| randomname | 27.07.2010 19:13 |
hab gmer jetzt 2x mal versucht, beim ersten mal hat sich der bildschirmschoner angeschalten(worauf die benutzerauswahl erscheint(standby?)) und der pc bei der ersten mausbewegung aufgehängt, beim 2. mal lief er ca. 2std. bis jemand anderes an den pc ist um den benutzer zu wechseln (wusste nichts vom scan:/)->selbes resultat..
soll ichs nochmal versuchen (wobei der scan ewig dauert) oder nen screenshot von den aufgelisteten zeilen machen, die sich seit den ersten minuten nicht verändert haben oder ist gmer nicht so wichtig?
starte jetzt erstmal osam, falls gmer nicht zuerst abgeschlossen sein sollte
osam log: Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:18:40 on 27.07.2010
OS: Windows XP Home Edition Service Pack 2 (Build 2600)
Default Browser: Opera Software Opera Internet Browser 10.60
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\ARCHIV~1\Avira\ANTIVI~1\avconfig.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ati2mtag" (ati2mtag) - "ATI Technologies Inc." - C:\WINDOWS\System32\DRIVERS\ati2mtag.sys
"avgio" (avgio) - "Avira GmbH" - C:\Archivos de programa\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOCUME~1\***\CONFIG~1\Temp\catchme.sys (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found)
"LBeepKE" (LBeepKE) - "Logitech, Inc." - C:\WINDOWS\System32\Drivers\LBeepKE.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found)
"PnkBstrK" (PnkBstrK) - ? - C:\WINDOWS\system32\drivers\PnkBstrK.sys (File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys (File signed by Microsoft | File found, but it contains no detailed information)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found)
[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Archivos de programa\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FBF23B40-E3F0-101B-8488-00AA003E56F8} "Acceso directo a Internet" - ? - C:\WINDOWS\system32\ieframe.dll (File not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Extensiones del shell para compresión de archivos" - ? - (File not found | COM-object registry key not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Extensión de paneo de pantalla del Panel de control" - ? - deskpan.dll (File not found)
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Archivos de programa\Logitech\SetPoint\kbcplext.dll
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Archivos de programa\Logitech\SetPoint\mcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Menú de contexto de cifrado" - ? - (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Archivos de programa\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Archivos de programa\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Archivos de programa\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Archivos de programa\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Archivos de programa\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Archivos de programa\WinRAR\rarext.dll
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Archivos de programa\DVDVideoSoftTB\tbDVD1.dll
<binary data> "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Archivos de programa\DVDVideoSoft\tbDVD1.dll
<binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Archivos de programa\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Archivos de programa\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Archivos de programa\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Archivos de programa\DVDVideoSoftTB\tbDVD1.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Archivos de programa\DVDVideoSoft\tbDVD1.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Archivos de programa\DVDVideoSoftTB\tbDVD1.dll
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} "DVDVideoSoftTB Toolbar" - "Conduit Ltd." - C:\Archivos de programa\DVDVideoSoft\tbDVD1.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[Logon]
-----( %AllUsersProfile%\Menú Inicio\Programas\Inicio )-----
"Adobe Reader Speed Launch.lnk" - "Adobe Systems Incorporated" - C:\Archivos de programa\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Archivos de programa\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists)
-----( %UserProfile%\Menú Inicio\Programas\Inicio )-----
"desktop.ini" - ? - C:\Documents and Settings\***\Menú Inicio\Programas\Inicio\desktop.ini
"etmin.exe" - ? - C:\Documents and Settings\***\Menú Inicio\Programas\Inicio\etmin.exe (File found, but it contains no detailed information)
"Logitech . Produktregistrierung.lnk" - "Leader Technologies/Logitech" - C:\Archivos de programa\Archivos comunes\Logishrd\eReg\SetPoint\eReg.exe (Shortcut exists | File exists)
"OpenOffice.org 3.2.lnk" - ? - C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Miranda Fusion" - "Miranda Fusion Team" - C:\Archivos de programa\MirandaFusion\mfstart.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ATICustomerCare" - "Advanced Micro Devices, Inc." - "C:\Archivos de programa\ATI\ATICustomerCare\ATICustomerCare.exe"
"avgnt" - "Avira GmbH" - "C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"StartCCC" - ? - C:\Archivos de programa\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Administración de aplicaciones" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Ati HotKey Poller" (Ati HotKey Poller) - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.exe
"ATI Smart" (ATI Smart) - ? - C:\WINDOWS\system32\ati2sgag.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
"ForceWare IP service" (nSvcIp) - "NVIDIA Corporation" - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
"ForceWare user log service" (nSvcLog) - "NVIDIA Corporation" - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
"Forceware Web Interface" (ForcewareWebInterface) - "Apache Software Foundation" - C:\Archivos de programa\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Archivos de programa\Java\jre6\bin\jqs.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Archivos de programa\Archivos comunes\Logishrd\Bluetooth\LBTServ.exe
"PnkBstrA" (PnkBstrA) - ? - C:\WINDOWS\system32\PnkBstrA.exe (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\WINDOWS\system32\PnkBstrB.exe (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Instalación de software" - ? - appmgmts.dll (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"AtiExtEvent" - "ATI Technologies Inc." - C:\WINDOWS\system32\Ati2evxx.dll
"LBTWlgn" - "Logitech, Inc." - c:\archivos de programa\archivos comunes\logishrd\bluetooth\LBTWlgn.dll
===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
bootkit remover: http://i28.tinypic.com/2yjr6z4.jpg
beim ersten start (am tag als ich dieses thema eröffnet hatte) hab ich den fix ausführen müssen, seitdem hab ich nun 2x OK bekommen
wie gesagt, gmer kann ich auch nochmal versuchen wenn nötig..
oder wie sieht es von den bisher geposteten sachen aus und soll ich noch weitere programme drüberlaufen lassen? |
