Report of OSAM: Autorun Manager v5.0.11926.0
http://www.online-solutions.ru/en/
Saved at 22:54:30 on 23.03.2012
| Risk | Name | Publisher | Full Path | Status | |
|---|---|---|---|---|---|
| Control Panel Objects | |||||
| %SystemRoot%\system32 | |||||
| |||||| | "FlashPlayerCPLApp.cpl" | "Adobe Systems Incorporated" | C:\WINDOWS\system32\FlashPlayerCPLApp.cpl | File exists | |
| |||||| | "infocardcpl.cpl" | "Microsoft Corporation" | C:\WINDOWS\system32\infocardcpl.cpl | File exists | |
| |||||| | "javacpl.cpl" | "Sun Microsystems, Inc." | C:\WINDOWS\system32\javacpl.cpl | File exists | |
| HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls | |||||
| |||||| | "QuickTime" | "Apple Inc." | C:\Program Files\QuickTime\QTSystem\QuickTime.cpl | File exists | |
| Drivers | |||||
| HKLM\SYSTEM\CurrentControlSet\Services | |||||
| |||||| | "AEGIS Protocol (IEEE 802.1x) v3.4.9.0" (AegisP) | "Meetinghouse Data Communications" | C:\WINDOWS\System32\DRIVERS\AegisP.sys | File exists | |
| |||||| | "antr4qsd" (antr4qsd) | "Microsoft Corporation" | C:\WINDOWS\system32\drivers\antr4qsd.sys | Hidden registry entry, rootkit activity | File signed by Microsoft | |
| "Changer" (Changer) | C:\WINDOWS\system32\drivers\Changer.sys | File not found | |||
| "i2omgmt" (i2omgmt) | C:\WINDOWS\system32\drivers\i2omgmt.sys | File not found | |||
| "lbrtfdc" (lbrtfdc) | C:\WINDOWS\system32\drivers\lbrtfdc.sys | File not found | |||
| |||||| | "MBAMProtector" (MBAMProtector) | "Malwarebytes Corporation" | C:\WINDOWS\system32\drivers\mbam.sys | File exists | |
| "PCIDump" (PCIDump) | C:\WINDOWS\system32\drivers\PCIDump.sys | File not found | |||
| "PDCOMP" (PDCOMP) | C:\WINDOWS\system32\drivers\PDCOMP.sys | File not found | |||
| "PDFRAME" (PDFRAME) | C:\WINDOWS\system32\drivers\PDFRAME.sys | File not found | |||
| "PDRELI" (PDRELI) | C:\WINDOWS\system32\drivers\PDRELI.sys | File not found | |||
| "PDRFRAME" (PDRFRAME) | C:\WINDOWS\system32\drivers\PDRFRAME.sys | File not found | |||
| |||||| | "PxHelp20" (PxHelp20) | "Sonic Solutions" | C:\WINDOWS\System32\Drivers\PxHelp20.sys | File exists | |
| |||||| | "sptd" (sptd) | "Duplex Secure Ltd." | C:\WINDOWS\System32\Drivers\sptd.sys | File is exclusively opened, access blocked | |
| "WDICA" (WDICA) | C:\WINDOWS\system32\drivers\WDICA.sys | File not found | |||
| |||||| | "Драйвер протокола TCP/IP" (Tcpip) | "Microsoft Corporation" | C:\WINDOWS\System32\DRIVERS\tcpip.sys | File exists | |
| |||||| | "Транспорт беспроводной сети" (s24trans) | "Intel Corporation" | C:\WINDOWS\System32\DRIVERS\s24trans.sys | File exists | |
| Explorer | |||||
| HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components | |||||
| |||||| | {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" | "Microsoft Corporation" | C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install | File exists | |
| HKLM\Software\Classes\Folder\shellex\ColumnHandlers | |||||
| |||||| | {8EF5DC20-419C-4E43-A088-DE5B5625CA47} "CDR Column Provider" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" | "Adobe Systems, Inc." | C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll | File exists | |
| HKLM\Software\Classes\Protocols\Filter | |||||
| |||||| | {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" | "Microsoft Corporation" | C:\WINDOWS\system32\mscoree.dll | File exists | |
| |||||| | {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" | "Microsoft Corporation" | C:\WINDOWS\system32\mscoree.dll | File exists | |
| |||||| | {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" | "Microsoft Corporation" | C:\WINDOWS\system32\mscoree.dll | File exists | |
| |||||| | {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" | "Microsoft Corporation" | C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL | File exists | |
| HKLM\Software\Classes\Protocols\Handler | |||||
| |||||| | {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" | "Microsoft Corporation" | C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL | File exists | |
| HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved | |||||
| |||||| | {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" | "Igor Pavlov" | C:\Program Files\7-Zip\7-zip.dll | File exists | |
| |||||| | {DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {F9633464-9E18-4C06-9D3A-E131C036A9FA} "CDR Property Handler" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {7DDDBFE0-09C4-4680-9E13-8CE7D00EDE57} "CDR Property Sheet" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {7DDDBFE2-09C4-4680-9E13-8CE7D00EDE57} "CMX Property Sheet" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {F9633465-9E18-4C06-9D3A-E131C036A9FA} "CPT Property Handler" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {7DDDBFE1-09C4-4680-9E13-8CE7D00EDE57} "CPT Property Sheet" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" | "Corel Corporation" | c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll | File exists | |
| |||||| | {B089FE88-FB52-11D3-BDF1-0050DA34150D} "ESET Smart Security - Context Menu Shell Extension" | "ESET" | C:\Program Files\ESET\ESET Smart Security\shellExt.dll | File exists | |
| |||||| | {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" | "Microsoft Corporation" | C:\WINDOWS\system32\mscoree.dll | File exists | |
| |||||| | {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" | "Microsoft Corporation" | C:\Program Files\Microsoft Office\OFFICE11\msohev.dll | File exists | |
| |||||| | {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" | "Microsoft Corporation" | C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll | File exists | |
| |||||| | {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" | "Microsoft Corporation" | C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll | File exists | |
| |||||| | {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" | "Microsoft Corporation" | C:\WINDOWS\system32\dfshim.dll | File exists | |
| |||||| | {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" | "Microsoft Corporation" | C:\WINDOWS\system32\dfshim.dll | File exists | |
| |||||| | {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" | C:\Program Files\Unlocker\UnlockerCOM.dll | File found, but it contains no detailed information | ||
| |||||| | {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" | C:\Program Files\WinRAR\rarext.dll | File found, but it contains no detailed information | ||
| |||||| | {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Веб-папки" | "Microsoft Corporation" | C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL | File exists | |
| {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Контекстное меню шифрования" | File not found | COM-object registry key not found | ||||
| {42071714-76d4-11d1-8b24-00a0c9068ff3} "Расширение CPL панорамирования дисплея" | File not found | COM-object registry key not found | ||||
| {764BF0E1-F219-11ce-972D-00AA00A14F56} "Расширения оболочки для сжатия файлов" | File not found | COM-object registry key not found | ||||
| Internet Explorer | |||||
| HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | |||||
| File not found | COM-object registry key not found | |||||
| File not found | COM-object registry key not found | |||||
| HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks | |||||
| {83821C2B-32A8-4DD7-B6D4-44309A78E668} "{83821C2B-32A8-4DD7-B6D4-44309A78E668}" | C:\Program Files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll | File not found | |||
| HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units | |||||
| |||| | {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab |
"Sun Microsystems, Inc." | C:\Program Files\Java\jre6\bin\npjpi160_26.dll | File exists | |
| |||| | {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab |
"Sun Microsystems, Inc." | C:\Program Files\Java\jre6\bin\npjpi160_26.dll | File exists | |
| |||| | {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab |
"Sun Microsystems, Inc." | C:\Program Files\Java\jre6\bin\npjpi160_26.dll | File exists | |
| HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions | |||||
| |||| | "Mail.Ru Агент" | "Mail.Ru" | C:\Program Files\Mail.Ru\Agent\magent.exe | File exists | |
| |||| | {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Справочные материалы" | "Microsoft Corporation" | C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL | File exists | |
| HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects | |||||
| |||||| | {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" | "Adobe Systems Incorporated" | C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll | File exists | |
| || | {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} "AlterGeoBHO Class" | "Wi2Geo" | C:\Program Files\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll | File exists | |
| |||| | {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" | "Sun Microsystems, Inc." | C:\Program Files\Java\jre6\bin\jp2ssv.dll | File exists | |
| |||| | {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" | "Sun Microsystems, Inc." | C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll | File exists | |
| Logon | |||||
| %AllUsersProfile%\Главное меню\Программы\Автозагрузка | |||||
| |||||| | "desktop.ini" | C:\Documents and Settings\All Users\Главное меню\Программы\Автозагрузка\desktop.ini | File exists | ||
| %UserProfile%\Главное меню\Программы\Автозагрузка | |||||
| |||||| | "desktop.ini" | C:\Documents and Settings\Huaynaputina\Главное меню\Программы\Автозагрузка\desktop.ini | File exists | ||
| HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | |||||
| |||| | "Punto Switcher" | "Punto.Ru" | C:\Program Files\Punto Switcher\ps.exe | File exists | |
| HKLM\Software\Microsoft\Windows\CurrentVersion\Run | |||||
| |||||| | "egui" | "ESET" | "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice | File exists | |
| |||| | "LManager" | "Dritek System Inc." | C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE | File exists | |
| |||||| | "Malwarebytes' Anti-Malware" | "Malwarebytes Corporation" | "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray | File exists | |
| |||||| | "USB Antivirus" | "Zbshareware Lab" | C:\Program Files\USB Disk Security\USBGuard.exe | File exists | |
| Services | |||||
| HKLM\SYSTEM\CurrentControlSet\Services | |||||
| |||||| | ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) | "Microsoft Corporation" | C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe | File exists | |
| |||||| | "ESET HTTP Server" (EhttpSrv) | "ESET" | C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe | File exists | |
| |||||| | "ESET Service" (ekrn) | "ESET" | C:\Program Files\ESET\ESET Smart Security\ekrn.exe | File exists | |
| |||||| | "FLEXnet Licensing Service" (FLEXnet Licensing Service) | "Macrovision Europe Ltd." | C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe | File exists | |
| |||||| | "MBAMService" (MBAMService) | "Malwarebytes Corporation" | C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe | File exists | |
| |||||| | "Office Source Engine" (ose) | "Microsoft Corporation" | C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE | File exists | |
| |||||| | "Windows CardSpace" (idsvc) | "Microsoft Corporation" | c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe | File exists | |
| |||||| | "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) | "Microsoft Corporation" | c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe | File exists | |
| |||||| | "Служба состояний ASP.NET" (aspnet_state) | "Microsoft Corporation" | C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe | File exists | |
| Winlogon | |||||
| HKCU\Control Panel\IOProcs | |||||
| "MVB" | mvfs32.dll | File not found | |||
If You have questions or want to get some help, You can visit http://forum.online-solutions.ru