf.sys File exists
"pwldyfog" (pwldyfog) C:\Users\flynico\AppData\Local\Temp\pwldyfog.sys Hidden registry entry, rootkit activity | File not found
|||||| "ssmdrv" (ssmdrv) "Avira GmbH" C:\Windows\System32\DRIVERS\ssmdrv.sys File exists
Explorer
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|||||| {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL File exists
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" File not found | COM-object registry key not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" File not found | COM-object registry key not found
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" File not found | COM-object registry key not found
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" File not found | COM-object registry key not found
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" File not found | COM-object registry key not found
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" File not found | COM-object registry key not found
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" File not found | COM-object registry key not found
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" C:\Program Files\Microsoft Office\Office12\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" "Broadcom Corporation." C:\Windows\system32\btncopy.dll File exists
|||||| {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll File exists
|||||| {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll File exists
|||||| {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll File exists
|||||| {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll File exists
|||||| {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL File exists
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" File not found | COM-object registry key not found
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" File not found | COM-object registry key not found
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" File not found | COM-object registry key not found
|||||| {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll File exists
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" File not found | COM-object registry key not found
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" C:\Program Files\WinRAR\rarext.dll File found, but it contains no detailed information
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "Java Plug-in 1.6.0_03"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||| {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2iexp.dll File exists
|||||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\npjpi160_21.dll File exists
|||||| {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control"
hxxp://download.eset.com/special/eos/OnlineScanner.cab "Eset" C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||||| "@btrez.dll,-4015" C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" "Adobe Systems Incorporated" C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File exists
{9B4DF450-DCC7-4B07-935D-0CD757A64583} "CatcherBHO Class" C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." C:\Program Files\Java\jre6\bin\jp2ssv.dll File exists
Logon
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\Users\flynico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup
|||||| "desktop.ini" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "StartCCC" C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File found, but it contains no detailed information
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
"StartupPrograms" rdpclip File not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "LanguageShortcut" "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" File exists
|||||| " Malwarebytes Anti-Malware (reboot)" "Malwarebytes Corporation" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File exists
|||| "PDFPrint" "Geek Software GmbH" C:\Program Files\pdf24\pdf24.exe File exists
|||| "RemoteControl" "Cyberlink Corp." "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File exists
"ToADiMon.exe" "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Redirected Port" C:\Windows\system32\redmonnt.dll File found, but it contains no detailed information
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists
|||||| "Bluetooth Service" (btwdins) "Broadcom Corporation." C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe File exists
|||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." C:\Program Files\Bonjour\mDNSResponder.exe File exists
|||||| "Cyberlink RichVideo Service(CRVS)" (RichVideo) C:\Program Files\CyberLink\Shared Files\RichVideo.exe File exists
"iPod-Dienst" (iPod Service) "C:\Program Files\iPod\bin\iPodService.exe" File not found
|||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "PnkBstrA" (PnkBstrA) C:\Windows\system32\PnkBstrA.exe File found, but it contains no detailed information
|||||| "Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) "CACE Technologies" C:\Program Files\WinPcap\rpcapd.exe File exists
|||| "Samsung Update Plus" (Samsung Update Plus) C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe File found, but it contains no detailed information
|||||| "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) "Microsoft Corporation" C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe File exists
|||||| "SQL Server VSS Writer" (SQLWriter) "Microsoft Corporation" C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." C:\Program Files\Bonjour\mdnsNSP.dll File exists