MyCity » Ambulanta -> Arhiva Ambulante » da li je ovo normalno ili je virus u pitanju:

da li je ovo normalno ili je virus u pitanju:

Napisano na dan: 14.8.2010

Strana:
1
2

da li je ovo normalno ili je virus u pitanju:

Sledeća strana

Pagination

Odgovori

Strana:
1
2

ramzesV Poslao: 14 Avg 2010 00:50 Idi na vrh
offline ramzesV Građanin Pridružio: 14 Avg 2010 Poruke: 185	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ukljucim seriju da gledam ... zaspem, ali cujem da serija i dalje tece,... probudim se tek player je minimized a otvoren IE sa stranicom download quicktime. verovatno je moguce ali mi se do sad nikad nije dogodilo da se automatski otvori download stranica. jos nesto. brisem iz foldera Temp fajlove, i odjednom mi AV javlja kao recycler je pun virusa i fajlovi su premesteni u karantin. hmmm?

Profil

1l padr1n0 Poslao: 14 Avg 2010 00:55 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav i dobro dosao u Ambulantu MyCity foruma. U ovom delu foruma postoje neka pravila koja moramo postovati. Ukoliko sumnjas da imas malware na racunaru, isprati detaljno uputstvo za otvaranje teme koje se nalazi na ovom link-u (postavi potrebne log-ove u sledecoj poruci): -> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html goran9888 (AMF Tim)

Profil

ramzesV Poslao: 14 Avg 2010 01:19 Idi na vrh
offline ramzesV Građanin Pridružio: 14 Avg 2010 Poruke: 185	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 14 Avg 2010 1:00 da da evo prvo DSS: mycity.rs/must-login.png DDS (Ver_10-03-17.01) - NTFSx86 Run by Miki at 0:56:52,26 on 14.08.2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.1790.1000 [GMT 2:00] AV: ESET NOD32 Antivirus 4.0 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe svchost.exe C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe C:\Programme\Soluto\SolutoService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Soluto\soluto.exe C:\WINDOWS\Explorer.EXE C:\Programme\Launch Manager\LaunchAp.exe C:\Programme\Launch Manager\HotkeyApp.exe C:\Programme\Launch Manager\OSD.exe C:\Programme\Launch Manager\OSDCtrl.exe C:\Programme\Launch Manager\Wbutton.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\uTorrent\uTorrent.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Opera\opera.exe C:\Programme\GRETECH\GomPlayer\GOM.exe C:\Programme\Winamp\winamp.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\Dokumente und Einstellungen\Miki\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\programme\soluto\soluto.exe /userinit BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [uTorrent] "c:\programme\utorrent\uTorrent.exe" mRun: [LaunchAp] c:\programme\launch manager\LaunchAp.exe mRun: [HotkeyApp] c:\programme\launch manager\HotkeyApp.exe mRun: [LMgrVolOSD] c:\programme\launch manager\OSD.exe mRun: [LMgrOSD] c:\programme\launch manager\OSDCtrl.exe mRun: [Wbutton] "c:\programme\launch manager\Wbutton.exe" mRun: [CtrlVol] c:\programme\launch manager\CtrlVol.exe mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [egui] "c:\programme\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe" mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [Malwarebytes' Anti-Malware] "c:\programme\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [iTunesHelper] "c:\programme\itunes\iTunesHelper.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: An OneNote s&enden - /105 IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\programme\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262480044031 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262521954828 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programme\gemeinsame dateien\microsoft shared\office14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360] R2 ekrn;ESET Service;c:\programme\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840] R2 MBAMService;MBAMService;c:\programme\malwarebytes' anti-malware\mbamservice.exe [2010-3-13 304464] R2 SolutoService;Soluto PCGenome Core Service;c:\programme\soluto\SolutoService.exe [2010-6-30 336728] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-13 20952] S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-7-25 179144] S1 mailKmd;mailKmd; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-3 1691480] S3 flash;flash;c:\windows\system32\drivers\flash.sys [2010-1-2 8064] S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [2010-1-3 466048] S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [2010-1-3 13440] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programme\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-5-16 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-5-16 8320] S3 osppsvc;Office Software Protection Platform;c:\programme\gemeinsame dateien\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136] S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-5-16 32377] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 MSSQLServerADHelper100;SQL Server Hilfsdienst fьr Active Directory;c:\programme\microsoft sql server\100\shared\sqladhlp.exe [2009-7-21 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336] S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\programme\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936] =============== Created Last 30 ================ 2010-08-05 17:41:18 0 d-----w- c:\programme\iPod 2010-08-05 17:41:08 0 d-----w- c:\programme\iTunes 2010-08-02 18:07:35 0 d-----w- c:\programme\AssetTracking 2010-07-27 17:29:26 10 ----a-w- c:\windows\system32\kr_done1 2010-07-25 18:26:20 179144 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys 2010-07-25 18:26:17 0 d-----w- c:\programme\Soluto 2010-07-25 18:22:54 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Soluto 2010-07-18 13:58:10 0 d-----w- c:\dokume~1\alluse~1\anwend~1\Innovative Solutions 2010-07-18 13:47:19 0 d-----w- c:\programme\Unknown Device Identifier 2010-07-18 05:06:52 720384 ----a-w- c:\windows\system32\divx.dll 2010-07-18 05:06:50 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest 2010-07-18 05:06:49 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-07-18 05:06:43 0 d-----w- c:\programme\K-Lite Codec Pack ==================== Find3M ==================== 2010-08-11 17:53:50 596496 ----a-w- c:\windows\system32\perfh007.dat 2010-08-11 17:53:50 131014 ----a-w- c:\windows\system32\perfc007.dat 2010-07-05 22:43:34 3200512 ----a-w- c:\windows\system32\x264vfw.dll 2010-07-05 19:37:42 13012 ----a-w- c:\dokumente und einstellungen\miki\Bubblets.dat 2010-06-30 12:28:51 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-27 19:49:05 75776 ----a-w- c:\windows\cadkasdeinst01e.exe 2010-06-24 09:02:00 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-21 15:27:11 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 07:41:35 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-08 16:10:50 790528 ----a-w- c:\windows\system32\xvidcore.dll 2010-06-08 16:10:50 134144 ----a-w- c:\windows\system32\xvidvfw.dll 2010-05-26 16:39:47 106496 ----a-w- c:\windows\DUMP9097.tmp 2010-05-24 06:59:51 106496 ----a-w- c:\windows\DUMP802c.tmp 2010-05-18 14:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 14:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe ============= FINISH: 0:58:06,67 =============== mycity.rs/must-login.png Dopuna: 14 Avg 2010 1:16 ROOTREPEAL mycity.rs/must-login.png nadam se da je ovo dovoljno! Dopuna: 14 Avg 2010 1:19 ako nesto nije u redu sutra (tj danas) cu pokusati ponpvo s gmer-om skenirati. i postaviti fajl

Profil

1l padr1n0 Poslao: 14 Avg 2010 09:52 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio/la uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ---------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

ramzesV Poslao: 14 Avg 2010 11:17 Idi na vrh
offline ramzesV Građanin Pridružio: 14 Avg 2010 Poruke: 185	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo combofix: ComboFix 10-08-12.03 - Miki 14.08.2010 10:51:28.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.1790.1212 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Miki\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\kr_done1 . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_OSPPSVC -------\Service_osppsvc ((((((((((((((((((((((( Dateien erstellt von 2010-07-14 bis 2010-08-14 )))))))))))))))))))))))))))))) . 2010-08-11 21:15 . 2010-08-11 21:15 -------- d-----w- c:\dokumente und einstellungen\Miki\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files 2010-08-05 17:41 . 2010-08-05 17:41 -------- d-----w- c:\programme\iPod 2010-08-05 17:41 . 2010-08-05 17:42 -------- d-----w- c:\programme\iTunes 2010-08-02 18:07 . 2010-08-02 18:07 -------- d-----w- c:\programme\AssetTracking 2010-07-25 18:29 . 2010-08-14 08:57 4600960 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat 2010-07-25 18:26 . 2010-06-30 12:35 179144 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys 2010-07-25 18:26 . 2010-07-25 18:26 -------- d-----w- c:\programme\Soluto 2010-07-25 18:22 . 2010-07-26 17:08 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Soluto 2010-07-18 13:58 . 2010-07-18 13:58 -------- d-----w- c:\dokumente und einstellungen\Miki\Lokale Einstellungen\Anwendungsdaten\Innovative Solutions 2010-07-18 13:58 . 2010-07-18 13:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Innovative Solutions 2010-07-18 13:47 . 2010-07-18 13:47 -------- d-----w- c:\programme\Unknown Device Identifier 2010-07-18 05:15 . 2010-07-18 05:15 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Media Player Classic 2010-07-17 08:41 . 2010-07-17 08:57 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\vlc . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-14 09:06 . 2010-01-11 18:50 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\uTorrent 2010-08-13 23:33 . 2010-01-16 10:35 -------- d-----w- c:\programme\UlisesSoft 2010-08-11 17:53 . 2004-08-04 03:00 596496 ----a-w- c:\windows\system32\perfh007.dat 2010-08-11 17:53 . 2004-08-04 03:00 131014 ----a-w- c:\windows\system32\perfc007.dat 2010-08-11 17:44 . 2010-01-02 23:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-08-06 17:55 . 2010-08-06 17:55 503808 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b1286b6-n\msvcp71.dll 2010-08-06 17:55 . 2010-08-06 17:55 499712 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b1286b6-n\jmc.dll 2010-08-06 17:55 . 2010-08-06 17:55 348160 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b1286b6-n\msvcr71.dll 2010-08-06 17:55 . 2010-08-06 17:55 12800 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5428e2d3-n\decora-d3d.dll 2010-08-06 17:55 . 2010-08-06 17:55 61440 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5428e2d3-n\decora-sse.dll 2010-08-05 17:41 . 2010-01-03 12:42 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple 2010-08-05 17:29 . 2010-08-05 17:29 73000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-08-02 18:08 . 2010-01-02 21:37 72712 ----a-w- c:\dokumente und einstellungen\Miki\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2010-07-25 18:10 . 2010-07-25 18:22 926568 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Soluto\Installer\SolutoInstaller.exe 2010-07-22 22:00 . 2010-01-03 12:18 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\skypePM 2010-07-22 16:40 . 2010-01-03 12:16 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Skype 2010-07-18 21:49 . 2010-01-24 14:05 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Winamp 2010-07-18 14:03 . 2010-02-28 08:47 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Software Informer 2010-07-18 07:15 . 2010-01-24 14:05 -------- d-----w- c:\programme\Winamp 2010-07-18 07:14 . 2010-01-24 14:06 -------- d-----w- c:\programme\Winamp Detect 2010-07-18 05:07 . 2010-07-18 05:06 -------- d-----w- c:\programme\K-Lite Codec Pack 2010-07-14 08:00 . 2010-07-18 05:06 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-07-10 19:22 . 2010-03-31 21:49 -------- d-----w- c:\programme\Opera 2010-07-05 22:43 . 2010-07-18 05:07 3200512 ----a-w- c:\windows\system32\x264vfw.dll 2010-07-05 19:37 . 2010-07-02 21:39 13012 ----a-w- c:\dokumente und einstellungen\Miki\Bubblets.dat 2010-07-03 07:50 . 2010-06-27 22:29 1714354 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1993962763-1637723038-682003330-1003-0.dat 2010-07-03 07:50 . 2010-06-27 22:29 290742 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat 2010-07-02 19:51 . 2010-05-10 20:06 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-02 17:35 . 2010-07-02 17:35 -------- d-----w- c:\programme\Bonjour 2010-06-30 12:28 . 2004-08-04 03:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-27 20:04 . 2010-06-27 20:04 30720 ----a-r- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Microsoft\Installer\{B882DF7E-4EE1-4FB9-9B35-855F5E2BA2AC}\IconB882DF7E1.exe 2010-06-27 20:04 . 2010-06-27 20:04 -------- d-----w- c:\programme\OTrader Software 2010-06-27 20:03 . 2010-06-27 20:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2010-06-27 19:49 . 2010-06-27 19:49 -------- d-----w- c:\programme\Biorhythms 2 2010-06-27 19:49 . 2010-06-27 19:49 75776 ----a-w- c:\windows\cadkasdeinst01e.exe 2010-06-27 16:20 . 2010-06-27 16:06 -------- d-----w- c:\programme\Microsoft SQL Server 2010-06-27 16:15 . 2010-06-27 16:15 -------- d-----w- c:\programme\Microsoft Visual Studio 9.0 2010-06-27 16:13 . 2010-01-02 23:33 -------- d-----w- c:\programme\Microsoft.NET 2010-06-27 16:01 . 2010-06-27 16:01 113440 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\VCExpress\10.0\1031\ResourceCache.dll 2010-06-27 15:55 . 2010-06-27 15:52 -------- d-----w- c:\programme\Microsoft Visual Studio 10.0 2010-06-27 15:52 . 2010-06-27 15:52 -------- d-----w- c:\programme\Microsoft Help Viewer 2010-06-27 15:52 . 2010-06-27 15:52 -------- d-----w- c:\programme\Microsoft SDKs 2010-06-27 15:52 . 2010-06-27 15:52 -------- d-----w- c:\programme\Gemeinsame Dateien\Merge Modules 2010-06-27 15:52 . 2010-01-03 09:55 -------- d-----w- c:\programme\MSBuild 2010-06-27 15:09 . 2010-06-27 15:09 -------- d-----w- c:\programme\TimeAdjuster 2010-06-24 20:27 . 2010-05-13 15:55 -------- d-----w- c:\programme\Nokia 2010-06-24 20:26 . 2010-05-16 11:11 -------- d-----w- c:\programme\NSS 2010-06-24 12:22 . 2004-08-04 03:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2004-08-04 03:00 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-22 21:04 . 2010-06-22 21:00 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Dev-Cpp 2010-06-21 15:27 . 2004-08-04 03:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-04 03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2010-01-02 20:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-04 03:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-08 16:10 . 2010-07-18 05:07 790528 ----a-w- c:\windows\system32\xvidcore.dll 2010-06-08 16:10 . 2010-07-18 05:07 134144 ----a-w- c:\windows\system32\xvidvfw.dll 2010-06-04 17:59 . 2010-06-04 17:59 503808 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-118a2345-n\msvcp71.dll 2010-06-04 17:59 . 2010-06-04 17:59 499712 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-118a2345-n\jmc.dll 2010-06-04 17:59 . 2010-06-04 17:59 348160 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-118a2345-n\msvcr71.dll 2010-06-04 17:59 . 2010-06-04 17:59 61440 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6bc51808-n\decora-sse.dll 2010-06-04 17:59 . 2010-06-04 17:59 12800 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6bc51808-n\decora-d3d.dll 2010-05-26 16:39 . 2010-05-24 07:02 106496 ----a-w- c:\windows\DUMP9097.tmp 2010-05-24 06:59 . 2010-01-02 20:53 106496 ----a-w- c:\windows\DUMP802c.tmp 2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . Hinweis leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] 2009-11-03 19:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\programme\uTorrent\uTorrent.exe" [2010-05-15 322352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2005-07-28 57344] "LMgrVolOSD"="c:\programme\Launch Manager\OSD.exe" [2005-03-16 204800] "LMgrOSD"="c:\programme\Launch Manager\OSDCtrl.exe" [2005-07-25 241664] "Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2005-07-25 81920] "CtrlVol"="c:\programme\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "egui"="c:\programme\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-07-21 141608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Miki^Startmenü^Programme^Autostart^MagicDisc.lnk] path=c:\dokumente und einstellungen\Miki\Startmenü\Programme\Autostart\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Miki^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\dokumente und einstellungen\Miki\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2009-09-26 21:32 83312 ----a-w- c:\programme\Microsoft Office\Office14\BCSSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 12:39 1289000 ----a-w- c:\programme\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 13:53 141608 ----a-w- c:\programme\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2009-11-03 20:06 649072 ----a-w- c:\programme\Microsoft Office\Office14\MSOSYNC.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] 2007-07-26 11:28 105544 -c--a-w- c:\programme\Pinnacle\TVCenter Pro\PMCLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\programme\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2005-11-10 02:44 557056 ----a-w- c:\windows\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Total CMA Pack] 2009-09-01 15:18 43255 ----a-w- c:\programme\Total CMA Pack\Total CMA Pack.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-05-15 12:13 322352 ----a-w- c:\programme\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "osppsvc"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Opera\\opera.exe"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programme\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Programme\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Programme\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\Soluto\\Soluto.exe"= "c:\\Programme\\Soluto\\SolutoService.exe"= "c:\\Programme\\Soluto\\SolutoConsole.exe"= "c:\\Programme\\Soluto\\SolutoUpdateService.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.05.2009 16:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.05.2009 16:49 94360] R2 ekrn;ESET Service;c:\programme\ESET\ESET NOD32 Antivirus\ekrn.exe [14.05.2009 16:47 731840] R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [13.03.2010 10:50 304464] R2 SolutoService;Soluto PCGenome Core Service;c:\programme\Soluto\SolutoService.exe [30.06.2010 16:08 336728] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.03.2010 10:50 20952] S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [25.07.2010 20:26 179144] S1 mailKmd;mailKmd; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03.01.2010 00:04 1691480] S3 flash;flash;c:\windows\system32\drivers\flash.sys [02.01.2010 23:18 8064] S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [03.01.2010 12:42 466048] S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [03.01.2010 12:42 13440] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programme\Microsoft Office\Office14\GROOVE.EXE [29.10.2009 10:22 30603640] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.05.2010 13:41 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.05.2010 13:42 8320] S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [16.05.2010 13:11 32377] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504] S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\programme\Microsoft SQL Server\100\Shared\sqladhlp.exe [21.07.2009 04:04 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.03.2009 03:09 239336] S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.03.2009 03:23 366936] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhalt des "geplante Tasks" Ordners 2010-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-08-14 c:\windows\Tasks\User_Feed_Synchronization-{3FD164F6-86EE-48EC-BD28-54F860326EA2}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = .local IE: An OneNote s&enden - /105 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL . - - - - Entfernte verwaiste Registrierungseinträge - - - - MSConfigStartUp-Octoshape Streaming Services - c:\dokumente und einstellungen\Miki\Anwendungsdaten\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe MSConfigStartUp-WinampAgent - c:\programme\Winamp\winampa.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-08-14 11:00 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\programme\Launch Manager\CtrlVol.exe?????0???\??????\|x??\|????q??\|?j?wQj?w????????,??? ???????????????d??????\|????????p?????@????????????????s???????s???sx??s@??????????????\|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?s?D???6@??D????????? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ********************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1908-) c:\progra~1\MICROS~2\Office14\1031\GrooveIntlResource.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\Ati2evxx.exe c:\programme\Soluto\soluto.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe c:\programme\iPod\bin\iPodService.exe c:\windows\RTHDCPL.EXE c:\windows\system32\logon.scr . ************************************************************************ . Zeit der Fertigstellung: 2010-08-14 11:10:43 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-08-14 09:10 Vor Suchlauf: 7.982.002.176 Bytes frei Nach Suchlauf: 8.087.080.960 Bytes frei - - End Of File - - 62C1CF213964CCF0192509A62774B934

Profil

1l padr1n0 Poslao: 14 Avg 2010 12:04 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislim da se nismo dobro razumeli. -Detaljno prati moja uputstva, nemoj raditi nista na "svoju ruku" Isprati opet uputstvo za Combo Fix, download-uj novu verziju CF-a sa link-a i izvrsi scan-iranje. U sledecoj poruci mi postavi potreban log. goran9888 (AMF Tim)

Profil

ramzesV Poslao: 14 Avg 2010 13:10 Idi na vrh
offline ramzesV Građanin Pridružio: 14 Avg 2010 Poruke: 185	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! valjda je sad dobro: ComboFix 10-08-12.03 - Miki 14.08.2010 12:50:07.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.43.1031.18.1790.1173 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Miki\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((( Dateien erstellt von 2010-07-14 bis 2010-08-14 )))))))))))))))))))))))))))))) . 2010-08-11 21:15 . 2010-08-11 21:15 -------- d-----w- c:\dokumente und einstellungen\Miki\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files 2010-08-06 17:55 . 2010-08-06 17:55 503808 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b1286b6-n\msvcp71.dll 2010-08-06 17:55 . 2010-08-06 17:55 499712 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b1286b6-n\jmc.dll 2010-08-06 17:55 . 2010-08-06 17:55 348160 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1b1286b6-n\msvcr71.dll 2010-08-06 17:55 . 2010-08-06 17:55 12800 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5428e2d3-n\decora-d3d.dll 2010-08-06 17:55 . 2010-08-06 17:55 61440 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5428e2d3-n\decora-sse.dll 2010-08-05 17:41 . 2010-08-05 17:41 -------- d-----w- c:\programme\iPod 2010-08-05 17:41 . 2010-08-05 17:42 -------- d-----w- c:\programme\iTunes 2010-08-05 17:29 . 2010-08-05 17:29 73000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-08-02 18:07 . 2010-08-02 18:07 -------- d-----w- c:\programme\AssetTracking 2010-07-25 18:29 . 2010-08-14 08:57 4600960 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat 2010-07-25 18:26 . 2010-06-30 12:35 179144 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys 2010-07-25 18:26 . 2010-07-25 18:26 -------- d-----w- c:\programme\Soluto 2010-07-25 18:22 . 2010-07-25 18:10 926568 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Soluto\Installer\SolutoInstaller.exe 2010-07-25 18:22 . 2010-07-26 17:08 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Soluto 2010-07-18 13:58 . 2010-07-18 13:58 -------- d-----w- c:\dokumente und einstellungen\Miki\Lokale Einstellungen\Anwendungsdaten\Innovative Solutions 2010-07-18 13:58 . 2010-07-18 13:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Innovative Solutions 2010-07-18 13:47 . 2010-07-18 13:47 -------- d-----w- c:\programme\Unknown Device Identifier 2010-07-18 05:15 . 2010-07-18 05:15 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Media Player Classic 2010-07-17 08:41 . 2010-07-17 08:57 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\vlc . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-14 10:43 . 2010-01-11 18:50 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\uTorrent 2010-08-13 23:33 . 2010-01-16 10:35 -------- d-----w- c:\programme\UlisesSoft 2010-08-11 17:53 . 2004-08-04 03:00 596496 ----a-w- c:\windows\system32\perfh007.dat 2010-08-11 17:53 . 2004-08-04 03:00 131014 ----a-w- c:\windows\system32\perfc007.dat 2010-08-11 17:44 . 2010-01-02 23:30 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-08-05 17:41 . 2010-01-03 12:42 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple 2010-08-02 18:08 . 2010-01-02 21:37 72712 ----a-w- c:\dokumente und einstellungen\Miki\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT 2010-07-22 22:00 . 2010-01-03 12:18 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\skypePM 2010-07-22 16:40 . 2010-01-03 12:16 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Skype 2010-07-18 21:49 . 2010-01-24 14:05 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Winamp 2010-07-18 14:03 . 2010-02-28 08:47 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Software Informer 2010-07-18 07:15 . 2010-01-24 14:05 -------- d-----w- c:\programme\Winamp 2010-07-18 07:14 . 2010-01-24 14:06 -------- d-----w- c:\programme\Winamp Detect 2010-07-18 05:07 . 2010-07-18 05:06 -------- d-----w- c:\programme\K-Lite Codec Pack 2010-07-14 08:00 . 2010-07-18 05:06 108032 ----a-w- c:\windows\system32\ff_vfw.dll 2010-07-10 19:22 . 2010-03-31 21:49 -------- d-----w- c:\programme\Opera 2010-07-05 22:43 . 2010-07-18 05:07 3200512 ----a-w- c:\windows\system32\x264vfw.dll 2010-07-05 19:37 . 2010-07-02 21:39 13012 ----a-w- c:\dokumente und einstellungen\Miki\Bubblets.dat 2010-07-03 07:50 . 2010-06-27 22:29 1714354 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1993962763-1637723038-682003330-1003-0.dat 2010-07-03 07:50 . 2010-06-27 22:29 290742 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat 2010-07-02 19:51 . 2010-05-10 20:06 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-02 17:35 . 2010-07-02 17:35 -------- d-----w- c:\programme\Bonjour 2010-06-30 12:28 . 2004-08-04 03:00 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-27 20:04 . 2010-06-27 20:04 30720 ----a-r- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Microsoft\Installer\{B882DF7E-4EE1-4FB9-9B35-855F5E2BA2AC}\IconB882DF7E1.exe 2010-06-27 20:04 . 2010-06-27 20:04 -------- d-----w- c:\programme\OTrader Software 2010-06-27 20:03 . 2010-06-27 20:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Wise Installation Wizard 2010-06-27 19:49 . 2010-06-27 19:49 -------- d-----w- c:\programme\Biorhythms 2 2010-06-27 19:49 . 2010-06-27 19:49 75776 ----a-w- c:\windows\cadkasdeinst01e.exe 2010-06-27 16:20 . 2010-06-27 16:06 -------- d-----w- c:\programme\Microsoft SQL Server 2010-06-27 16:15 . 2010-06-27 16:15 -------- d-----w- c:\programme\Microsoft Visual Studio 9.0 2010-06-27 16:13 . 2010-01-02 23:33 -------- d-----w- c:\programme\Microsoft.NET 2010-06-27 16:01 . 2010-06-27 16:01 113440 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\VCExpress\10.0\1031\ResourceCache.dll 2010-06-27 15:55 . 2010-06-27 15:52 -------- d-----w- c:\programme\Microsoft Visual Studio 10.0 2010-06-27 15:52 . 2010-06-27 15:52 -------- d-----w- c:\programme\Microsoft Help Viewer 2010-06-27 15:52 . 2010-06-27 15:52 -------- d-----w- c:\programme\Microsoft SDKs 2010-06-27 15:52 . 2010-06-27 15:52 -------- d-----w- c:\programme\Gemeinsame Dateien\Merge Modules 2010-06-27 15:52 . 2010-01-03 09:55 -------- d-----w- c:\programme\MSBuild 2010-06-27 15:09 . 2010-06-27 15:09 -------- d-----w- c:\programme\TimeAdjuster 2010-06-24 20:27 . 2010-05-13 15:55 -------- d-----w- c:\programme\Nokia 2010-06-24 20:26 . 2010-05-16 11:11 -------- d-----w- c:\programme\NSS 2010-06-24 12:22 . 2004-08-04 03:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-24 09:02 . 2004-08-04 03:00 1852032 ----a-w- c:\windows\system32\win32k.sys 2010-06-22 21:04 . 2010-06-22 21:00 -------- d-----w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Dev-Cpp 2010-06-21 15:27 . 2004-08-04 03:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2004-08-04 03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2010-01-02 20:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2004-08-04 03:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-08 16:10 . 2010-07-18 05:07 790528 ----a-w- c:\windows\system32\xvidcore.dll 2010-06-08 16:10 . 2010-07-18 05:07 134144 ----a-w- c:\windows\system32\xvidvfw.dll 2010-06-04 17:59 . 2010-06-04 17:59 503808 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-118a2345-n\msvcp71.dll 2010-06-04 17:59 . 2010-06-04 17:59 499712 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-118a2345-n\jmc.dll 2010-06-04 17:59 . 2010-06-04 17:59 348160 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-118a2345-n\msvcr71.dll 2010-06-04 17:59 . 2010-06-04 17:59 61440 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6bc51808-n\decora-sse.dll 2010-06-04 17:59 . 2010-06-04 17:59 12800 ----a-w- c:\dokumente und einstellungen\Miki\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6bc51808-n\decora-d3d.dll 2010-05-26 16:39 . 2010-05-24 07:02 106496 ----a-w- c:\windows\DUMP9097.tmp 2010-05-24 06:59 . 2010-01-02 20:53 106496 ----a-w- c:\windows\DUMP802c.tmp 2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . Hinweis leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] 2009-11-03 19:12 556432 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\programme\uTorrent\uTorrent.exe" [2010-05-15 322352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2005-07-28 57344] "LMgrVolOSD"="c:\programme\Launch Manager\OSD.exe" [2005-03-16 204800] "LMgrOSD"="c:\programme\Launch Manager\OSDCtrl.exe" [2005-07-25 241664] "Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2005-07-25 81920] "CtrlVol"="c:\programme\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "egui"="c:\programme\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-07-21 141608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Miki^Startmenü^Programme^Autostart^MagicDisc.lnk] path=c:\dokumente und einstellungen\Miki\Startmenü\Programme\Autostart\MagicDisc.lnk backup=c:\windows\pss\MagicDisc.lnkStartup [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Miki^Startmenü^Programme^Autostart^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk] path=c:\dokumente und einstellungen\Miki\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2009-09-26 21:32 83312 ----a-w- c:\programme\Microsoft Office\Office14\BCSSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent] 2006-11-13 12:39 1289000 ----a-w- c:\programme\Microsoft ActiveSync\wcescomm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-07-21 13:53 141608 ----a-w- c:\programme\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess] 2009-11-03 20:06 649072 ----a-w- c:\programme\Microsoft Office\Office14\MSOSYNC.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] 2007-07-26 11:28 105544 -c--a-w- c:\programme\Pinnacle\TVCenter Pro\PMCLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-17 19:53 421888 ----a-w- c:\programme\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2005-11-10 02:44 557056 ----a-w- c:\windows\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Total CMA Pack] 2009-09-01 15:18 43255 ----a-w- c:\programme\Total CMA Pack\Total CMA Pack.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2010-05-15 12:13 322352 ----a-w- c:\programme\uTorrent\uTorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "osppsvc"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Opera\\opera.exe"= "c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Programme\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Programme\\Microsoft Office\\Office14\\GROOVE.EXE"= "c:\\Programme\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Programme\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= "c:\\Programme\\Soluto\\Soluto.exe"= "c:\\Programme\\Soluto\\SolutoService.exe"= "c:\\Programme\\Soluto\\SolutoConsole.exe"= "c:\\Programme\\Soluto\\SolutoUpdateService.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.05.2009 16:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.05.2009 16:49 94360] R2 ekrn;ESET Service;c:\programme\ESET\ESET NOD32 Antivirus\ekrn.exe [14.05.2009 16:47 731840] R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [13.03.2010 10:50 304464] R2 SolutoService;Soluto PCGenome Core Service;c:\programme\Soluto\SolutoService.exe [30.06.2010 16:08 336728] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.03.2010 10:50 20952] S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [25.07.2010 20:26 179144] S1 mailKmd;mailKmd; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03.01.2010 00:04 1691480] S3 flash;flash;c:\windows\system32\drivers\flash.sys [02.01.2010 23:18 8064] S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [03.01.2010 12:42 466048] S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [03.01.2010 12:42 13440] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\programme\Microsoft Office\Office14\GROOVE.EXE [29.10.2009 10:22 30603640] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.05.2010 13:41 137344] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.05.2010 13:42 8320] S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [16.05.2010 13:11 32377] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504] S4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\programme\Microsoft SQL Server\100\Shared\sqladhlp.exe [21.07.2009 04:04 47128] S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.03.2009 03:09 239336] S4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.03.2009 03:23 366936] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhalt des "geplante Tasks" Ordners 2010-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2010-08-14 c:\windows\Tasks\User_Feed_Synchronization-{3FD164F6-86EE-48EC-BD28-54F860326EA2}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = .local IE: An OneNote s&enden - /105 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-08-14 13:00 Windows 5.1.2600 Service Pack 3 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\programme\Launch Manager\CtrlVol.exe?????0???\??????\|x??\|????q??\|?j?wQj?w????????,??? ???????????????d??????\|????????p?????@????????????????s???????s???sx??s@??????????????\|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?s?D???6@??D????????? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************ . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'winlogon.exe'(672) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2188-) c:\progra~1\MICROS~2\Office14\1031\GrooveIntlResource.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Zeit der Fertigstellung: 2010-08-14 13:08:42 ComboFix-quarantined-files.txt 2010-08-14 11:08 ComboFix2.txt 2010-08-14 09:10 Vor Suchlauf: 16 Verzeichnis(se), 10.871.451.648 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 10.852.933.632 Bytes frei - - End Of File - - 47723F27FA14193492B958CCFDE84847

Profil

1l padr1n0 Poslao: 14 Avg 2010 13:15 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Idemo dalje... ------------------------------------------------------------------------------- Download-uj program MBRCheck na Desktop MBRCheck Download Link Deaktiviraj zastitni softver (uputstvo) Pokreni program dvoklikom Ukoliko program detektuje neke nepravilnosti u MBR-u, ispisace ti sta je problem (pazljivo procitaj) i u tom slucaju pritisni N pa Enter(dva puta) Ukoliko nista nije nadjeno, pritisni Enter (jednom) Na Desktop-u bi nakon ovog postupka trebalo da se pojavi txt file pod imenom MBRCheck_mm.dd.yy_hh.mm.ss (mm.dd.yy.hh.mm.ss < -- oznacavaju datum i vreme pokretanja programa) Okaci sadrzaj ovog txt file-a. goran9888 (AMF Tim)

Profil

ramzesV Poslao: 14 Avg 2010 13:46 Idi na vrh
offline ramzesV Građanin Pridružio: 14 Avg 2010 Poruke: 185	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000001c Kernel Drivers (total 139): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D1000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xB9F78000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB9F67000 pci.sys 0xBA0A8000 isapnp.sys 0xBA0B8000 ohci1394.sys 0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xBA4BC000 compbatt.sys 0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS 0xBA670000 pciide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0D8000 MountMgr.sys 0xB9F48000 ftdisk.sys 0xBA5AC000 dmload.sys 0xB9F22000 dmio.sys 0xBA4C4000 ACPIEC.sys 0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 0xBA330000 PartMgr.sys 0xBA0E8000 VolSnap.sys 0xB9F0A000 atapi.sys 0xBA0F8000 disk.sys 0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9EEA000 fltmgr.sys 0xB9ED8000 sr.sys 0xBA118000 PxHelp20.sys 0xB9E91000 KSecDD.sys 0xB9E7E000 WudfPf.sys 0xB9DF1000 Ntfs.sys 0xB9DC4000 NDIS.sys 0xBA128000 Combo-Fix.sys 0xB9DAA000 Mup.sys 0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xBA168000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xBA578000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0xB9285000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xB9271000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB91FE000 \SystemRoot\system32\DRIVERS\ar5211.sys 0xBA3E8000 \SystemRoot\system32\DRIVERS\usbohci.sys 0xB91DA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA3F0000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xBA178000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA3F8000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0xB91B2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xBA188000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA400000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xB917B000 \SystemRoot\system32\DRIVERS\SynTP.sys 0xBA5D0000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xBA198000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS 0xB910A000 \SystemRoot\System32\Drivers\wdf01000.sys 0xBA408000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA580000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0xB90F6000 \SystemRoot\system32\DRIVERS\sdbus.sys 0xBA1A8000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0xB90E2000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0xB9091000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0xBA7C5000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA1B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xBA590000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB9052000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA1C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA1D8000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA410000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB9041000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA1E8000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA418000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA420000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB9011000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xBA1F8000 \SystemRoot\system32\DRIVERS\termdd.sys 0xB8FF4000 \SystemRoot\system32\DRIVERS\mcdbus.sys 0xB8FDC000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS 0xBA5D2000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB8FB9000 \SystemRoot\system32\DRIVERS\ks.sys 0xB8F5B000 \SystemRoot\system32\DRIVERS\update.sys 0xB9D60000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA218000 \SystemRoot\system32\DRIVERS\redbook.sys 0xBA258000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xA8845000 \SystemRoot\system32\drivers\RtkHDAud.sys 0xA8821000 \SystemRoot\system32\drivers\portcls.sys 0xBA278000 \SystemRoot\system32\drivers\drmk.sys 0xA8750000 \SystemRoot\system32\DRIVERS\smserial.sys 0xBA430000 \SystemRoot\System32\Drivers\Modem.SYS 0xBA5DA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA6B9000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5DC000 \SystemRoot\System32\Drivers\Beep.SYS 0xA870B000 \SystemRoot\system32\DRIVERS\ehdrv.sys 0xBA458000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA460000 \SystemRoot\System32\drivers\vga.sys 0xBA5DE000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5E0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA468000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA470000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB9069000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xA86D8000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xA867F000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xA8657000 \SystemRoot\system32\DRIVERS\netbt.sys 0xA863E000 \SystemRoot\system32\DRIVERS\epfwtdir.sys 0xA861C000 \SystemRoot\System32\drivers\afd.sys 0xBA288000 \SystemRoot\system32\DRIVERS\netbios.sys 0xA85F1000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xA8581000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xB8F4B000 \SystemRoot\System32\Drivers\Hotkey.SYS 0xBA2A8000 \SystemRoot\System32\Drivers\Fips.SYS 0xA8493000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xBA2B8000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xBA2C8000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xB8F33000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xBA2D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xA8EF6000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xBA308000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xA847B000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA5EE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xA872C000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA4A0000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA766000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF054000 \SystemRoot\System32\ati2cqag.dll 0xBF093000 \SystemRoot\System32\atikvmag.dll 0xBF0C9000 \SystemRoot\System32\ati3duag.dll 0xBF34D000 \SystemRoot\System32\ativvaxx.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xA61FF000 \SystemRoot\system32\DRIVERS\eamon.sys 0xA8728000 \??\C:\WINDOWS\system32\drivers\mbam.sys 0xA61AF000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA5F52000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xA5E0B000 \SystemRoot\system32\DRIVERS\srv.sys 0xA5B26000 \SystemRoot\system32\drivers\wdmaud.sys 0xA5D3B000 \SystemRoot\system32\drivers\sysaudio.sys 0xBA498000 \??\C:\DOKUME~1\Miki\LOKALE~1\Temp\mbr.sys 0xA5E8A000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys 0xBA488000 \??\C:\ComboFix\catchme.sys 0xBA640000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xA4F8D000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 47): 0 System Idle Process 4 System 580 C:\WINDOWS\system32\smss.exe 632 csrss.exe 672 C:\WINDOWS\system32\winlogon.exe 716 C:\WINDOWS\system32\services.exe 728 C:\WINDOWS\system32\lsass.exe 880 C:\WINDOWS\system32\ati2evxx.exe 896 C:\WINDOWS\system32\svchost.exe 968 PresentationFontCache.exe 1000 svchost.exe 1040 C:\WINDOWS\system32\svchost.exe 1088 C:\WINDOWS\system32\svchost.exe 1248 svchost.exe 1272 svchost.exe 1444 C:\WINDOWS\system32\spoolsv.exe 1600 svchost.exe 1656 svchost.exe 1700 C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe 1740 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe 1816 C:\Programme\Soluto\SolutoService.exe 1900 C:\WINDOWS\system32\svchost.exe 496 alg.exe 1496 C:\WINDOWS\system32\ati2evxx.exe 1612 C:\Programme\Soluto\Soluto.exe 460 wmiprvse.exe 2664 C:\Programme\Launch Manager\LaunchAp.exe 2740 C:\Programme\Launch Manager\HotkeyApp.exe 2748 C:\Programme\Launch Manager\OSD.exe 2760 C:\Programme\Launch Manager\OSDCtrl.exe 2776 C:\Programme\Launch Manager\WButton.exe 2792 C:\Programme\ATI Technologies\ATI.ACE\CLI.exe 2804 C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe 2836 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe 2844 C:\WINDOWS\system32\rundll32.exe 2856 C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe 2876 C:\Programme\iTunes\iTunesHelper.exe 3560 C:\Programme\iPod\bin\iPodService.exe 832 C:\Programme\ATI Technologies\ATI.ACE\CLI.exe 1520 C:\Programme\ATI Technologies\ATI.ACE\CLI.exe 4072 C:\WINDOWS\RTHDCPL.EXE 3888 C:\PROGRA~1\MICROS~4\rapimgr.exe 3512 C:\Programme\Microsoft ActiveSync\wcescomm.exe 3332 C:\WINDOWS\system32\wscntfy.exe 2188 C:\WINDOWS\explorer.exe 2112 C:\WINDOWS\system32\wuauclt.exe 2560 C:\Dokumente und Einstellungen\Miki\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: WDCWD800VE-07HDT0, Rev: 09.07D09 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11 Done!

Profil

1l padr1n0 Poslao: 14 Avg 2010 15:05 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je stanje racunara sada? Da li si primetio probleme? ----------------------------------------------------------------------- Preuzmi Rootkit Unhooker na Desktop. Dvoklikom pokreni program; odaberi Report karticu; klikni Scan i u prozoru koji se otvori štrikliraj stavke: Drivers Stealth Code klikni OK i sačekaj završetak skeniranja. Kada skeniranje bude završeno, klikni File > Save Report i sačuvaj izveštaj. Izveštaj programa Rootkit Unhooker priloži uz poruku korišćenjem opcije Prikači fajl.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » da li je ovo normalno ili je virus u pitanju:

Ko je trenutno na forumu

Ukupno su 631 korisnika na forumu :: 19 registrovanih, 0 sakrivenih i 612 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: bojank, Bubimir, comi_pfc, Dannyboy, DonRumataEstorski, Georgius, hyla, ILGromovnik, Istman, JimmyNapoli, Karla, kybonacci, Mixelotti, Prašinar, robert1979, sasa87, Skywhaler, Srky Boy, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by