Trojaner-Board - Backdoor via Antivir entdeckt: BDS.Poison.ifn

Hier der neue Bericht von OSAM:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 08:18:03 on 31.05.2010
 

OS: Windows Server 2003, Standard Edition Service Pack 2 (Build 3790)

Default Browser: Mozilla Corporation Firefox 3.6.3
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"Projekt.job" - "MySQL AB" - C:\Programme\MySQL\MySQL Tools for 5.0\MySQLAdministrator.exe

"TrayBackup Dienstag.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe

"TrayBackup Donnerstg.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe

"traybackup Freitag.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe

"TrayBackup Mittwoch.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe

"TrayBackup Montag.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe

"TrayBackup täglich.job" - "(C) Michael Schiel" - C:\PROGRA~1\TRAYBA~1\traybackup.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir für KEN! " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"SMAX3CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax3CP.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"AVM KEN Internet" (KEN) - "AVM Berlin" - C:\WINDOWS\System32\DRIVERS\KEN.sys

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"detakg" (detakg) - ? - C:\WINDOWS\System32\drivers\brnptmk.sys  (File not found)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"IP/IP-Tunneltreiber" (IpInIp) - ? - C:\WINDOWS\System32\DRIVERS\ipinip.sys  (File not found)

"MEMSWEEP2" (MEMSWEEP2) - ? - C:\WINDOWS\system32\2F.tmp  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"vncdrv" (vncdrv) - "RDV Soft" - C:\WINDOWS\System32\DRIVERS\vncdrv.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

(Disabled) "bdxty" (bdxty) - ? - C:\WINDOWS\System32\drivers\xqeaviru.sys  (File found, but it contains no detailed information)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{88895560-9AA2-1069-930E-00AA0030EBC8} "Erweiterung für HyperTerminal-Icons" - ? - hticons.dll  (File not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll

{E54B19BC-69B6-43B2-A1F2-15BBC1D72C93} "wodShellMenu" - "WeOnlyDo! COM" - C:\WINDOWS\system32\wodShellMenu.dll
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
 

[Known DLLs]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----

"wow64" - ? - C:\WINDOWS\system32\wow64.dll  (File not found)

"wow64cpu" - ? - C:\WINDOWS\system32\wow64cpu.dll  (File not found)

"wow64win" - ? - C:\WINDOWS\system32\wow64win.dll  (File not found)
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini

"Verknüpfung mit KMFtp.exe.lnk" - "KONICA MINOLTA BUSINESS TECHNOLOGIES, INC." - D:\install\tools\KONICA MINOLTA\FTP Utility\KMFtp.exe  (Shortcut exists | File exists)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"CS License Server Monitor" - "SoftGold" - C:\Programme\Soft Gold\CS Floating License Server\CS_LicSrvMonitor.exe

"KEN Taskbar Service" - "AVM Berlin" - "C:\Programme\KEN!\kentbsrv.exe"

"Popup" - "LSI" - "C:\Programme\RAID Web Console 2\MegaPopup\Popup.exe"

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir für KEN! Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir für KEN! Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Avira AntiVir für KEN! Service-PC" (AntiVirKENScanService) - "Avira GmbH" - C:\Programme\KEN!\Avira\avesvc.exe

"Avira Internet Update Manager" (IUMService) - "Avira GmbH" - C:\Programme\KEN!\Avira\ium.exe

"AVM KEN" (KEN Service) - "AVM Berlin" - C:\Programme\KEN!\KENSERV.EXE

"CAD Soft Tools Licensing Service" (CSLicenseServer) - "SoftGold" - C:\Programme\Soft Gold\CS Floating License Server\CS_LicenseServer.exe

"Hilfsdienst von SQL Server für Active Directory" (MSSQLServerADHelper) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"MRMonitor" (MegaMonitorSrv) - ? - C:\Programme\RAID Web Console 2\MegaMonitor\mrmonitor.exe  (File found, but it contains no detailed information)

"MySQL" (MySQL) - ? - C:\Programme\MySQL\MySQL Server 5.1\bin\mysqld.exe  (File found, but it contains no detailed information)

"NPLSecure" (NPLSecure) - "Niakwa, Inc." - C:\WINDOWS\system32\NPLSecure.exe

"RWCFramework" (MSMFramework) - ? - C:\Programme\RAID Web Console 2\Framework\VivaldiFramework.exe  (File found, but it contains no detailed information)

"SoundMAX Agent Service" (SoundMAX Agent Service (default)) - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

"SQL Server (MSSQLSERVER)" (MSSQLSERVER) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

"SQL Server (SQLEXPRESS)" (MSSQL$SQLEXPRESS) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

"SQL Server (VVWSOFTWARE)" (MSSQL$VVWSOFTWARE) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe

"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

"STLB-Bau XML V2 2007-10 - HTTP-Server" (HTTPServer_stlbbauxmlv2einzelserver_07_10) - "www.AW-SyStems.net" - C:\Programme\STLB-Bau\STLB-Bau XML V2 - SE\HTTPServer\HttpServer.Service.exe

"STLB-Bau XML V2 2007-10 - XML-Server" (XMLServer_stlbbauxmlv2einzelserver_07_10) - "www.AW-SyStems.net" - C:\Programme\STLB-Bau\STLB-Bau XML V2 - SE\XMLServer\XMLServer.Service.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)
 

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru