[bobby] trojanac u registry

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ovo mi nalazi malwarebytes i nemoze to da izbrise a trojan remover ovo uopste ne nadje i javlja da je sve u redu a hijackthis kaze ovo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:17, on 28.01.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\zoran\Desktop\djoka\djoka.exe.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....;pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....;pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....;pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Program Files\Lexmark 6500 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\Windows\system32\lxdfcoms.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11914 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jesi li siguran da MalwareBytes nije ovo uklonio, posto HijackThis log ne pokazuje vise te simptome?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

siguran sam posto ovu sliku okacenu sam snimio posto sam ga ponovo ukljucio da skenira

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I sigurno si nakon skeniranja kliknuo na Entwerne Auswahl, ali se ovo ipak pojavilo?

Ako je tako, onda uradi sledece:

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Dopuna: 28 Jan 2009 22:43

Zaboravih da kazem. Ako zelis da ovo efikasnije resimo, zamolio bih te da sutra dodjes na forum uvece izmedju 6 i 9. Ja radim do 5, a u ovo vreme obicno vec krecem na spavanje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo uradio sam to samo jos da dodam da mi neda da uradim update windows i windows defender,kad odem na microsoftovu stranicu i hocu da idem na upload ili bilo sta da downloadujem samo mi se otvori strana na kojoj je google.

ComboFix 09-01-21.04 - zoran 2009-01-29 22:49:23.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.2046.850 [GMT 1:00]
ausgeführt von:: c:\users\zoran\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\zoran\FAVORI~1\Videos.url
c:\users\zoran\Favorites\Videos.url

.
((((((((((((((((((((((( Dateien erstellt von 2008-12-28 bis 2009-01-29 ))))))))))))))))))))))))))))))
.

2009-01-29 13:04 . 2009-01-29 13:06 196,608 --a------ c:\windows\SPInstall.etl
2009-01-29 12:53 . 2009-01-29 12:53 <DIR> d--h----- c:\windows\PIF
2009-01-29 10:24 . 2009-01-29 10:24 <DIR> d-------- c:\program files\Unlocker
2009-01-28 11:24 . 2009-01-28 11:24 <DIR> d-------- c:\program files\MWSnap
2009-01-26 11:58 . 2009-01-28 12:14 <DIR> d-------- c:\program files\Opera
2009-01-25 18:36 . 2009-01-25 18:36 <DIR> d-------- c:\users\All Users\Simply Super Software
2009-01-25 18:36 . 2009-01-25 18:36 <DIR> d-------- c:\programdata\Simply Super Software
2009-01-25 18:36 . 2009-01-26 10:16 <DIR> d-------- c:\program files\Trojan Remover
2009-01-25 16:53 . 2009-01-25 16:53 <DIR> d-------- c:\users\zoran\AppData\Roaming\Malwarebytes
2009-01-25 16:53 . 2009-01-25 16:53 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-01-25 16:53 . 2009-01-25 16:53 <DIR> d-------- c:\programdata\Malwarebytes
2009-01-25 16:53 . 2009-01-25 16:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 16:53 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-25 16:53 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-25 16:05 . 2009-01-25 16:24 <DIR> d-------- c:\program files\RegCleaner
2009-01-25 15:55 . 2009-01-25 15:55 <DIR> d-------- c:\users\zoran\AppData\Roaming\GeoVid
2009-01-22 16:53 . 2009-01-22 16:53 <DIR> d-------- c:\users\zoran\OngameNetwork
2009-01-20 19:29 . 2009-01-20 19:29 <DIR> d-------- c:\program files\TeamViewer
2009-01-19 21:45 . 2009-01-20 19:23 <DIR> d-------- c:\users\zoran\temp
2009-01-19 21:45 . 2009-01-19 21:45 <DIR> d-------- c:\users\zoran\AppData\Roaming\TeamViewer
2009-01-18 17:24 . 2009-01-18 17:24 <DIR> d-------- c:\program files\AskBarDis
2009-01-18 17:21 . 2009-01-18 17:21 <DIR> d-------- c:\windows\PaltalkScene
2009-01-18 17:21 . 2009-01-28 12:15 <DIR> d-------- c:\users\zoran\AppData\Roaming\Paltalk
2009-01-18 17:21 . 2009-01-28 12:15 <DIR> d-------- c:\program files\Paltalk Messenger
2009-01-18 13:13 . 2009-01-26 11:55 <DIR> d-------- c:\users\zoran\AppData\Roaming\DivX
2009-01-17 15:09 . 2009-01-29 13:11 <DIR> d-------- c:\users\zoran\AppData\Roaming\Hamachi
2009-01-17 15:08 . 2009-01-17 15:09 <DIR> d-------- c:\program files\Hamachi
2009-01-17 15:08 . 2009-01-17 15:08 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-01-17 14:23 . 2009-01-17 14:23 <DIR> d-------- c:\program files\SHOUTcast
2009-01-17 11:03 . 2009-01-17 11:14 <DIR> d-------- c:\program files\Winamp
2009-01-17 11:03 . 2009-01-17 11:03 155 --a------ c:\windows\winamp.ini
2009-01-16 18:47 . 2003-06-18 17:31 17,920 --a------ c:\windows\System32\mdimon.dll
2009-01-16 18:47 . 2009-01-16 18:47 400 --a------ c:\windows\ODBC.INI
2009-01-16 18:42 . 2009-01-16 18:42 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-16 18:20 . 2008-07-30 17:42 23,888 --a------ c:\windows\System32\drivers\COH_Mon.sys
2009-01-16 18:20 . 2008-07-30 17:28 10,537 --a------ c:\windows\System32\drivers\COH_Mon.cat
2009-01-16 18:20 . 2008-07-30 17:28 706 --a------ c:\windows\System32\drivers\COH_Mon.inf
2009-01-11 15:21 . 2009-01-11 15:21 <DIR> d-------- c:\users\zoran\AppData\Roaming\CyberLink
2009-01-11 15:18 . 2009-01-11 15:18 <DIR> d-------- c:\users\zoran\AppData\Roaming\HP
2009-01-11 13:10 . 2009-01-11 13:10 <DIR> d-------- c:\users\zoran\AppData\Roaming\Template
2009-01-11 13:10 . 2009-01-19 14:28 2,130 --a------ c:\users\zoran\AppData\Roaming\wklnhst.dat
2009-01-11 11:58 . 2009-01-11 11:58 <DIR> d-------- c:\users\zoran\AppData\Roaming\6500 Series
2009-01-11 11:49 . 2009-01-11 11:49 <DIR> d-------- c:\users\zoran\AppData\Roaming\Lexmark Productivity Studio
2009-01-11 11:44 . 2009-01-23 20:20 <DIR> d-------- c:\users\All Users\Lx_cats
2009-01-11 11:44 . 2009-01-23 20:20 <DIR> d-------- c:\programdata\Lx_cats
2009-01-11 11:39 . 2009-01-11 11:39 <DIR> d-------- C:\logs
2009-01-11 11:37 . 2007-05-03 20:50 348,160 --a------ c:\windows\System32\lxdfcoin.dll
2009-01-11 11:33 . 2009-01-11 11:33 <DIR> d-------- c:\users\All Users\6500 Series
2009-01-11 11:33 . 2009-01-11 11:33 <DIR> d-------- c:\programdata\6500 Series
2009-01-11 11:33 . 2006-06-02 22:12 339,968 --a------ c:\windows\System32\IMGMAN32.DLL
2009-01-11 11:33 . 2006-06-02 22:12 98,345 --a------ c:\windows\System32\IMHOST32.DLL
2009-01-11 11:33 . 2006-06-02 22:12 98,304 --a------ c:\windows\System32\IM31XPNG.DEL
2009-01-11 11:33 . 2007-04-09 15:59 69,632 --a------ c:\windows\System32\lxdfoem.dll
2009-01-11 11:33 . 2006-06-02 22:12 69,632 --a------ c:\windows\System32\IM31XTIF.DEL
2009-01-11 11:33 . 2006-06-02 22:12 49,152 --a------ c:\windows\System32\IM31IMG.DIL
2009-01-11 11:33 . 2007-05-24 12:41 45,056 --a------ c:\windows\System32\LXDFPMON.DLL
2009-01-11 11:33 . 2007-05-24 12:41 32,768 --a------ c:\windows\System32\LXDFFXPU.DLL
2009-01-11 11:31 . 2009-01-11 11:32 <DIR> d-------- c:\program files\Abbyy FineReader 6.0 Sprint
2009-01-11 11:28 . 2006-10-26 15:10 1,645,320 --a------ c:\windows\System32\gdiplus.dll
2009-01-11 11:28 . 2007-05-17 18:52 348,160 --a------ c:\windows\System32\lxdfinst.dll
2009-01-11 11:28 . 2007-01-22 10:53 60 --ah----- c:\windows\System32\lxdfrwrd.ini
2009-01-11 11:27 . 2009-01-11 11:34 <DIR> d-------- c:\program files\Lexmark 6500 Series
2009-01-11 10:51 . 2009-01-26 11:17 <DIR> d-a------ c:\users\All Users\TEMP
2009-01-11 10:51 . 2009-01-26 11:17 <DIR> d-a------ c:\programdata\TEMP
2009-01-11 10:48 . 2009-01-25 18:36 <DIR> d-------- c:\users\zoran\AppData\Roaming\Simply Super Software
2009-01-11 10:48 . 2006-05-25 14:52 162,304 --a------ c:\windows\System32\ztvunrar36.dll
2009-01-11 10:48 . 2003-02-02 19:06 153,088 --a------ c:\windows\System32\UNRAR3.dll
2009-01-11 10:48 . 2005-08-26 00:50 77,312 --a------ c:\windows\System32\ztvunace26.dll
2009-01-11 10:48 . 2002-03-06 00:00 75,264 --a------ c:\windows\System32\unacev2.dll
2009-01-11 10:48 . 2006-06-19 12:01 69,632 --a------ c:\windows\System32\ztvcabinet.dll
2009-01-11 10:36 . 2009-01-11 10:36 <DIR> d-------- c:\program files\Real
2009-01-11 10:36 . 2009-01-11 10:36 <DIR> d-------- c:\program files\Common Files\xing shared
2009-01-11 10:36 . 2009-01-11 10:36 <DIR> d-------- c:\program files\Common Files\Real
2009-01-11 10:34 . 2009-01-11 10:35 <DIR> d-------- c:\program files\Azureus
2009-01-11 10:34 . 2009-01-11 10:34 16 --a------ c:\windows\System32\coh.cache
2009-01-11 10:33 . 2009-01-11 10:33 <DIR> d-------- c:\program files\Common Files\PX Storage Engine
2009-01-11 10:32 . 2009-01-11 10:33 <DIR> d-------- c:\program files\DivX
2009-01-11 10:28 . 2009-01-11 10:28 <DIR> d-------- c:\users\zoran\AppData\Roaming\vlc
2009-01-11 10:27 . 2009-01-11 10:27 <DIR> d-------- c:\program files\VideoLAN
2009-01-11 10:26 . 2009-01-22 22:28 <DIR> d-------- c:\users\zoran\AppData\Roaming\VoipStunt
2009-01-11 10:25 . 2009-01-11 10:25 <DIR> d-------- c:\program files\VoipStunt.com
2009-01-11 10:20 . 2009-01-11 10:20 <DIR> d-------- c:\users\zoran\AppData\Roaming\Thunderbird
2009-01-11 10:20 . 2009-01-11 10:20 0 --a------ c:\windows\nsreg.dat
2009-01-11 10:19 . 2009-01-11 10:33 <DIR> d-------- c:\program files\Mozilla Thunderbird
2009-01-11 10:13 . 2009-01-29 12:57 <DIR> d-------- c:\program files\bwin
2009-01-11 10:11 . 2009-01-11 10:11 <DIR> d-------- c:\program files\RocketDock
2009-01-10 21:08 . 2009-01-28 10:44 <DIR> d-------- c:\users\zoran\AppData\Roaming\Skype
2009-01-10 21:08 . 2009-01-10 21:08 <DIR> d-------- c:\users\All Users\Skype
2009-01-10 21:08 . 2009-01-10 21:08 <DIR> d-------- c:\programdata\Skype
2009-01-10 21:08 . 2009-01-10 21:08 <DIR> d-------- c:\program files\Skype
2009-01-10 20:30 . 2009-01-10 20:30 <DIR> d-------- c:\users\zoran\Bluetooth Software
2009-01-10 20:29 . 2009-01-10 20:29 <DIR> dr------- c:\users\zoran\Searches
2009-01-10 20:29 . 2009-01-13 14:13 <DIR> dr------- c:\users\zoran\Contacts
2009-01-10 20:28 . 2007-04-18 09:51 229,376 --a------ c:\windows\System32\BtwRSupport.dll
2009-01-10 20:27 . 2009-01-10 20:27 <DIR> d-------- c:\windows\System32\es-MX
2009-01-10 20:27 . 2009-01-10 20:27 <DIR> d-------- c:\windows\System32\es-AR
2009-01-10 20:27 . 2009-01-10 20:27 <DIR> d-------- c:\program files\WIDCOMM
2009-01-10 20:26 . 2009-01-10 20:26 <DIR> d-------- c:\program files\Bioscrypt
2009-01-10 20:26 . 2005-01-19 17:25 339,968 -ra------ c:\windows\System32\msvcr70.dll
2009-01-10 20:25 . 2009-01-10 20:25 <DIR> d-------- c:\program files\Fingerprint Sensor
2009-01-10 20:24 . 2009-01-10 20:24 44 --a------ c:\windows\system\hpsysdrv.dat
2009-01-10 20:24 . 2009-01-10 20:24 0 -rahs---- c:\windows\System32\drivers\103C_HP_cNB_Pavilion dv9500 Notebook PC_Y5335KV_0U_QCNF73421VG_E445841-041_4A_I30DA_SQuanta_V85.17_F.06_T070723_WV3-0_L407_M2047_J160_7AMD_8F81_92.00_#090110_N10DE0450;14E44328_(GS463EA#ABD)_XMOBILE_CN10_Z.MRK
2009-01-10 20:22 . 2009-01-10 20:22 <DIR> d-------- c:\users\zoran\AppData\Roaming\Hewlett-Packard
2009-01-10 20:20 . 2009-01-11 10:32 <DIR> dr------- c:\users\zoran\Videos
2009-01-10 20:20 . 2009-01-10 20:29 <DIR> dr------- c:\users\zoran\Saved Games
2009-01-10 20:20 . 2009-01-28 11:44 <DIR> dr------- c:\users\zoran\Pictures
2009-01-10 20:20 . 2009-01-16 16:51 <DIR> dr------- c:\users\zoran\Music
2009-01-10 20:20 . 2009-01-10 20:29 <DIR> dr------- c:\users\zoran\Links
2009-01-10 20:20 . 2009-01-11 13:30 <DIR> dr------- c:\users\zoran\Downloads
2009-01-10 20:20 . 2009-01-26 11:47 <DIR> dr------- c:\users\zoran\Documents
2009-01-10 20:20 . 2006-11-02 13:37 <DIR> d-------- c:\users\zoran\AppData\Roaming\Media Center Programs
2009-01-10 20:20 . 2009-01-10 20:24 <DIR> d--h----- c:\users\zoran\AppData
2009-01-10 20:20 . 2009-01-22 16:53 <DIR> d-------- c:\users\zoran
2009-01-10 20:20 . 2009-01-10 20:20 81 --a------ c:\windows\System32\LOG
2009-01-10 20:16 . 2009-01-10 20:16 <DIR> dr------- c:\windows\System32\config\systemprofile\Contacts

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 09:19 --------- d-----w c:\program files\Common Files\Adobe
2009-01-25 12:41 --------- d-----w c:\programdata\Symantec
2009-01-16 17:44 --------- d-----w c:\program files\Microsoft Works
2009-01-16 17:36 --------- d-----w c:\programdata\Microsoft Help
2009-01-16 17:20 --------- d-----w c:\program files\Norton Internet Security
2009-01-13 12:31 --------- d-----w c:\programdata\CyberLink
2009-01-11 14:19 --------- d-----w c:\programdata\Napster
2009-01-11 14:18 --------- d-----w c:\programdata\HP
2009-01-11 09:25 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-11 09:25 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-11 09:25 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-11 09:25 --------- d-----w c:\program files\Symantec
2009-01-11 09:23 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-10 19:17 --------- d-sh--w c:\programdata\Vorlagen
2009-01-10 19:17 --------- d-sh--w c:\programdata\Startmenü
2009-01-10 19:17 --------- d-sh--w c:\programdata\Favoriten
2009-01-10 19:17 --------- d-sh--w c:\programdata\Dokumente
2009-01-10 19:17 --------- d-sh--w c:\programdata\Desktop
2009-01-10 19:17 --------- d-sh--w c:\programdata\Anwendungsdaten
2009-01-10 19:17 --------- d-sh--w c:\program files\Gemeinsame Dateien
2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-11-06 16:37 524,288 ----a-w c:\windows\System32\DivXsm.exe
2008-11-06 16:37 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-11-06 16:37 129,784 ------w c:\windows\System32\PxAFS.DLL
2008-11-06 16:35 200,704 ----a-w c:\windows\System32\ssldivx.dll
2008-11-06 16:35 1,044,480 ----a-w c:\windows\System32\libdivx.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\System32\divx_xx0c.dll
2008-11-06 16:33 823,296 ----a-w c:\windows\System32\divx_xx07.dll
2008-11-06 16:33 815,104 ----a-w c:\windows\System32\divx_xx0a.dll
2008-11-06 16:33 802,816 ----a-w c:\windows\System32\divx_xx11.dll
2008-11-06 16:33 684,032 ----a-w c:\windows\System32\DivX.dll
2008-11-06 16:33 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll
2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 17:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-07-14 20034600]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"VoipStunt"="c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe" [2006-12-14 7513656]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-13 323216]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-16 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-16 81920]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-06-22 77824]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-11 180269]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-11 455600]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Lexmark 6500 Series Fax Server"="c:\program files\Lexmark 6500 Series\fm3032.exe" [2007-06-11 308144]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-01-01 1231752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\zoran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-01-17 625952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4BAEBB19-C326-4827-91AB-45CF7535A9C3}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{17BF39D9-2193-42FF-8464-E0DC93196600}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{79D3486C-841C-4CE8-9169-9C37FB056CEF}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{F443711B-48D1-478F-BC48-425836A01CC2}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{295273A6-F2CB-43E3-A31C-1663B32C81B4}"= Disabled:TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{77153567-67D6-4C3E-A10D-69BB3FE1FA2B}"= UDP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{69692574-0A6F-4086-A339-95F64F3B5ADA}"= TCP:c:\program files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{00376DA4-C9A3-42F6-B6DC-21043F00FD3A}"= UDP:c:\windows\System32\lxdfcoms.exe:Lexmark Communications System
"{6EBE1892-AAE4-44CF-9E07-758267075FBD}"= TCP:c:\windows\System32\lxdfcoms.exe:Lexmark Communications System
"{43AB0799-91D8-4B22-BAFA-5BCFE353718A}"= UDP:c:\program files\Lexmark 6500 Series\lxdfamon.exe:Lexmark Device Monitor
"{FEE8522C-E656-4C2C-BB55-488349E0FA91}"= TCP:c:\program files\Lexmark 6500 Series\lxdfamon.exe:Lexmark Device Monitor
"{B912CD78-8AE9-43A7-9F43-F9E9B968FD32}"= UDP:c:\program files\Lexmark 6500 Series\frun.exe:Lexmark Productivity Studio
"{65AAB562-9CCE-4A3A-A0C9-69F90DD21AE1}"= TCP:c:\program files\Lexmark 6500 Series\frun.exe:Lexmark Productivity Studio
"{CE123D3C-31BF-4BCF-A027-685844F04668}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{AABDE239-CF0D-4F1C-B16A-03FD48DF863E}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{AA88F802-B1F3-4114-89B0-62D8DDAB6CC0}"= UDP:c:\program files\Lexmark 6500 Series\LXDFFax.exe:Fax software
"{F5D5E2EC-33E2-44C7-832A-006EDB3CF25F}"= TCP:c:\program files\Lexmark 6500 Series\LXDFFax.exe:Fax software
"{BEE2227D-B42B-4035-8657-8CD3A4B76FC3}"= UDP:c:\program files\Lexmark 6500 Series\lxdfmon.exe:Printer Device Monitor
"{C6417755-4A00-4808-B136-A673D5F5BC96}"= TCP:c:\program files\Lexmark 6500 Series\lxdfmon.exe:Printer Device Monitor
"{D302415A-CC65-4493-8336-DC60D97F4299}"= UDP:c:\windows\System32\lxdfcfg.exe:Printer Communication System
"{60A70AC0-FF6C-4BEF-B55F-0AC4D5291DD1}"= TCP:c:\windows\System32\lxdfcfg.exe:Printer Communication System
"{28D88DE1-5388-40E4-A2A2-4AD1EA531C6A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdfpswx.exe:Printer Status Window Interface
"{FA72EE17-F7EA-4BDE-B707-4DC0D2F0F6D5}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdfpswx.exe:Printer Status Window Interface
"{B6146AF3-AC12-4E46-8498-C8DA12DDD4A7}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdfjswx.exe:Job Status Window Interface
"{A7F0FEDB-2CC5-4542-9384-3FC9E05B04AE}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdfjswx.exe:Job Status Window Interface
"TCP Query User{9DF7770E-9561-4B4D-89D2-03859D5E4ABC}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{6F67A97A-6030-46C2-ACD3-F64D66A2D427}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{5A1CFA68-6EAD-469A-8A80-E21F5873105F}"= UDP:8000:winamp
"{5B3BC750-B31E-469C-831E-44E54938A7AF}"= UDP:c:\program files\Winamp\winamp.exe:Winamp
"{97376CFA-01EC-4412-BF1F-AB2B820D5DF8}"= TCP:c:\program files\Winamp\winamp.exe:Winamp
"{A7DE2CED-6E12-439D-A949-20669BBD5D26}"= UDP:c:\program files\TeamViewer3\TeamViewer.exe:TeamViewer 3
"{69F60A85-6465-46D6-A557-9F4790D0C5B6}"= TCP:c:\program files\TeamViewer3\TeamViewer.exe:TeamViewer 3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20090120.001\IDSvix86.sys [2009-01-24 270384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-11 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2008-10-03 37936]
R4 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2006-11-02 22016]
R4 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2006-11-02 22016]
R4 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-06-22 554352]
R4 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R4 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-19 185640]
S4 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdfserv.exe [2007-05-29 99248]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Inhalt des "geplante Tasks" Ordners

2009-01-26 c:\windows\Tasks\Norton Internet Security - Systemprüfung ausführen - zoran.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 08:09]

2009-01-29 c:\windows\Tasks\User_Feed_Synchronization-{93F34BDE-C48A-4D23-A946-F65181BD639D}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=73&bd=Pavilion&pf=laptop
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\zoran\AppData\Roaming\Mozilla\Firefox\Profiles\jluc99lg.default\
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-29 22:56:24
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(672)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(2592)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\system32\APSHook.dll
c:\program files\Bioscrypt\VeriSoft\Bin\ItClient.dll
c:\windows\system32\btmmhook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxdfcoms.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-01-29 23:00:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-01-29 22:00:08

Vor Suchlauf: 16 Verzeichnis(se), 129.734.643.712 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 129,600,847,872 Bytes frei

367

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ubih se oko ovog loga, i ne nalazim nista sporno.
Ima jos nesto sto mi nije jasno. Probacu da saznam, pa javljam da li sam saznao bilo sta korisno.

Dopuna: 02 Feb 2009 19:24

Hajde da probamo nesto.

Idi na Start > Run (Ausfuhren, ili kako vec pise u nemackom Windowsu).
U dijalogu koji se bude otvorio kucaj CMD i klikni na OK.
Otvorice se konzola.
U konzoli kucaj sledece:
ipconfig /flushdns pa stisni Enter
ipconfig /renew pa Enter
ipconfig /registerdns pa Enter

Restartuj kompjuter.

Nakon restarta skeniraj ponovo MBAM-om, pa vidi da li ti ponovo prijavljuje one linije.