MyCity » Ambulanta -> Arhiva Ambulante » Rootkit.Win32.TDSS.d

Rootkit.Win32.TDSS.d

Napisano na dan: 12.5.2010

Rootkit.Win32.TDSS.d

Sledeća strana

Pagination

Odgovori

traummanster Poslao: 12 Maj 2010 15:37 Idi na vrh
offline traummanster Novi MyCity građanin Pridružio: 20 Sep 2008 Poruke: 14	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pre pad dana sam primetio se System Restore iskljucio i nije hteo ponovo da se upali. Mozilla je pocela sve cesce da se crash-uje, zvuk se uzgubio, laptop zakuca i nakon toga se restartuje sam od sebe! Skenirao sam sa Kasp. i on je pronasao gore naveden virus, ali nije mogao da ga otkloni. Sinoc mi se pojavio BSOD i nisam mogao cak ni iz Safe moda da ga upalim. To sam danas resio preko Vista Startup Repair, ali problem je i dalje tu! Simptomi su isti kao sto sam malo pre naveo! Pokusao sam da nadjem sam resenje da netu, ali ipak nisam mogao, pa sam morao da se obratim vama za pomoc! Sada cu postovati logove i za sve instrukcije sam tu da ih slepo pratim Gmerom je skenirao u Safe modu, jer nije hteo da skenira u normalnom rezimu! Hvala DDS (Ver_10-03-17.01) - NTFSx86 Run by Dada & Vlada at 16:44:16,66 on 11.05.2010 Internet Explorer: 7.0.6001.18000 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3068.2117 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\vfsFPService.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\SMINST\BLService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\DigitalPersona\Bin\DpAgent.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\System32\mobsync.exe C:\Program Files\3DataManager\3DataManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Users\Dada & Vlada\Desktop\dds.com C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com?o=15087&l=dis uURLSearchHooks: H - No File BHO: {004a8533-fa17-4b4a-b0af-9053185d3967} - c:\windows\system32\nuxnzluh.dll BHO: {00676b73-5a48-4d6f-84b0-1669b45eadd5} - c:\windows\system32\nuxnzluh.dll BHO: {009bbe57-ada2-4a09-b6be-828ef31a9c44} - c:\windows\system32\nuxnzluh.dll BHO: {00a8212e-f256-4522-bbdb-8397fa298665} - c:\windows\system32\nuxnzluh.dll BHO: {00f8705e-30ad-4f60-b5a7-e40feb963d95} - c:\windows\system32\nuxnzluh.dll BHO: {0150425c-f256-4522-bbdb-8397fa298665} - c:\windows\system32\nuxnzluh.dll BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: : {58f26318-4e8d-42eb-a2e7-f1ecb50b9c62} - c:\windows\system32\txecqix.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe mRun: [SBPl] c:\program files\sbp\SBPl.exe uPolicies-explorer: NoInstrumentation = 1 (0x1) uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0) mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab TCP: {2821F280-DD51-4E74-8D4E-6CFD8EB7E7A1} = 213.94.78.17 213.94.78.16 Notify: klogon - c:\windows\system32\klogon.dll AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll LSA: Notification Packages = scecli DPPWDFLT mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" ================= FIREFOX =================== FF - ProfilePath - c:\users\dada&v~1\appdata\roaming\mozilla\firefox\profiles\zf5ch29s.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ARS&o=15084&locale=en_US&q= FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\users\dada & vlada\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496] R2 hhpsanej;Processor Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 24880] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-1 361808] R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-27 599344] R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736] R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-14 43552] R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-27 40752] S3 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a7e996cd\AEstSrv.exe [2008-8-27 77824] S3 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-7-29 208616] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-31 193840] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-25 25088] S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504] S4 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504] ============== File Associations =============== .scr=AutoCADScriptFile =============== Created Last 30 ================ 2010-05-11 10:59:44 0 d-----w- c:\program files\Trend Micro 2010-05-10 21:10:35 0 d-----w- c:\program files\GPLGS 2010-05-10 21:09:28 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2010-05-10 21:09:28 0 d-----w- c:\program files\Acro Software 2010-05-04 19:39:17 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-05-04 19:38:38 87552 ----a-w- c:\windows\system32\wudriver.dll 2010-05-04 19:38:23 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-05-04 19:38:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-04-29 07:34:11 10 ------r- c:\windows\PSTUDIO.SN 2010-04-29 07:29:15 35 ----a-w- c:\windows\A4W.INI 2010-04-29 07:29:15 0 d-----w- c:\windows\A4W_DATA 2010-04-29 07:29:07 0 d-----w- c:\program files\Canon 2010-04-29 07:28:41 28 ----a-w- c:\windows\album.ini 2010-04-29 07:28:41 21 ----a-w- c:\windows\Ps_setup.ini 2010-04-29 07:28:41 1096 ----a-w- c:\windows\pstudio.ini 2010-04-29 07:28:40 212480 ----a-w- c:\windows\PCDLIB32.DLL 2010-04-29 07:28:20 328704 ----a-w- c:\windows\IsUn0407.exe 2010-04-29 07:23:44 318976 ----a-w- c:\windows\system32\UCS32P.DLL 2010-04-29 07:23:44 311296 ----a-w- c:\windows\system32\N065UFW.dll 2010-04-29 07:23:44 163888 ----a-w- c:\windows\system32\N065UUD.DLL 2010-04-29 07:23:43 28718 ----a-w- c:\windows\system32\N065UCPL.DLL ==================== Find3M ==================== 2010-05-11 14:40:39 9501216 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-05-11 14:32:05 631814 ----a-w- c:\windows\system32\perfh007.dat 2010-05-11 14:32:05 128450 ----a-w- c:\windows\system32\perfc007.dat 2010-05-11 12:34:04 933920 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-05-11 12:34:04 78284 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-05-11 12:34:04 5320 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-04-29 07:23:59 51200 ----a-w- c:\windows\inf\infpub.dat 2010-04-29 07:23:58 143360 ----a-w- c:\windows\inf\infstrng.dat 2010-04-29 07:23:57 86016 ----a-w- c:\windows\inf\infstor.dat 2010-03-30 15:25:54 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-02-26 18:21:14 24440 ----a-w- c:\windows\system32\udcpm.dll 2008-09-05 22:49:29 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-08-01 06:37:19 36916 ----a-w- c:\windows\inf\perflib\0407\perfd.dat 2008-08-01 06:37:19 36916 ----a-w- c:\windows\inf\perflib\0407\perfc.dat 2008-08-01 06:37:19 290748 ----a-w- c:\windows\inf\perflib\0407\perfi.dat 2008-08-01 06:37:19 290748 ----a-w- c:\windows\inf\perflib\0407\perfh.dat 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2008-08-01 06:43:57 8192 --sha-w- c:\windows\users\default\NTUSER.DAT ============= FINISH: 16:45:41,58 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

magna86 Poslao: 12 Maj 2010 16:41 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

traummanster Poslao: 12 Maj 2010 17:12 Idi na vrh
offline traummanster Novi MyCity građanin Pridružio: 20 Sep 2008 Poruke: 14	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam kako si rekao! ComboFix 10-05-11.06 - Dada & Vlada 12.05.2010 16:55:57.1.2 - x86 ausgeführt von:: c:\users\Dada & Vlada\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Ijl11.dll c:\windows\system32\Memman.vxd c:\windows\system32\skinboxer43.dll . ((((((((((((((((((((((( Dateien erstellt von 2010-04-12 bis 2010-05-12 )))))))))))))))))))))))))))))) . 2010-05-12 15:05 . 2010-05-12 15:06 -------- d-----w- c:\users\Dada & Vlada\AppData\Local\temp 2010-05-12 15:05 . 2010-05-12 15:05 -------- d-----w- c:\users\Vlada&Dada\AppData\Local\temp 2010-05-12 15:05 . 2010-05-12 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-12 15:05 . 2010-05-12 15:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2010-05-11 20:57 . 2010-05-11 22:01 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\3DataManager 2010-05-11 20:56 . 2010-05-11 20:56 -------- d-----w- c:\program files\3DataManager(6) 2010-05-11 10:59 . 2010-05-11 10:59 -------- d-----w- c:\program files\Trend Micro 2010-05-10 21:10 . 2010-05-10 21:10 -------- d-----w- c:\program files\GPLGS 2010-05-10 21:09 . 2010-05-10 21:09 -------- d-----w- c:\program files\Acro Software 2010-05-04 19:39 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2010-05-04 19:39 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2010-05-04 19:39 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-05-04 19:39 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2010-05-04 19:38 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2010-05-04 19:38 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-05-04 19:38 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2010-05-04 19:38 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-05-04 19:38 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-04-29 07:29 . 2010-04-29 07:29 -------- d-----w- c:\windows\A4W_DATA 2010-04-29 07:29 . 2010-04-29 07:29 -------- d-----w- c:\program files\Canon 2010-04-29 07:28 . 1995-07-31 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL 2010-04-29 07:28 . 2010-04-29 07:28 -------- d-----w- c:\program files\ArcSoft 2010-04-29 07:28 . 1998-10-21 16:43 328704 ----a-w- c:\windows\IsUn0407.exe 2010-04-29 07:23 . 2000-08-10 05:07 163888 ----a-w- c:\windows\system32\N065UUD.DLL 2010-04-29 07:23 . 2000-06-07 01:03 311296 ----a-w- c:\windows\system32\N065UFW.dll 2010-04-29 07:23 . 2000-01-06 19:05 318976 ----a-w- c:\windows\system32\UCS32P.DLL 2010-04-29 07:23 . 2000-04-28 05:07 28718 ----a-w- c:\windows\system32\N065UCPL.DLL . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-12 14:58 . 2008-08-01 06:37 631814 ----a-w- c:\windows\system32\perfh007.dat 2010-05-12 14:58 . 2008-08-01 06:37 128450 ----a-w- c:\windows\system32\perfc007.dat 2010-05-12 14:47 . 2008-11-12 22:21 9382944 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-05-12 14:47 . 2008-11-12 22:21 925728 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-05-12 14:47 . 2008-11-12 22:21 77528 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-05-12 14:47 . 2008-11-12 22:21 5292 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-05-12 13:19 . 2010-03-31 21:12 -------- d-----w- c:\programdata\FLEXnet 2010-05-12 13:19 . 2010-02-14 20:58 -------- d-----w- c:\program files\3DataManager 2010-05-12 13:19 . 2009-12-19 09:51 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Winamp 2010-05-12 13:19 . 2009-11-25 15:45 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\uTorrent 2010-05-12 13:19 . 2008-11-18 15:40 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\vlc 2010-05-12 12:26 . 2010-04-11 11:16 -------- d-----w- c:\program files\SBP 2010-05-11 22:24 . 2008-11-12 22:21 -------- d-----w- c:\programdata\Kaspersky Lab 2010-05-10 01:23 . 2008-09-06 08:21 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Skype 2010-04-11 17:34 . 2010-02-17 21:42 -------- d-----w- c:\program files\Common Files\Akamai 2010-04-11 17:13 . 2008-11-27 04:05 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Autodesk 2010-04-11 17:13 . 2008-11-27 04:05 -------- d-----w- c:\programdata\Autodesk 2010-04-11 11:16 . 2010-04-11 11:16 766 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_78ec4c3c.exe 2010-04-11 11:16 . 2010-04-11 11:16 207886 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_78d52656.exe 2010-04-11 11:16 . 2010-04-11 11:16 207886 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_689f2d71.exe 2010-04-11 11:05 . 2010-04-11 11:05 -------- d-----w- c:\program files\uTorrent 2010-04-10 13:01 . 2010-04-10 13:01 302656 ----a-w- c:\programdata\Microsoft\VSTAHost\Architecture2010\9.0\1033\ResourceCache.dll 2010-04-10 13:01 . 2010-04-10 13:01 303936 ----a-w- c:\programdata\Microsoft\VSTAHost\Architecture2010\9.0\1031\ResourceCache.dll 2010-04-10 12:58 . 2010-04-10 12:57 -------- d-----w- c:\program files\Autodesk Revit Architecture 2010 2010-04-10 12:57 . 2010-02-18 02:37 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-04-10 12:56 . 2008-07-31 22:16 -------- d-----w- c:\programdata\Microsoft Help 2010-04-10 12:56 . 2010-04-10 12:54 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2010-04-10 12:55 . 2010-04-10 12:55 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2010-04-10 12:54 . 2010-04-10 12:54 -------- d-----w- c:\program files\Microsoft SDKs 2010-04-10 12:53 . 2010-04-10 12:30 -------- d-----w- c:\program files\Autodesk 2010-04-10 12:30 . 2008-07-31 22:39 -------- d-----w- c:\program files\Java 2010-04-10 12:30 . 2010-04-10 12:30 10134 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}\_13237EEAE27660A8BE98B7.exe 2010-04-10 12:30 . 2010-04-10 12:30 10134 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}\_09DB3D0C1C9F64C35BEE22.exe 2010-04-10 12:30 . 2010-04-10 12:30 -------- d-----w- c:\program files\Autodesk Network License Manager 2010-04-09 13:41 . 2010-04-09 13:40 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\dvdcss 2010-03-30 15:25 . 2009-01-02 18:25 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-03-23 17:08 . 2010-03-23 17:08 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\UDC Profiles 2010-03-23 17:07 . 2010-03-23 17:07 -------- d-----w- c:\program files\Universal Document Converter 2010-02-26 18:21 . 2010-03-23 17:07 24440 ----a-w- c:\windows\system32\udcpm.dll 2010-02-18 02:48 . 2008-09-05 18:15 103368 ----a-w- c:\users\Dada & Vlada\AppData\Local\GDIPFONTCACHEV1.DAT 2008-08-01 06:43 . 2008-08-01 06:40 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . Hinweis leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456] "SBPl"="c:\program files\SBP\SBPl.exe" [2010-04-11 1290240] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Dada & Vlada^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2008-04-15 12:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-03-12 19:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-14 02:09 13535776 ----a-w- c:\windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-14 02:09 92704 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-03-14 06:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-03-25 02:28 144784 ----a-w- c:\program files\Java\jre1.6.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2007-12-24 13:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-27 717296] R3 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088] R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504] R4 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-11 33808] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880] S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808] S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856] S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552] S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-27 40752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr Akamai REG_MULTI_SZ Akamai HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners 2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-270948758-3929525095-3818274810-1000Core.job - c:\users\Dada & Vlada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 18:55] 2010-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-270948758-3929525095-3818274810-1000UA.job - c:\users\Dada & Vlada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 18:55] 2008-09-07 c:\windows\Tasks\User_Feed_Synchronization-{E3C626EB-3C3E-4215-94BB-F4FFB2ED8819}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = google.com mStart Page = hxxp://de.yahoo.com uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Dada & Vlada\AppData\Roaming\Mozilla\Firefox\Profiles\zf5ch29s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\users\Dada & Vlada\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . . ------- Dateityp-Verknüpfung ------- . .scr=AutoCADScriptFile . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-05-12 17:06 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************ . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\S-1-5-21-270948758-3929525095-3818274810-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8542D3E7-F220-2B22-D70C-E5235776379D}*] "nachdnkdiidngihlnmadabnlfnak"=hex:6b,61,61,6b,61,65,65,64,6c,65,6d,65,64,69, 61,6e,68,67,67,65,6a,6d,00,00 "oamgnndklphknmfofhhakjkalmjjba"=hex:6b,61,61,6b,6e,64,6a,65,67,6e,6d,67,6b,64, 61,62,68,62,6a,70,6a,68,00,00 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'lsass.exe'(756) c:\windows\system32\DPPWDFLT.dll . Zeit der Fertigstellung: 2010-05-12 17:09:48 ComboFix-quarantined-files.txt 2010-05-12 15:09 Vor Suchlauf: 8 Verzeichnis(se), 132.460.412.928 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 132.484.706.304 Bytes frei - - End Of File - - 62956DFA1D599FB76F6366E8437B7C7E

Profil

magna86 Poslao: 12 Maj 2010 18:36 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	1Ovo se svidja korisniku: traummanster Registruj se da bi pohvalio/la poruku! Kazi mi sta ti tacno detektuje Kaspersky? Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: c:\program files\SBP Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SBPl"=- RegNull:: [HKEY_USERS\S-1-5-21-270948758-3929525095-3818274810-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8542D3E7-F220-2B22-D70C-E5235776379D}*]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

traummanster Poslao: 12 Maj 2010 19:25 Idi na vrh
offline traummanster Novi MyCity građanin Pridružio: 20 Sep 2008 Poruke: 14	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo postavicu snapshot Kasp, pa ti pogledaj! ComboFix 10-05-11.06 - Dada & Vlada 12.05.2010 18:49:08.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3068.1941 [GMT 2:00] ausgeführt von:: c:\users\Dada & Vlada\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Dada & Vlada\Desktop\CFScript.txt . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\SBP c:\program files\SBP\riched32.dll c:\program files\SBP\RunAtStartupTool.exe c:\program files\SBP\SBPl.exe c:\program files\SBP\vbalflbr6.dll . ((((((((((((((((((((((( Dateien erstellt von 2010-04-12 bis 2010-05-12 )))))))))))))))))))))))))))))) . 2010-05-12 16:57 . 2010-05-12 16:57 -------- d-----w- c:\users\Dada & Vlada\AppData\Local\temp 2010-05-12 16:57 . 2010-05-12 16:57 -------- d-----w- c:\users\Vlada&Dada\AppData\Local\temp 2010-05-12 16:57 . 2010-05-12 16:57 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-05-12 16:57 . 2010-05-12 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-12 16:57 . 2010-05-12 16:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2010-05-12 16:38 . 2010-05-12 16:39 -------- d-----w- c:\windows\LastGood 2010-05-12 16:38 . 2010-05-12 16:38 -------- d-----w- c:\users\Dada & Vlada\{2224488a-7526-4c1e-b0b1-67bd57d34628} 2010-05-11 20:57 . 2010-05-12 16:42 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\3DataManager 2010-05-11 20:56 . 2010-05-11 20:56 -------- d-----w- c:\program files\3DataManager(6) 2010-05-11 10:59 . 2010-05-11 10:59 -------- d-----w- c:\program files\Trend Micro 2010-05-10 21:10 . 2010-05-10 21:10 -------- d-----w- c:\program files\GPLGS 2010-05-10 21:09 . 2010-05-10 21:09 -------- d-----w- c:\program files\Acro Software 2010-05-04 19:39 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2010-05-04 19:39 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2010-05-04 19:39 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2010-05-04 19:39 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2010-05-04 19:38 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2010-05-04 19:38 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2010-05-04 19:38 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2010-05-04 19:38 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2010-05-04 19:38 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2010-04-29 07:29 . 2010-04-29 07:29 -------- d-----w- c:\windows\A4W_DATA 2010-04-29 07:29 . 2010-04-29 07:29 -------- d-----w- c:\program files\Canon 2010-04-29 07:28 . 1995-07-31 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL 2010-04-29 07:28 . 2010-04-29 07:28 -------- d-----w- c:\program files\ArcSoft 2010-04-29 07:28 . 1998-10-21 16:43 328704 ----a-w- c:\windows\IsUn0407.exe 2010-04-29 07:23 . 2000-08-10 05:07 163888 ----a-w- c:\windows\system32\N065UUD.DLL 2010-04-29 07:23 . 2000-06-07 01:03 311296 ----a-w- c:\windows\system32\N065UFW.dll 2010-04-29 07:23 . 2000-01-06 19:05 318976 ----a-w- c:\windows\system32\UCS32P.DLL 2010-04-29 07:23 . 2000-04-28 05:07 28718 ----a-w- c:\windows\system32\N065UCPL.DLL . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-12 16:38 . 2008-08-01 06:37 631814 ----a-w- c:\windows\system32\perfh007.dat 2010-05-12 16:38 . 2008-08-01 06:37 128450 ----a-w- c:\windows\system32\perfc007.dat 2010-05-12 16:37 . 2010-02-14 20:58 -------- d-----w- c:\program files\3DataManager 2010-05-12 14:47 . 2008-11-12 22:21 9382944 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-05-12 14:47 . 2008-11-12 22:21 925728 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2010-05-12 14:47 . 2008-11-12 22:21 77528 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-05-12 14:47 . 2008-11-12 22:21 5292 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2010-05-12 13:19 . 2010-03-31 21:12 -------- d-----w- c:\programdata\FLEXnet 2010-05-12 13:19 . 2009-12-19 09:51 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Winamp 2010-05-12 13:19 . 2009-11-25 15:45 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\uTorrent 2010-05-12 13:19 . 2008-11-18 15:40 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\vlc 2010-05-11 22:24 . 2008-11-12 22:21 -------- d-----w- c:\programdata\Kaspersky Lab 2010-05-10 01:23 . 2008-09-06 08:21 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Skype 2010-04-11 17:34 . 2010-02-17 21:42 -------- d-----w- c:\program files\Common Files\Akamai 2010-04-11 17:13 . 2008-11-27 04:05 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Autodesk 2010-04-11 17:13 . 2008-11-27 04:05 -------- d-----w- c:\programdata\Autodesk 2010-04-11 11:16 . 2010-04-11 11:16 766 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_78ec4c3c.exe 2010-04-11 11:16 . 2010-04-11 11:16 207886 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_78d52656.exe 2010-04-11 11:16 . 2010-04-11 11:16 207886 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_689f2d71.exe 2010-04-11 11:05 . 2010-04-11 11:05 -------- d-----w- c:\program files\uTorrent 2010-04-10 13:01 . 2010-04-10 13:01 302656 ----a-w- c:\programdata\Microsoft\VSTAHost\Architecture2010\9.0\1033\ResourceCache.dll 2010-04-10 13:01 . 2010-04-10 13:01 303936 ----a-w- c:\programdata\Microsoft\VSTAHost\Architecture2010\9.0\1031\ResourceCache.dll 2010-04-10 12:58 . 2010-04-10 12:57 -------- d-----w- c:\program files\Autodesk Revit Architecture 2010 2010-04-10 12:57 . 2010-02-18 02:37 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-04-10 12:56 . 2008-07-31 22:16 -------- d-----w- c:\programdata\Microsoft Help 2010-04-10 12:56 . 2010-04-10 12:54 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0 2010-04-10 12:55 . 2010-04-10 12:55 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll 2010-04-10 12:54 . 2010-04-10 12:54 -------- d-----w- c:\program files\Microsoft SDKs 2010-04-10 12:53 . 2010-04-10 12:30 -------- d-----w- c:\program files\Autodesk 2010-04-10 12:30 . 2008-07-31 22:39 -------- d-----w- c:\program files\Java 2010-04-10 12:30 . 2010-04-10 12:30 10134 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}\_13237EEAE27660A8BE98B7.exe 2010-04-10 12:30 . 2010-04-10 12:30 10134 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}\_09DB3D0C1C9F64C35BEE22.exe 2010-04-10 12:30 . 2010-04-10 12:30 -------- d-----w- c:\program files\Autodesk Network License Manager 2010-04-09 13:41 . 2010-04-09 13:40 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\dvdcss 2010-03-30 15:25 . 2009-01-02 18:25 66872 ----a-w- c:\windows\system32\PnkBstrA.exe 2010-03-23 17:08 . 2010-03-23 17:08 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\UDC Profiles 2010-03-23 17:07 . 2010-03-23 17:07 -------- d-----w- c:\program files\Universal Document Converter 2010-02-26 18:21 . 2010-03-23 17:07 24440 ----a-w- c:\windows\system32\udcpm.dll 2010-02-18 02:48 . 2008-09-05 18:15 103368 ----a-w- c:\users\Dada & Vlada\AppData\Local\GDIPFONTCACHEV1.DAT 2008-08-01 06:43 . 2008-08-01 06:40 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT . ((((((((((((((((((((((((((((( SnapShot@2010-05-12_15.06.08 ))))))))))))))))))))))))))))))))))))))))) . + 2010-02-14 20:58 . 2010-05-12 16:37 100864 c:\windows\System32\DriverStore\FileRepository\ewnet.inf_d99a5a85\ewusbnet.sys + 2010-02-14 20:58 . 2010-05-12 16:37 101632 c:\windows\System32\DriverStore\FileRepository\ewmdm2k.inf_c02941d9\ewusbmdm.sys . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . Hinweis leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Users^Dada & Vlada^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] 2008-04-15 12:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-03-12 19:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2008-05-14 02:09 13535776 ----a-w- c:\windows\System32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-05-14 02:09 92704 ----a-w- c:\windows\System32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2008-03-14 06:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-03-25 02:28 144784 ----a-w- c:\program files\Java\jre1.6.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2007-12-24 13:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter] 2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-27 717296] R3 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088] R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504] R4 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-11 33808] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880] S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808] S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344] S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856] S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552] S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-27 40752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr Akamai REG_MULTI_SZ Akamai HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Inhalt des "geplante Tasks" Ordners 2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-270948758-3929525095-3818274810-1000Core.job - c:\users\Dada & Vlada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 18:55] 2010-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-270948758-3929525095-3818274810-1000UA.job - c:\users\Dada & Vlada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 18:55] 2008-09-07 c:\windows\Tasks\User_Feed_Synchronization-{E3C626EB-3C3E-4215-94BB-F4FFB2ED8819}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = google.com mStart Page = hxxp://de.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Dada & Vlada\AppData\Roaming\Mozilla\Firefox\Profiles\zf5ch29s.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\users\Dada & Vlada\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-05-12 18:57 Windows 6.0.6001 Service Pack 1 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************ . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'lsass.exe'(756) c:\windows\system32\DPPWDFLT.dll . Zeit der Fertigstellung: 2010-05-12 19:01:00 ComboFix-quarantined-files.txt 2010-05-12 17:00 Vor Suchlauf: 14 Verzeichnis(se), 132.958.384.128 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 133.162.127.360 Bytes frei - - End Of File - - B74F9D949AB8751673A173A32121C559

Profil

magna86 Poslao: 13 Maj 2010 14:40 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li ti sad AntiVirus nesto detektuje?

Profil

traummanster Poslao: 13 Maj 2010 22:18 Idi na vrh
offline traummanster Novi MyCity građanin Pridružio: 20 Sep 2008 Poruke: 14	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Sada je sve ok! Skenirao sam ponovo i Kasp. nije nista prijavio! Racunar sada radi normalno! Hvala ti na pomoci i nadam se da ce ovaj post pomoc jos nekome! Ziveli

Profil

magna86 Poslao: 14 Maj 2010 11:23 Idi na vrh
offline magna86 Anti Malware Fighter Rank 2 Pridružio: 21 Jun 2008 Poruke: 6104	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok,uradi jos ovo. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Rootkit.Win32.TDSS.d

Ko je trenutno na forumu

Ukupno su 971 korisnika na forumu :: 3 registrovanih, 0 sakrivenih i 968 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: branko7, Marko Marković, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by