Poslao: 29 Sep 2007 23:48
|
offline
- dubo
- Građanin
- Pridružio: 30 Maj 2006
- Poruke: 122
- Gde živiš: Deutschland
|
E ovako imam jedan problem sa kompjuterom.Skoro mi se poceo sam gasiti i otvara sam stranice.Ponekad kad slusam muziku odjednom nestane tona,ustvari prebaci sam na mute,ili recimo odjednom ode sam na standby ili se ugasi,podize recimo digitron,ili otvara neki drugi program.skenirao sam ga sa dosta programa i bilo je tu recimo nekakvi zaraz aali sam to ocistio i sad nema ali mi se jos cudno ponasa.Evo log,Logfile of HijackThis v1.99.1
Scan saved at 23:33:09, on 29.09.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Eset\nod32krn.exe
C:\Programme\Agnitum\Outpost Firewall\outpost.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Eset\nod32kui.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\MSN Messenger\msnmsgr.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\MSN Messenger\livecall.exe
C:\Dokumente und Einstellungen\M L\Desktop\prc.exe\prc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = google.icq.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von Yahoo! Deutschland
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Programme\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Programme\Agnitum\Outpost Firewall\outpost.exe" /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programme\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programme\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programme\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall der Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - tools.ebayimg.com/eps/wl/activex/eBay_Enhan.....0-3-30.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - der.de/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....5340005968
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programme\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Programme\Agnitum\Outpost Firewall\outpost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
|
|
|
|
Poslao: 30 Sep 2007 19:52
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Jel ti to imas instalirane i KAV (ili KIS) i NOD32?
|
|
|
|
Poslao: 01 Okt 2007 21:44
|
offline
- dubo
- Građanin
- Pridružio: 30 Maj 2006
- Poruke: 122
- Gde živiš: Deutschland
|
Nemam ni kis ni kav,ustvari imao sam kasperski ali sada trenutno koristim nod 32.
|
|
|
|
|
Poslao: 01 Okt 2007 22:38
|
offline
- dubo
- Građanin
- Pridružio: 30 Maj 2006
- Poruke: 122
- Gde živiš: Deutschland
|
Nece nesto ovaj link ,pise Page not found.
|
|
|
|
|
Poslao: 01 Okt 2007 22:57
|
offline
- dubo
- Građanin
- Pridružio: 30 Maj 2006
- Poruke: 122
- Gde živiš: Deutschland
|
Evo nasao sam nakakav pa sam uradio.ComboFix 07-10-02.2 - M L 2007-10-01 22:50:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1031.18.646 [GMT 2:00]
ausgeführt von:: C:\Dokumente und Einstellungen\M L\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Dokumente und Einstellungen\M L\Favoriten\Error Cleaner.url
C:\Dokumente und Einstellungen\M L\Favoriten\Privacy Protector.url
C:\Dokumente und Einstellungen\M L\Favoriten\Spyware&Malware Protection.url
C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
.
((((((((((((((((((((((( Dateien erstellt von 2007-09-02 bis 2007-10-02 ))))))))))))))))))))))))))))))
.
2007-10-01 22:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-30 16:39 95,617 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-09-30 16:39 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-09-30 16:39 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-09-30 16:25 <DIR> d-------- C:\Programme\ATI Technologies
2007-09-29 12:13 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Agnitum Shared
2007-09-29 12:13 <DIR> d-------- C:\Programme\Agnitum
2007-09-28 17:40 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-09-26 19:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee.com
2007-09-26 19:06 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
2007-09-26 18:52 <DIR> d-------- C:\Programme\Goto Software
2007-09-26 18:52 <DIR> d-------- C:\Dokumente und Einstellungen\M L\Anwendungsdaten\VadeRetro
2007-09-26 18:52 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VadeRetro
2007-09-25 17:19 <DIR> d-------- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ATI
2007-09-25 15:09 68 --a------ C:\WINDOWS\GPlrLanc.dat
2007-09-25 15:08 <DIR> d-------- C:\Programme\Metaboli Player
2007-09-25 11:17 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-09-24 16:30 <DIR> d-------- C:\Dokumente und Einstellungen\M L\Anwendungsdaten\SAMSUNG
2007-09-24 16:27 <DIR> d-------- C:\WINDOWS\system32\Samsung PC Studio Codecs
2007-09-24 16:26 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-09-24 16:26 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-09-24 16:26 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-09-24 16:26 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2007-09-24 16:26 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2007-09-24 16:26 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-09-24 16:26 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2007-09-24 16:26 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-09-24 16:26 <DIR> d-------- C:\Programme\Samsung
2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-09-17 20:23 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-09-17 20:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-09-17 20:22 739,840 --a------ C:\WINDOWS\system32\DivX.dll
2007-09-12 01:14 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-11 21:03 <DIR> d-------- C:\Dokumente und Einstellungen\M L\Anwendungsdaten\Comodo
2007-09-11 21:02 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Comodo
2007-09-11 21:01 <DIR> d-------- C:\Programme\Comodo
2007-09-10 11:25 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-10 11:25 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-09-10 11:25 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-07 16:41 <DIR> d-------- C:\Programme\FDRLab
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-01 09:51 --------- d-------- C:\Programme\DC++
2007-09-30 16:39 --------- d--h----- C:\Programme\InstallShield Installation Information
2007-09-30 15:31 --------- d-------- C:\Dokumente und Einstellungen\M L\Anwendungsdaten\ATI
2007-09-29 03:54 --------- d-------- C:\Dokumente und Einstellungen\M L\Anwendungsdaten\Skype
2007-09-28 20:26 --------- d-------- C:\Programme\BitComet
2007-09-28 14:13 --------- d-------- C:\Programme\TuneUp Utilities 2007
2007-09-27 12:18 --------- d-------- C:\Dokumente und Einstellungen\M L\Anwendungsdaten\uTorrent
2007-09-24 21:28 --------- d-------- C:\Programme\DivX
2007-09-10 10:19 --------- d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2007-09-10 08:31 --------- d-------- C:\Programme\AskPBar
2007-09-10 05:17 --------- d-------- C:\Programme\MSN Messenger
2007-09-10 05:01 --------- d-------- C:\Programme\Macrogaming
2007-08-21 02:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-08-21 02:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-08-16 00:33 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-08-16 00:33 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-16 00:33 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-08-16 00:33 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-08-16 00:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-08-16 00:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-08-16 00:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-08-16 00:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-08-16 00:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-08-16 00:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-08-16 00:30 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 01:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-27 01:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-27 01:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15]
"nod32kui"="C:\Programme\Eset\nod32kui.exe" [2007-09-10 11:25]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-01-30 18:26]
"Outpost Firewall"="C:\Programme\Agnitum\Outpost Firewall\outpost.exe" [2006-10-20 14:49]
"OutpostFeedBack"="C:\Programme\Agnitum\Outpost Firewall\feedback.exe" [2006-10-30 16:07]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSSERV"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"Skype"="C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
"InternetCalls"="C:\Programme\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
"Smapp"="C:\Programme\Analog Devices\SoundMAX\SMTray.exe"
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
"ALDI_NORD_FotoSuite_Download"="C:\Programme\ALDI Foto Service Nord\ALDI_Foto_Service\FotoSuite.exe" /autorun
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
R1 SandBox;Outpost Firewall Sandbox Driver;\??\C:\Programme\Agnitum\Outpost Firewall\kernel\Sandbox.SYS
R1 VFILT;Outpost Firewall Kernel Driver;\??\C:\Programme\Agnitum\Outpost Firewall\kernel\FILTNT.SYS
R2 UxTuneUp;TuneUp Designerweiterung;C:\WINDOWS\System32\svchost.exe -k netsvcs
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\ARP.DLL
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\CONTENT.DLL
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\PROTECT.DLL
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\C:\Programme\Agnitum\Outpost Firewall\kernel\SECRET.DLL
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
S0 026308;026308;C:\WINDOWS\system32\drivers\026308.SYS
S1 TRIXX;TRIXX;\??\C:\Programme\TRIXX\TRIXXDriver.sys
S3 AVMUNET;Eumex 300 IP;C:\WINDOWS\system32\DRIVERS\avmunet.sys
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv Tapisrv
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04207898-c6f5-11da-ac00-0013d416332d}]
AutoRun\command- F:\preinst.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11c0aa26-3f5f-11db-bbe2-d48852bf9fdc}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67bcd8d6-e8a3-11da-acda-b4822dc727dd}]
*Newly Created Service* - CATCHME
.
Inhalt des "geplante Tasks" Ordners
"2007-09-28 15:15:48 C:\WINDOWS\Tasks\1-Klick-Wartung.job"
- C:\Programme\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-10-02 22:53:40
Windows 5.1.2600 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostart Einträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\(VFILT)]
.
Zeit der Fertigstellung: 2007-10-02 22:54:51
C:\ComboFix-quarantined-files.txt ... 2007-10-02 22:54
.
--- E O F ---
|
|
|
|
Poslao: 01 Okt 2007 23:02
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Iskopiraj mi i sadrzaj loga snimljenog kao C:\ComboFix-quarantined-files.txt
|
|
|
|
Poslao: 01 Okt 2007 23:08
|
offline
- dubo
- Građanin
- Pridružio: 30 Maj 2006
- Poruke: 122
- Gde živiš: Deutschland
|
2007-09-09 18:11 18250 --a------ C:\Qoobox\Quarantine\C\WINDOWS\rs.txt.vir
2007-09-09 23:21 296 --a------ C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\M L\Favoriten\Error Cleaner.url.vir
2007-09-09 23:21 296 --a------ C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\M L\Favoriten\Privacy Protector.url.vir
2007-09-09 23:21 296 --a------ C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\M L\Favoriten\Spyware&Malware Protection.url.vir
2007-09-10 10:03 34 --a------ C:\Qoobox\Quarantine\C\WINDOWS\dat.txt.vir
Auflistung der Ordnerpfade
Volumenummer: C8E1-1323
C:\QOOBOX\QUARANTINE
+---C
| +---Dokumente und Einstellungen
| | \---M L
| | \---Favoriten
| | Error Cleaner.url.vir
| | Privacy Protector.url.vir
| | Spyware&Malware Protection.url.vir
| |
| \---WINDOWS
| dat.txt.vir
| rs.txt.vir
|
\---Registry_backups
|
|
|
|
Poslao: 01 Okt 2007 23:13
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Dubo, izvini, ali moracemo da nastavimo sutra, ja moram vec na pocinak zbog ranog ustajanja.
Ozivi sutra ponovo temu (da bi mi izbila na listi neprocitanih poruka) tako sto ces se sutra poslepodne ponovo javiti u temi.
|
|
|
|