OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:48:30 on 16.06.2011

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys
"catchme" (catchme) - ? - C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys  (File not found)
"Driver for MagicISO SCSI Host Controller" (mcdbus) - ? - C:\Windows\System32\DRIVERS\mcdbus.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"Hecfdiacc" (Hecfdiacc) - ? - C:\Windows\system32\drivers\Hecfdiacc.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - ? - C:\Windows\system32\drivers\mbam.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"npkcrypt" (npkcrypt) - ? - D:\Ragnarok\npkcrypt.sys  (File not found)
"SCSK4 Driver Service" (scsk4) - "SoftCamp Co., Inc." - C:\Windows\System32\drivers\scsk4.sys
"Virtual CD-ROM Device Driver" (vcdrom) - ? - C:\Users\Michael Wehrmann\Desktop\diablo 2\VCdRom.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_14.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{DAF7E6E6-D53A-439A-B28D-12271406B8A9} "RIM AxLoader" - "Research In Motion Limited." - C:\Windows\Downloaded Program Files\axloader.dll / hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Michael Wehrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe LM Service" (Adobe LM Service) - ? - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"BMI over [MSAFD-Tcpip [RAW/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
"BMI over [MSAFD-Tcpip [TCP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
"BMI over [MSAFD-Tcpip [UDP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: FUJITSU SIEMENS
BIOS Manufacturer: Phoenix
System Manufacturer: FUJITSU SIEMENS
System Product Name: AMILO Li3710
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 141):
0x8244E000 \SystemRoot\system32\ntkrnlpa.exe
0x8241B000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80472000 \SystemRoot\system32\PSHED.dll
0x80483000 \SystemRoot\system32\BOOTVID.dll
0x8048B000 \SystemRoot\system32\CLFS.SYS
0x804CC000 \SystemRoot\system32\CI.dll
0x80606000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80682000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068F000 \SystemRoot\system32\drivers\acpi.sys
0x806D5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DE000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E6000 \SystemRoot\system32\drivers\pci.sys
0x8070D000 \SystemRoot\System32\drivers\partmgr.sys
0x8071C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071F000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80729000 \SystemRoot\system32\drivers\volmgr.sys
0x80738000 \SystemRoot\System32\drivers\volmgrx.sys
0x80782000 \SystemRoot\System32\drivers\mountmgr.sys
0x80792000 \SystemRoot\system32\drivers\atapi.sys
0x8079A000 \SystemRoot\system32\drivers\ataport.SYS
0x807B8000 \SystemRoot\system32\drivers\msahci.sys
0x807C2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x805AC000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D0000 \SystemRoot\system32\drivers\fileinfo.sys
0x82A05000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A76000 \SystemRoot\system32\drivers\ndis.sys
0x82B81000 \SystemRoot\system32\drivers\msrpc.sys
0x82BAC000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A000000 \SystemRoot\System32\drivers\tcpip.sys
0x8A0E9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A206000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A315000 \SystemRoot\system32\drivers\volsnap.sys
0x8A34E000 \SystemRoot\System32\Drivers\spldr.sys
0x8A356000 \SystemRoot\System32\Drivers\mup.sys
0x8A365000 \SystemRoot\System32\drivers\ecache.sys
0x8A38C000 \SystemRoot\system32\drivers\disk.sys
0x8A39D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A3BE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3C7000 \SystemRoot\system32\drivers\BMLoad.sys
0x8A3EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A104000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8DA03000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8E0E7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E186000 \SystemRoot\System32\drivers\watchdog.sys
0x8E193000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8E19E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E1DC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E1EB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A10D000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8A12F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A142000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A14D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A158000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A170000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A3FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A17F000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A188000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A1B6000 \SystemRoot\system32\DRIVERS\storport.sys
0x82BE6000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A1F7000 \SystemRoot\System32\Drivers\RootMdm.sys
0x82BF1000 \SystemRoot\system32\drivers\modem.sys
0x807E0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x805DE000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E20B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E22E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E23D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E251000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E266000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8E26B000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8E272000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E282000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E284000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E2AE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E2B8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E2C5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E2F9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E409000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8E629000 \SystemRoot\system32\drivers\portcls.sys
0x8E656000 \SystemRoot\system32\drivers\drmk.sys
0x8E67B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E684000 \SystemRoot\System32\Drivers\Null.SYS
0x8E68B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E69B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E6A2000 \SystemRoot\System32\drivers\vga.sys
0x8E6AE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E6CF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E6D7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E6DF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E6EA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E6F8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E701000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E717000 \SystemRoot\System32\Drivers\tcpipBM.SYS
0x8E71C000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E730000 \SystemRoot\system32\drivers\afd.sys
0x8E778000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E7AA000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8E7B3000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E7C9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E7D7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E315000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E7EA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E351000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E368000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8E7F4000 \SystemRoot\system32\drivers\USBD.SYS
0x8E7F6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E37C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E400000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8E38C000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
0x8FA03000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8FA3E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8FA4B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8FA56000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x81AA0000 \SystemRoot\System32\win32k.sys
0x8FA60000 \SystemRoot\System32\drivers\Dxapi.sys
0x8FA6A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81CC0000 \SystemRoot\System32\TSDDD.dll
0x81CE0000 \SystemRoot\System32\cdd.dll
0x8FA79000 \SystemRoot\system32\drivers\luafv.sys
0x8FA94000 \SystemRoot\system32\drivers\spsys.sys
0x8FB43000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8FB53000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8FB7D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8FB87000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA9401000 \SystemRoot\system32\drivers\HTTP.sys
0xA946E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA948B000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA94A4000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA94B9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA94D8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA9511000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA9529000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA9550000 \SystemRoot\System32\DRIVERS\srv.sys
0xA959C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xAE40E000 \SystemRoot\system32\drivers\peauth.sys
0xAE4EC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE4F6000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE502000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xAE507000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x76F60000 \Windows\System32\ntdll.dll

Processes (total 38):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
544 csrss.exe
588 C:\Windows\System32\wininit.exe
600 csrss.exe
632 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
744 C:\Windows\System32\winlogon.exe
852 C:\Windows\System32\svchost.exe
916 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1112 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1184 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\audiodg.exe
1284 C:\Windows\System32\SLsvc.exe
1316 C:\Windows\System32\svchost.exe
1484 C:\Windows\System32\svchost.exe
1732 C:\Windows\System32\spoolsv.exe
1756 C:\Windows\System32\svchost.exe
2012 C:\Windows\System32\dwm.exe
2040 C:\Windows\System32\taskeng.exe
304 C:\Windows\explorer.exe
300 C:\Windows\System32\hkcmd.exe
1028 C:\Windows\System32\igfxpers.exe
1596 C:\Windows\System32\PnkBstrA.exe
2052 C:\Windows\System32\svchost.exe
2228 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
2380 C:\Windows\System32\igfxsrvc.exe
2940 C:\Windows\System32\alg.exe
192 C:\Windows\System32\taskeng.exe
2028 C:\Program Files\Mozilla Firefox\firefox.exe
3704 C:\Program Files\Mozilla Firefox\plugin-container.exe
2752 C:\Users\Michael Wehrmann\Desktop\osam_autorun_manager_5_0_portable\osam.exe
3112 C:\Users\Michael Wehrmann\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`32900000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`78900000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-22UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Zitat:

"Hecfdiacc" (Hecfdiacc) - ? - C:\Windows\system32\drivers\Hecfdiacc.sys (File not found)
"npkcrypt" (npkcrypt) - ? - D:\Ragnarok\npkcrypt.sys (File not found)

Bitte mit OSAM deaktivieren und löschen

erledigt.

hier neuer log

OSAM Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:55:03 on 16.06.2011

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys
"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys
"catchme" (catchme) - ? - C:\Users\MICHAE~1\AppData\Local\Temp\catchme.sys  (File not found)
"Driver for MagicISO SCSI Host Controller" (mcdbus) - ? - C:\Windows\System32\DRIVERS\mcdbus.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - ? - C:\Windows\system32\drivers\mbam.sys  (File not found)
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbamswissarmy.sys
"SCSK4 Driver Service" (scsk4) - "SoftCamp Co., Inc." - C:\Windows\System32\drivers\scsk4.sys
"Virtual CD-ROM Device Driver" (vcdrom) - ? - C:\Users\Michael Wehrmann\Desktop\diablo 2\VCdRom.sys  (File not found)
(Disabled) "Hecfdiacc" (Hecfdiacc) - ? - C:\Windows\system32\drivers\Hecfdiacc.sys  (File not found)
(Disabled) "npkcrypt" (npkcrypt) - ? - D:\Ragnarok\npkcrypt.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_14" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_14.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
{DAF7E6E6-D53A-439A-B28D-12271406B8A9} "RIM AxLoader" - "Research In Motion Limited." - C:\Windows\Downloaded Program Files\axloader.dll / hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Michael Wehrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe LM Service" (Adobe LM Service) - ? - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"BMI over [MSAFD-Tcpip [RAW/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
"BMI over [MSAFD-Tcpip [TCP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll
"BMI over [MSAFD-Tcpip [UDP/IP]]" - "Bytemobile, Inc." - C:\Windows\system32\bmnet.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

erstmal mbam log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6886

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

18.06.2011 15:50:44
mbam-log-2011-06-18 (15-50-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 321068
Laufzeit: 56 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ich bitte noch um ein wenig geduld für die nächsten scans, sie kommen asap

mittlerweile alles okay und nochmals danke für die hilfe damals. ich bitte nun, den thread zu löschen! vielen dank.

Nein, wir löschen hier keine Stränge

okay, das verstehe ich. kann ich meinen namen aus den logs austragen?

http://www.trojaner-board.de/108422-...-anfragen.html

Wenn genug Zeit da ist, wird sich DaGuru für dich darum kümmern - aber eigentlich ist es nicht unsere Aufgabe nachträglich die Namen zu editieren! Es war DEINE Aufgabe die Logs entsprechend richtig zu editieren und dann erst zu posten!

alles klar. falls es noch klappen sollte, danke ich jedenfalls. machs gut!