Rootkit.Win32.TDSS.d

Rootkit.Win32.TDSS.d

offline
  • Pridružio: 20 Sep 2008
  • Poruke: 14

Pre pad dana sam primetio se System Restore iskljucio i nije hteo ponovo da se upali. Mozilla je pocela sve cesce da se crash-uje, zvuk se uzgubio, laptop zakuca i nakon toga se restartuje sam od sebe! Skenirao sam sa Kasp. i on je pronasao gore naveden virus, ali nije mogao da ga otkloni. Sinoc mi se pojavio BSOD i nisam mogao cak ni iz Safe moda da ga upalim. To sam danas resio preko Vista Startup Repair, ali problem je i dalje tu! Simptomi su isti kao sto sam malo pre naveo! Pokusao sam da nadjem sam resenje da netu, ali ipak nisam mogao, pa sam morao da se obratim vama za pomoc!
Sada cu postovati logove i za sve instrukcije sam tu da ih slepo pratim Smile
Gmerom je skenirao u Safe modu, jer nije hteo da skenira u normalnom rezimu! Hvala


DDS (Ver_10-03-17.01) - NTFSx86
Run by Dada & Vlada at 16:44:16,66 on 11.05.2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3068.2117 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Program Files\3DataManager\3DataManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Users\Dada & Vlada\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com?o=15087&l=dis
uURLSearchHooks: H - No File
BHO: {004a8533-fa17-4b4a-b0af-9053185d3967} - c:\windows\system32\nuxnzluh.dll
BHO: {00676b73-5a48-4d6f-84b0-1669b45eadd5} - c:\windows\system32\nuxnzluh.dll
BHO: {009bbe57-ada2-4a09-b6be-828ef31a9c44} - c:\windows\system32\nuxnzluh.dll
BHO: {00a8212e-f256-4522-bbdb-8397fa298665} - c:\windows\system32\nuxnzluh.dll
BHO: {00f8705e-30ad-4f60-b5a7-e40feb963d95} - c:\windows\system32\nuxnzluh.dll
BHO: {0150425c-f256-4522-bbdb-8397fa298665} - c:\windows\system32\nuxnzluh.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {58f26318-4e8d-42eb-a2e7-f1ecb50b9c62} - c:\windows\system32\txecqix.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [SBPl] c:\program files\sbp\SBPl.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky internet security 2009\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
TCP: {2821F280-DD51-4E74-8D4E-6CFD8EB7E7A1} = 213.94.78.17 213.94.78.16
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\dada&v~1\appdata\roaming\mozilla\firefox\profiles\zf5ch29s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ARS&o=15084&locale=en_US&q=
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\dada & vlada\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2008-7-9 20496]
R2 hhpsanej;Processor Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 24880]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-1 361808]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-27 599344]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 26640]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-14 43552]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-27 40752]
S3 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a7e996cd\AEstSrv.exe [2008-8-27 77824]
S3 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe [2008-7-29 208616]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-31 193840]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-1-25 25088]
S4 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
S4 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-05-11 10:59:44 0 d-----w- c:\program files\Trend Micro
2010-05-10 21:10:35 0 d-----w- c:\program files\GPLGS
2010-05-10 21:09:28 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-05-10 21:09:28 0 d-----w- c:\program files\Acro Software
2010-05-04 19:39:17 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-04 19:38:38 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-04 19:38:23 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-04 19:38:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-04-29 07:34:11 10 ------r- c:\windows\PSTUDIO.SN
2010-04-29 07:29:15 35 ----a-w- c:\windows\A4W.INI
2010-04-29 07:29:15 0 d-----w- c:\windows\A4W_DATA
2010-04-29 07:29:07 0 d-----w- c:\program files\Canon
2010-04-29 07:28:41 28 ----a-w- c:\windows\album.ini
2010-04-29 07:28:41 21 ----a-w- c:\windows\Ps_setup.ini
2010-04-29 07:28:41 1096 ----a-w- c:\windows\pstudio.ini
2010-04-29 07:28:40 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-04-29 07:28:20 328704 ----a-w- c:\windows\IsUn0407.exe
2010-04-29 07:23:44 318976 ----a-w- c:\windows\system32\UCS32P.DLL
2010-04-29 07:23:44 311296 ----a-w- c:\windows\system32\N065UFW.dll
2010-04-29 07:23:44 163888 ----a-w- c:\windows\system32\N065UUD.DLL
2010-04-29 07:23:43 28718 ----a-w- c:\windows\system32\N065UCPL.DLL

==================== Find3M ====================

2010-05-11 14:40:39 9501216 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-11 14:32:05 631814 ----a-w- c:\windows\system32\perfh007.dat
2010-05-11 14:32:05 128450 ----a-w- c:\windows\system32\perfc007.dat
2010-05-11 12:34:04 933920 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-11 12:34:04 78284 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-11 12:34:04 5320 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-04-29 07:23:59 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-29 07:23:58 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-29 07:23:57 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-30 15:25:54 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-26 18:21:14 24440 ----a-w- c:\windows\system32\udcpm.dll
2008-09-05 22:49:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-08-01 06:37:19 36916 ----a-w- c:\windows\inf\perflib\0407\perfd.dat
2008-08-01 06:37:19 36916 ----a-w- c:\windows\inf\perflib\0407\perfc.dat
2008-08-01 06:37:19 290748 ----a-w- c:\windows\inf\perflib\0407\perfi.dat
2008-08-01 06:37:19 290748 ----a-w- c:\windows\inf\perflib\0407\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-08-01 06:43:57 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:45:41,58 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6062

Pozdrav!


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 20 Sep 2008
  • Poruke: 14

Uradio sam kako si rekao!

ComboFix 10-05-11.06 - Dada & Vlada 12.05.2010 16:55:57.1.2 - x86
ausgeführt von:: c:\users\Dada & Vlada\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Ijl11.dll
c:\windows\system32\Memman.vxd
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-12 bis 2010-05-12 ))))))))))))))))))))))))))))))
.

2010-05-12 15:05 . 2010-05-12 15:06 -------- d-----w- c:\users\Dada & Vlada\AppData\Local\temp
2010-05-12 15:05 . 2010-05-12 15:05 -------- d-----w- c:\users\Vlada&Dada\AppData\Local\temp
2010-05-12 15:05 . 2010-05-12 15:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-12 15:05 . 2010-05-12 15:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-11 20:57 . 2010-05-11 22:01 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\3DataManager
2010-05-11 20:56 . 2010-05-11 20:56 -------- d-----w- c:\program files\3DataManager(6)
2010-05-11 10:59 . 2010-05-11 10:59 -------- d-----w- c:\program files\Trend Micro
2010-05-10 21:10 . 2010-05-10 21:10 -------- d-----w- c:\program files\GPLGS
2010-05-10 21:09 . 2010-05-10 21:09 -------- d-----w- c:\program files\Acro Software
2010-05-04 19:39 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-04 19:39 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-04 19:39 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-04 19:39 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-04 19:38 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-05-04 19:38 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-05-04 19:38 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-04 19:38 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-04 19:38 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-04-29 07:29 . 2010-04-29 07:29 -------- d-----w- c:\windows\A4W_DATA
2010-04-29 07:29 . 2010-04-29 07:29 -------- d-----w- c:\program files\Canon
2010-04-29 07:28 . 1995-07-31 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-04-29 07:28 . 2010-04-29 07:28 -------- d-----w- c:\program files\ArcSoft
2010-04-29 07:28 . 1998-10-21 16:43 328704 ----a-w- c:\windows\IsUn0407.exe
2010-04-29 07:23 . 2000-08-10 05:07 163888 ----a-w- c:\windows\system32\N065UUD.DLL
2010-04-29 07:23 . 2000-06-07 01:03 311296 ----a-w- c:\windows\system32\N065UFW.dll
2010-04-29 07:23 . 2000-01-06 19:05 318976 ----a-w- c:\windows\system32\UCS32P.DLL
2010-04-29 07:23 . 2000-04-28 05:07 28718 ----a-w- c:\windows\system32\N065UCPL.DLL

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 14:58 . 2008-08-01 06:37 631814 ----a-w- c:\windows\system32\perfh007.dat
2010-05-12 14:58 . 2008-08-01 06:37 128450 ----a-w- c:\windows\system32\perfc007.dat
2010-05-12 14:47 . 2008-11-12 22:21 9382944 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-12 14:47 . 2008-11-12 22:21 925728 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-12 14:47 . 2008-11-12 22:21 77528 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-12 14:47 . 2008-11-12 22:21 5292 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-12 13:19 . 2010-03-31 21:12 -------- d-----w- c:\programdata\FLEXnet
2010-05-12 13:19 . 2010-02-14 20:58 -------- d-----w- c:\program files\3DataManager
2010-05-12 13:19 . 2009-12-19 09:51 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Winamp
2010-05-12 13:19 . 2009-11-25 15:45 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\uTorrent
2010-05-12 13:19 . 2008-11-18 15:40 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\vlc
2010-05-12 12:26 . 2010-04-11 11:16 -------- d-----w- c:\program files\SBP
2010-05-11 22:24 . 2008-11-12 22:21 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-10 01:23 . 2008-09-06 08:21 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Skype
2010-04-11 17:34 . 2010-02-17 21:42 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-11 17:13 . 2008-11-27 04:05 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Autodesk
2010-04-11 17:13 . 2008-11-27 04:05 -------- d-----w- c:\programdata\Autodesk
2010-04-11 11:16 . 2010-04-11 11:16 766 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_78ec4c3c.exe
2010-04-11 11:16 . 2010-04-11 11:16 207886 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_78d52656.exe
2010-04-11 11:16 . 2010-04-11 11:16 207886 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_689f2d71.exe
2010-04-11 11:05 . 2010-04-11 11:05 -------- d-----w- c:\program files\uTorrent
2010-04-10 13:01 . 2010-04-10 13:01 302656 ----a-w- c:\programdata\Microsoft\VSTAHost\Architecture2010\9.0\1033\ResourceCache.dll
2010-04-10 13:01 . 2010-04-10 13:01 303936 ----a-w- c:\programdata\Microsoft\VSTAHost\Architecture2010\9.0\1031\ResourceCache.dll
2010-04-10 12:58 . 2010-04-10 12:57 -------- d-----w- c:\program files\Autodesk Revit Architecture 2010
2010-04-10 12:57 . 2010-02-18 02:37 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-04-10 12:56 . 2008-07-31 22:16 -------- d-----w- c:\programdata\Microsoft Help
2010-04-10 12:56 . 2010-04-10 12:54 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-04-10 12:55 . 2010-04-10 12:55 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-04-10 12:54 . 2010-04-10 12:54 -------- d-----w- c:\program files\Microsoft SDKs
2010-04-10 12:53 . 2010-04-10 12:30 -------- d-----w- c:\program files\Autodesk
2010-04-10 12:30 . 2008-07-31 22:39 -------- d-----w- c:\program files\Java
2010-04-10 12:30 . 2010-04-10 12:30 10134 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}\_13237EEAE27660A8BE98B7.exe
2010-04-10 12:30 . 2010-04-10 12:30 10134 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}\_09DB3D0C1C9F64C35BEE22.exe
2010-04-10 12:30 . 2010-04-10 12:30 -------- d-----w- c:\program files\Autodesk Network License Manager
2010-04-09 13:41 . 2010-04-09 13:40 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\dvdcss
2010-03-30 15:25 . 2009-01-02 18:25 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-23 17:08 . 2010-03-23 17:08 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\UDC Profiles
2010-03-23 17:07 . 2010-03-23 17:07 -------- d-----w- c:\program files\Universal Document Converter
2010-02-26 18:21 . 2010-03-23 17:07 24440 ----a-w- c:\windows\system32\udcpm.dll
2010-02-18 02:48 . 2008-09-05 18:15 103368 ----a-w- c:\users\Dada & Vlada\AppData\Local\GDIPFONTCACHEV1.DAT
2008-08-01 06:43 . 2008-08-01 06:40 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"SBPl"="c:\program files\SBP\SBPl.exe" [2010-04-11 1290240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Dada & Vlada^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 12:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-12 19:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-14 02:09 13535776 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-14 02:09 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 06:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-03-25 02:28 144784 ----a-w- c:\program files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 13:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-27 717296]
R3 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-11 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-27 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-270948758-3929525095-3818274810-1000Core.job
- c:\users\Dada & Vlada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 18:55]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-270948758-3929525095-3818274810-1000UA.job
- c:\users\Dada & Vlada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 18:55]

2008-09-07 c:\windows\Tasks\User_Feed_Synchronization-{E3C626EB-3C3E-4215-94BB-F4FFB2ED8819}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = google.com
mStart Page = hxxp://de.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dada & Vlada\AppData\Roaming\Mozilla\Firefox\Profiles\zf5ch29s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Dada & Vlada\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-05-12 17:06
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-270948758-3929525095-3818274810-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8542D3E7-F220-2B22-D70C-E5235776379D}*]
"nachdnkdiidngihlnmadabnlfnak"=hex:6b,61,61,6b,61,65,65,64,6c,65,6d,65,64,69,
61,6e,68,67,67,65,6a,6d,00,00
"oamgnndklphknmfofhhakjkalmjjba"=hex:6b,61,61,6b,6e,64,6a,65,67,6e,6d,67,6b,64,
61,62,68,62,6a,70,6a,68,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\DPPWDFLT.dll
.
Zeit der Fertigstellung: 2010-05-12 17:09:48
ComboFix-quarantined-files.txt 2010-05-12 15:09

Vor Suchlauf: 8 Verzeichnis(se), 132.460.412.928 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 132.484.706.304 Bytes frei

- - End Of File - - 62956DFA1D599FB76F6366E8437B7C7E

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6062

Arrow Kazi mi sta ti tacno detektuje Kaspersky?




Arrow Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\program files\SBP

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SBPl"=-

RegNull::
[HKEY_USERS\S-1-5-21-270948758-3929525095-3818274810-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8542D3E7-F220-2B22-D70C-E5235776379D}*]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 20 Sep 2008
  • Poruke: 14

Evo postavicu snapshot Kasp, pa ti pogledaj!



ComboFix 10-05-11.06 - Dada & Vlada 12.05.2010 18:49:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3068.1941 [GMT 2:00]
ausgeführt von:: c:\users\Dada & Vlada\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Dada & Vlada\Desktop\CFScript.txt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SBP
c:\program files\SBP\riched32.dll
c:\program files\SBP\RunAtStartupTool.exe
c:\program files\SBP\SBPl.exe
c:\program files\SBP\vbalflbr6.dll

.
((((((((((((((((((((((( Dateien erstellt von 2010-04-12 bis 2010-05-12 ))))))))))))))))))))))))))))))
.

2010-05-12 16:57 . 2010-05-12 16:57 -------- d-----w- c:\users\Dada & Vlada\AppData\Local\temp
2010-05-12 16:57 . 2010-05-12 16:57 -------- d-----w- c:\users\Vlada&Dada\AppData\Local\temp
2010-05-12 16:57 . 2010-05-12 16:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-12 16:57 . 2010-05-12 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-12 16:57 . 2010-05-12 16:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-12 16:38 . 2010-05-12 16:39 -------- d-----w- c:\windows\LastGood
2010-05-12 16:38 . 2010-05-12 16:38 -------- d-----w- c:\users\Dada & Vlada\{2224488a-7526-4c1e-b0b1-67bd57d34628}
2010-05-11 20:57 . 2010-05-12 16:42 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\3DataManager
2010-05-11 20:56 . 2010-05-11 20:56 -------- d-----w- c:\program files\3DataManager(6)
2010-05-11 10:59 . 2010-05-11 10:59 -------- d-----w- c:\program files\Trend Micro
2010-05-10 21:10 . 2010-05-10 21:10 -------- d-----w- c:\program files\GPLGS
2010-05-10 21:09 . 2010-05-10 21:09 -------- d-----w- c:\program files\Acro Software
2010-05-04 19:39 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-05-04 19:39 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-05-04 19:39 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-04 19:39 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-05-04 19:38 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-05-04 19:38 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-05-04 19:38 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-04 19:38 . 2009-08-06 17:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-04 19:38 . 2009-08-06 16:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-04-29 07:29 . 2010-04-29 07:29 -------- d-----w- c:\windows\A4W_DATA
2010-04-29 07:29 . 2010-04-29 07:29 -------- d-----w- c:\program files\Canon
2010-04-29 07:28 . 1995-07-31 11:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-04-29 07:28 . 2010-04-29 07:28 -------- d-----w- c:\program files\ArcSoft
2010-04-29 07:28 . 1998-10-21 16:43 328704 ----a-w- c:\windows\IsUn0407.exe
2010-04-29 07:23 . 2000-08-10 05:07 163888 ----a-w- c:\windows\system32\N065UUD.DLL
2010-04-29 07:23 . 2000-06-07 01:03 311296 ----a-w- c:\windows\system32\N065UFW.dll
2010-04-29 07:23 . 2000-01-06 19:05 318976 ----a-w- c:\windows\system32\UCS32P.DLL
2010-04-29 07:23 . 2000-04-28 05:07 28718 ----a-w- c:\windows\system32\N065UCPL.DLL

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-12 16:38 . 2008-08-01 06:37 631814 ----a-w- c:\windows\system32\perfh007.dat
2010-05-12 16:38 . 2008-08-01 06:37 128450 ----a-w- c:\windows\system32\perfc007.dat
2010-05-12 16:37 . 2010-02-14 20:58 -------- d-----w- c:\program files\3DataManager
2010-05-12 14:47 . 2008-11-12 22:21 9382944 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-12 14:47 . 2008-11-12 22:21 925728 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-05-12 14:47 . 2008-11-12 22:21 77528 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-05-12 14:47 . 2008-11-12 22:21 5292 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-05-12 13:19 . 2010-03-31 21:12 -------- d-----w- c:\programdata\FLEXnet
2010-05-12 13:19 . 2009-12-19 09:51 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Winamp
2010-05-12 13:19 . 2009-11-25 15:45 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\uTorrent
2010-05-12 13:19 . 2008-11-18 15:40 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\vlc
2010-05-11 22:24 . 2008-11-12 22:21 -------- d-----w- c:\programdata\Kaspersky Lab
2010-05-10 01:23 . 2008-09-06 08:21 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Skype
2010-04-11 17:34 . 2010-02-17 21:42 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-11 17:13 . 2008-11-27 04:05 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\Autodesk
2010-04-11 17:13 . 2008-11-27 04:05 -------- d-----w- c:\programdata\Autodesk
2010-04-11 11:16 . 2010-04-11 11:16 766 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_78ec4c3c.exe
2010-04-11 11:16 . 2010-04-11 11:16 207886 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_78d52656.exe
2010-04-11 11:16 . 2010-04-11 11:16 207886 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{619298EB-D2D1-49C1-8096-88A75CC92E5F}\_689f2d71.exe
2010-04-11 11:05 . 2010-04-11 11:05 -------- d-----w- c:\program files\uTorrent
2010-04-10 13:01 . 2010-04-10 13:01 302656 ----a-w- c:\programdata\Microsoft\VSTAHost\Architecture2010\9.0\1033\ResourceCache.dll
2010-04-10 13:01 . 2010-04-10 13:01 303936 ----a-w- c:\programdata\Microsoft\VSTAHost\Architecture2010\9.0\1031\ResourceCache.dll
2010-04-10 12:58 . 2010-04-10 12:57 -------- d-----w- c:\program files\Autodesk Revit Architecture 2010
2010-04-10 12:57 . 2010-02-18 02:37 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2010-04-10 12:56 . 2008-07-31 22:16 -------- d-----w- c:\programdata\Microsoft Help
2010-04-10 12:56 . 2010-04-10 12:54 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-04-10 12:55 . 2010-04-10 12:55 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-04-10 12:54 . 2010-04-10 12:54 -------- d-----w- c:\program files\Microsoft SDKs
2010-04-10 12:53 . 2010-04-10 12:30 -------- d-----w- c:\program files\Autodesk
2010-04-10 12:30 . 2008-07-31 22:39 -------- d-----w- c:\program files\Java
2010-04-10 12:30 . 2010-04-10 12:30 10134 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}\_13237EEAE27660A8BE98B7.exe
2010-04-10 12:30 . 2010-04-10 12:30 10134 ----a-r- c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Installer\{EAB8A41D-FABA-4569-A0A1-60A8B358D6F1}\_09DB3D0C1C9F64C35BEE22.exe
2010-04-10 12:30 . 2010-04-10 12:30 -------- d-----w- c:\program files\Autodesk Network License Manager
2010-04-09 13:41 . 2010-04-09 13:40 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\dvdcss
2010-03-30 15:25 . 2009-01-02 18:25 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-23 17:08 . 2010-03-23 17:08 -------- d-----w- c:\users\Dada & Vlada\AppData\Roaming\UDC Profiles
2010-03-23 17:07 . 2010-03-23 17:07 -------- d-----w- c:\program files\Universal Document Converter
2010-02-26 18:21 . 2010-03-23 17:07 24440 ----a-w- c:\windows\system32\udcpm.dll
2010-02-18 02:48 . 2008-09-05 18:15 103368 ----a-w- c:\users\Dada & Vlada\AppData\Local\GDIPFONTCACHEV1.DAT
2008-08-01 06:43 . 2008-08-01 06:40 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-05-12_15.06.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-14 20:58 . 2010-05-12 16:37 100864 c:\windows\System32\DriverStore\FileRepository\ewnet.inf_d99a5a85\ewusbnet.sys
+ 2010-02-14 20:58 . 2010-05-12 16:37 101632 c:\windows\System32\DriverStore\FileRepository\ewmdm2k.inf_c02941d9\ewusbmdm.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Dada & Vlada^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Dada & Vlada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 12:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-12 19:56 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-14 02:09 13535776 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-14 02:09 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 06:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-03-25 02:28 144784 ----a-w- c:\program files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 13:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-27 717296]
R3 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [2008-06-27 77824]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
R4 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-02-11 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-08-07 24880]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-04-27 599344]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-14 43552]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-04-27 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
Akamai REG_MULTI_SZ Akamai

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-270948758-3929525095-3818274810-1000Core.job
- c:\users\Dada & Vlada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 18:55]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-270948758-3929525095-3818274810-1000UA.job
- c:\users\Dada & Vlada\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-01 18:55]

2008-09-07 c:\windows\Tasks\User_Feed_Synchronization-{E3C626EB-3C3E-4215-94BB-F4FFB2ED8819}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = google.com
mStart Page = hxxp://de.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dada & Vlada\AppData\Roaming\Mozilla\Firefox\Profiles\zf5ch29s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Dada & Vlada\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-05-12 18:57
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\DPPWDFLT.dll
.
Zeit der Fertigstellung: 2010-05-12 19:01:00
ComboFix-quarantined-files.txt 2010-05-12 17:00

Vor Suchlauf: 14 Verzeichnis(se), 132.958.384.128 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 133.162.127.360 Bytes frei

- - End Of File - - B74F9D949AB8751673A173A32121C559

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6062

Da li ti sad AntiVirus nesto detektuje?

offline
  • Pridružio: 20 Sep 2008
  • Poruke: 14

Smile Sada je sve ok! Skenirao sam ponovo i Kasp. nije nista prijavio!
Racunar sada radi normalno! Hvala ti na pomoci i nadam se da ce ovaj post pomoc jos nekome! Ziveli Smile

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6062

Ok,uradi jos ovo.

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 643 korisnika na forumu :: 26 registrovanih, 4 sakrivenih i 613 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 2967 - dana 31 Okt 2019 06:37

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., bmw335d, BRATORIII, darkangel2, doktor1964, dozorni, duskovuk63, Gama, goxin, ILGromovnik, janezek67, Kubovac, KUZMAR, ladro, ljuba sd, Lošmi, Marko Marković, MB120mm, Miskohd, Toni, Velibor Rado, versus, Vlada1389, voja64, wizzardone, zixo