MyCity » Ambulanta -> Arhiva Ambulante » vise problema

vise problema

Napisano na dan: 13.4.2010

Strana:
1
2
3

vise problema

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

smz Poslao: 13 Apr 2010 22:10 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Imao sam u laptopu svega i svacega te se cesto gasio, firefox se jednostavno iskljuci, bio je spor strasno te sam izbrisao sve sto je bilo od pre i sto sam smatrao da meni nece trebati no sad se desava povremeno da se firefox opet iskljuci a XP radi no kada sam pokrenuo DDS sa desktopa pojavi se crni prozor samo na tren nesto napise i nestane tako da ne mogu uraditi skaniranje sa DDS-om (avira je iskljucena i zone alarm takodje) . Sa gmer-om sam uradio sva tri skaniranja te Vam to prosledjujem.Sumnjam da ima nekih napasti pa da pokusamo to da iskontrolisemo... mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

diarno Poslao: 13 Apr 2010 22:15 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini program RSIT na Desktop: http://images.malwareremoval.com/random/RSIT.exe Pokreni ga dvoklikom a zatim klikni Continue. Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba). Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

Profil

smz Poslao: 14 Apr 2010 08:20 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: uradjeno.... mycity.rs/must-login.png

Profil

diarno Poslao: 14 Apr 2010 11:35 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

smz Poslao: 14 Apr 2010 12:48 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uradjeno i ovo.... ComboFix 10-04-13.04 - Nicole 14.04.2010 12:27:05.1.1 - FAT32x86 ausgeführt von:: c:\dokumente und einstellungen\Nicole\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . c:\dokumente und einstellungen\Nicole\Anwendungsdaten\ACD Systems\ACDSee\ImageDB.ddf c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\WanPacket.dll c:\windows\system32\wpcap.dll c:\windows\Uninstall.ini D:\Autorun.inf c:\windows\system32\kernel32.dll . . . ist infiziert!! . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((( Dateien erstellt von 2010-03-14 bis 2010-04-14 )))))))))))))))))))))))))))))) . 2010-04-15 17:10 . 2010-04-15 17:10 -------- d-----w- C:\FOUND.030 2010-04-14 08:30 . 2010-04-14 08:30 -------- d-----w- c:\programme\Windows Media Connect 2 2010-04-14 08:25 . 2010-04-14 08:25 -------- d-----w- c:\windows\system32\LogFiles 2010-04-14 08:25 . 2010-04-14 08:25 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-04-14 06:15 . 2010-04-14 06:16 -------- d-----w- c:\programme\trend micro 2010-04-14 06:15 . 2010-04-14 06:16 -------- d-----w- C:\rsit 2010-04-12 17:53 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-04-11 12:50 . 2010-04-11 12:50 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\HP . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-17 18:31 . 2006-07-14 05:03 1100 ----a-w- c:\windows\system32\d3d8caps.dat 2010-04-14 10:36 . 2008-07-16 17:42 32 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-04-14 10:36 . 2008-07-16 17:42 32 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-04-14 08:08 . 2010-04-14 08:08 152576 ----a-w- c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Sun\Java\jre1.6.0_17\lzma.dll 2010-04-14 08:07 . 2009-11-15 08:42 79488 ----a-w- c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-13 16:45 . 2010-03-13 16:52 540672 ------w- c:\windows\Internet Logs\xDB34.tmp 2010-03-13 16:45 . 2010-03-13 16:52 2334208 ------w- c:\windows\Internet Logs\xDB35.tmp 2010-03-13 16:30 . 2010-03-13 16:38 24064 ------w- c:\windows\Internet Logs\xDB86E.tmp 2010-03-13 15:50 . 2010-03-13 15:58 540672 ------w- c:\windows\Internet Logs\xDB95C.tmp 2010-03-13 15:50 . 2010-03-13 15:58 2331136 ------w- c:\windows\Internet Logs\xDBAC3.tmp 2010-03-13 15:11 . 2010-03-13 15:18 819200 ------w- c:\windows\Internet Logs\xDB838.tmp 2010-03-13 14:54 . 2010-03-13 15:02 2328576 ------w- c:\windows\Internet Logs\xDB33.tmp 2010-03-11 12:31 . 2004-01-21 16:24 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:31 . 2007-12-07 14:38 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:31 . 1979-12-31 22:00 17408 ------w- c:\windows\system32\corpol.dll 2010-03-05 18:41 . 2010-03-06 06:58 2314752 ------w- c:\windows\Internet Logs\xDBA93.tmp 2010-02-23 15:57 . 2004-11-04 19:43 90112 ----a-w- c:\windows\DUMP9ddb.tmp 2010-02-12 09:03 . 2010-03-06 11:13 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-06 12:48 . 2010-02-05 11:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2005-10-26 15:06 . 2005-10-26 15:06 32 --sha-w- c:\windows\{A9711257-6CE5-4025-BBB2-0FD38D644992}.dat 2005-10-26 15:07 . 2005-10-26 15:07 32 --sha-w- c:\windows\{FFF1854E-06BE-45D1-A6FA-EA1DBBCB7116}.dat 2005-10-26 15:08 . 2005-10-26 15:08 32 --sha-w- c:\windows\{C40F97B3-DDC8-4EA8-A843-DC318D9E7DBE}.dat 2005-10-26 15:06 . 2005-10-26 15:06 32 --sha-w- c:\windows\system32\{7C87DB2A-7102-4955-BB00-4EEAD6A27616}.dat 2005-10-26 15:07 . 2005-10-26 15:07 32 --sha-w- c:\windows\system32\{74DF4E8D-7115-4010-BEE9-64D8CEC520E2}.dat 2005-10-26 15:08 . 2005-10-26 15:08 32 --sha-w- c:\windows\system32\{66C7B972-71D2-43E2-B143-EB655B3F1B11}.dat 2009-09-14 19:44 . 2006-08-06 13:15 952 --sha-w- c:\windows\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . Hinweis leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480] "RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-02 455168] "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-02 455168] "ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968] "LManager"="c:\programme\Launch Manager\QtZgAcer.EXE" [2004-07-05 315392] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128] "HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "RealTray"="c:\programme\Real\RealPlayer\RealPlay.exe" [2005-10-17 26112] "NapsterShell"="c:\programme\Napster\napster.exe" [2008-12-18 323216] "ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424] "wlconfig"="c:\programme\WLAN Monitor\wlconfig.exe" [2006-03-06 1347584] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-07-13 292128] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\Nicole\Startmen\Programme\Autostart\ Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Acrobat Assistant.lnk - c:\programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= R1 SMBHC;Microsoft SM Bus-Hostcontrollertreiber;c:\windows\system32\drivers\smbhc.sys [06.07.2004 14:47 6784] R2 accsvc;AccSys WiFi Component;c:\programme\Gemeinsame Dateien\AccSys\accsvc.exe [07.12.2007 16:59 147456] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [05.02.2010 13:19 108289] R3 SMBBATT;Microsoft Smart Battery-Treiber;c:\windows\system32\drivers\smbbatt.sys [06.07.2004 14:47 16000] S2 XJAIBNLW;XJAIBNLW;\??\c:\windows\System32\xjaibnlw.nnw --> c:\windows\System32\xjaibnlw.nnw [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners 2010-04-14 c:\windows\Tasks\Google Software Updater.job - c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-17 16:59] 2010-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = Arcor AG & Co. KG uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\otzz8vkc.default\ FF - prefs.js: browser.startup.homepage - google.de FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npstrlnk.dll FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX Richtlinien ---- FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - Entfernte verwaiste Registrierungseinträge - - - - HKU-Default-Run-ALUAlert - c:\programme\Symantec\LiveUpdate\ALUNotify.exe HKU-Default-Run-AVG7_Run - c:\progra~1\Grisoft\AVG7\avgw.exe AddRemove-{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1 - c:\programme\ArcorOnline\unins000.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-04-14 12:40 Windows 5.1.2600 Service Pack 3 FAT NTAPI Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XJAIBNLW] "ImagePath"="\??\c:\windows\System32\xjaibnlw.nnw" . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'explorer.exe'(3252) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\brss01a.exe c:\acer\eManager\anbmServ.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programme\Bonjour\mDNSResponder.exe c:\programme\Java\jre6\bin\jqs.exe c:\windows\system32\ZONELABS\vsmon.exe c:\programme\iPod\bin\iPodService.exe c:\windows\System32\wbem\wmiapsrv.exe c:\programme\Gemeinsame Dateien\Teleca Shared\Generic.exe c:\programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************ . Zeit der Fertigstellung: 2010-04-14 12:44:54 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-04-14 10:44 Vor Suchlauf: 2.112.159.744 Bytes frei Nach Suchlauf: 3.542.892.544 Bytes frei WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 43F6064C248BB35CAB070CC5DE302C7E

Profil

diarno Poslao: 14 Apr 2010 21:54 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi sledeci fajl Citat:c:\windows\system32\kernel32.dll Preko sledeceg linka : http://www.mycity.rs/ambulanta-upload.php

Profil

smz Poslao: 15 Apr 2010 19:28 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: poslao sam taj fajl kernel32.dll... E sad nesto sto mi se desilo dok je racunar stajao na stolu a da ga ja nisam uopste koristio (naravno bio je prkljucen na internet). Slucajno pogledam u ekran a tamo aktiviran program DDS i on vrsi skaniranje sto me je iznenadilo jer ja taj program nisam pokretao od pre neki dan kada sam otvarao ovu temu i kada on nije hteo da se pokrene. Evo txt ako je sad od neke koristi DDS (Ver_10-03-17.01) - FAT32x86 Run by at 15:47:09,51 on 14.04.2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.510.257 [GMT 2:00] AV: AVG 0.5.526 On-access scanning enabled (Outdated) {41564737-3200-1071-989B-0000E87B4FB1} AV: AntiVir Desktop On-access scanning enabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FW: ZoneAlarm Firewall enabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe SVCHOST.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Launch Manager\QtZgAcer.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\Real\RealPlayer\RealPlay.exe C:\Programme\Napster\napster.exe C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Programme\WLAN Monitor\wlconfig.exe C:\Programme\QuickTime\QTTask.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Winamp\winampa.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe C:\Acer\eManager\anbmServ.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\DOKUME~1\Nicole\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.de/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = Arcor AG & Co. KG uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\programme\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programme\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.4.4525.1752\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programme\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [LaunchApp] Alaunch mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe mRun: [RemoteControl] c:\programme\cyberlink\powerdvd\PDVDServ.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [ATIPTA] c:\programme\ati technologies\ati control panel\atiptaxx.exe mRun: [LManager] c:\programme\launch manager\QtZgAcer.EXE mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe mRun: [HP Software Update] c:\programme\hp\hp software update\HPWuSchd2.exe mRun: [RealTray] c:\programme\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [NapsterShell] c:\programme\napster\napster.exe /systray mRun: [ZoneAlarm Client] "c:\programme\zone labs\zonealarm\zlclient.exe" mRun: [Sony Ericsson PC Suite] "c:\programme\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions mRun: [wlconfig] "c:\programme\wlan monitor\wlconfig.exe" -autostart mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\programme\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min mRun: [SunJavaUpdateSched] "c:\programme\java\jre6\bin\jusched.exe" mRun: [WinampAgent] c:\programme\winamp\winampa.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\dokume~1\nicole\startm~1\progra~1\autost~1\adobeg~1.lnk - c:\programme\gemeinsame dateien\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\acroba~1.lnk - c:\programme\adobe\acrobat 6.0\distillr\acrotray.exe StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\hpdigi~1.lnk - c:\programme\hp\digital imaging\bin\hpqtra08.exe IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\dokume~1\nicole\anwend~1\mozilla\firefox\profiles\otzz8vkc.default\ FF - prefs.js: browser.startup.homepage - google.de FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\programme\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\programme\mozilla firefox\plugins\npstrlnk.dll FF - plugin: c:\programme\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\programme\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programme\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\programme\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\programme\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\programme\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\programme\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\programme\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programme\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programme\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\programme\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2010-2-5 11608] R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-16 127768] R1 SMBHC;Microsoft SM Bus-Hostcontrollertreiber;c:\windows\system32\drivers\smbhc.sys [2004-7-6 6784] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-11-10 394952] R2 accsvc;AccSys WiFi Component;c:\programme\gemeinsame dateien\accsys\accsvc.exe [2007-12-7 147456] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\avira\antivir desktop\sched.exe [2010-2-5 108289] R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-2-5 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-5 56816] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 SMBBATT;Microsoft Smart Battery-Treiber;c:\windows\system32\drivers\smbbatt.sys [2004-7-6 16000] S2 XJAIBNLW;XJAIBNLW;\??\c:\windows\system32\xjaibnlw.nnw --> c:\windows\system32\xjaibnlw.nnw [?] =============== Created Last 30 ================ 2010-04-15 17:10:58 0 d-----w- C:\FOUND.030 2010-04-14 11:36:37 129784 ------w- c:\windows\system32\pxafs.dll 2010-04-14 11:31:27 0 d-----w- c:\programme\Webteh 2010-04-14 10:25:05 0 d-sha-r- C:\cmdcons 2010-04-14 10:23:46 98816 ----a-w- c:\windows\sed.exe 2010-04-14 10:23:46 77312 ----a-w- c:\windows\MBR.exe 2010-04-14 10:23:46 261632 ----a-w- c:\windows\PEV.exe 2010-04-14 10:23:46 161792 ----a-w- c:\windows\SWREG.exe 2010-04-14 08:30:22 0 d-----w- c:\programme\Windows Media Connect 2 2010-04-14 08:25:23 0 d-----w- c:\windows\system32\LogFiles 2010-04-14 06:15:59 0 d-----w- c:\programme\trend micro 2010-04-12 17:53:37 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe ==================== Find3M ==================== 2010-04-14 11:47:36 32 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-04-14 11:47:36 32 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-03-10 13:17:52 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2010-03-10 13:17:52 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2010-02-23 15:57:24 90112 ----a-w- c:\windows\DUMP9ddb.tmp 2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe 2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll 2010-02-12 09:03:04 293376 ------w- c:\windows\system32\browserchoice.exe 2005-10-26 15:06:40 32 --sha-w- c:\windows\{A9711257-6CE5-4025-BBB2-0FD38D644992}.dat 2005-10-26 15:07:54 32 --sha-w- c:\windows\{FFF1854E-06BE-45D1-A6FA-EA1DBBCB7116}.dat 2005-10-26 15:08:24 32 --sha-w- c:\windows\{C40F97B3-DDC8-4EA8-A843-DC318D9E7DBE}.dat 2005-10-26 15:06:40 32 --sha-w- c:\windows\system32\{7C87DB2A-7102-4955-BB00-4EEAD6A27616}.dat 2005-10-26 15:07:54 32 --sha-w- c:\windows\system32\{74DF4E8D-7115-4010-BEE9-64D8CEC520E2}.dat 2005-10-26 15:08:24 32 --sha-w- c:\windows\system32\{66C7B972-71D2-43E2-B143-EB655B3F1B11}.dat 2009-09-14 19:44:40 952 --sha-w- c:\windows\system32\KGyGaAvL.sys 2008-08-10 16:50:16 32768 --sha-w- c:\windows\system32\config\systemprofile\lokale einstellungen\verlauf\history.ie5\mshist012008081020080811\index.dat ============= FINISH: 15:48:14,99 =============== mycity.rs/must-login.png

Profil

diarno Poslao: 15 Apr 2010 20:04 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nemam ideju sta je pokrenulo DDS.. Ovde se cini sve ok. Uradi sledece : Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\System32\xjaibnlw.nnw Driver:: XJAIBNLW` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

smz Poslao: 16 Apr 2010 07:40 Idi na vrh
offline smz Građanin Pridružio: 18 Mar 2008 Poruke: 57	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradjeno i ovo. Obavestavao me je da iskljucim antivirusne programe sto sam ja i uradio i za AVIRU i za ZONE ALARM ali se oni aktiviraju opet kada combo napravi restart kompijutera. E sad pojavio se jos jednom prozor u kome me obavestava da je antivirus AVG 0.5.526 jos uvek aktivan ali ja to u tom trenutku nisam pronasao gde se nalazi da bi ga iskljucio(doduse nemam ni vremena jer moram na posao) Evo izvestaja...... ComboFix 10-04-15.02 - Nicole 16.04.2010 7:18.2.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.510.208 [GMT 2:00] ausgeführt von:: c:\dokumente und einstellungen\Nicole\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Nicole\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: AVG 0.5.526 On-access scanning enabled (Outdated) {41564737-3200-1071-989B-0000E87B4FB1} FW: ZoneAlarm Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} FILE :: "c:\windows\System32\xjaibnlw.nnw" . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_XJAIBNLW -------\Service_XJAIBNLW ((((((((((((((((((((((( Dateien erstellt von 2010-03-16 bis 2010-04-16 )))))))))))))))))))))))))))))) . 2010-04-16 04:56 . 2010-04-16 04:56 -------- d-----w- c:\windows\LastGood.Tmp 2010-04-15 17:10 . 2010-04-15 17:10 -------- d-----w- C:\FOUND.030 2010-04-14 11:36 . 2006-08-25 03:47 129784 ------w- c:\windows\system32\pxafs.dll 2010-04-14 11:31 . 2010-04-14 11:31 -------- d-----w- c:\programme\Webteh 2010-04-14 08:30 . 2010-04-14 08:30 -------- d-----w- c:\programme\Windows Media Connect 2 2010-04-14 08:25 . 2010-04-14 08:25 -------- d-----w- c:\windows\system32\LogFiles 2010-04-14 08:25 . 2010-04-14 08:25 -------- d-----w- c:\windows\system32\drivers\UMDF 2010-04-14 06:15 . 2010-04-14 06:16 -------- d-----w- c:\programme\trend micro 2010-04-14 06:15 . 2010-04-14 06:16 -------- d-----w- C:\rsit 2010-04-12 17:53 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe 2010-04-11 12:50 . 2010-04-11 12:50 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\HP . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-17 18:31 . 2006-07-14 05:03 1100 ----a-w- c:\windows\system32\d3d8caps.dat 2010-04-16 05:27 . 2008-07-16 17:42 32 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-04-16 05:27 . 2008-07-16 17:42 32 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-04-14 08:08 . 2010-04-14 08:08 152576 ----a-w- c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Sun\Java\jre1.6.0_17\lzma.dll 2010-04-14 08:07 . 2009-11-15 08:42 79488 ----a-w- c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-13 16:45 . 2010-03-13 16:52 540672 ------w- c:\windows\Internet Logs\xDB34.tmp 2010-03-13 16:45 . 2010-03-13 16:52 2334208 ------w- c:\windows\Internet Logs\xDB35.tmp 2010-03-13 16:30 . 2010-03-13 16:38 24064 ------w- c:\windows\Internet Logs\xDB86E.tmp 2010-03-13 15:50 . 2010-03-13 15:58 540672 ------w- c:\windows\Internet Logs\xDB95C.tmp 2010-03-13 15:50 . 2010-03-13 15:58 2331136 ------w- c:\windows\Internet Logs\xDBAC3.tmp 2010-03-13 15:11 . 2010-03-13 15:18 819200 ------w- c:\windows\Internet Logs\xDB838.tmp 2010-03-13 14:54 . 2010-03-13 15:02 2328576 ------w- c:\windows\Internet Logs\xDB33.tmp 2010-03-11 12:31 . 2004-01-21 16:24 832512 ------w- c:\windows\system32\wininet.dll 2010-03-11 12:31 . 2007-12-07 14:38 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:31 . 1979-12-31 22:00 17408 ------w- c:\windows\system32\corpol.dll 2010-03-09 11:09 . 1979-12-31 22:00 430080 ----a-w- c:\windows\system32\vbscript.dll 2010-03-05 18:41 . 2010-03-06 06:58 2314752 ------w- c:\windows\Internet Logs\xDBA93.tmp 2010-02-24 13:11 . 1979-12-31 22:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-23 15:57 . 2004-11-04 19:43 90112 ----a-w- c:\windows\DUMP9ddb.tmp 2010-02-17 12:04 . 1979-12-31 22:00 2192256 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 19:04 . 2002-08-29 01:41 2069120 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 09:03 . 2010-03-06 11:13 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-12 04:33 . 1979-12-31 22:00 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 1979-12-31 22:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2010-02-06 12:48 . 2010-02-05 11:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2005-10-26 15:06 . 2005-10-26 15:06 32 --sha-w- c:\windows\{A9711257-6CE5-4025-BBB2-0FD38D644992}.dat 2005-10-26 15:07 . 2005-10-26 15:07 32 --sha-w- c:\windows\{FFF1854E-06BE-45D1-A6FA-EA1DBBCB7116}.dat 2005-10-26 15:08 . 2005-10-26 15:08 32 --sha-w- c:\windows\{C40F97B3-DDC8-4EA8-A843-DC318D9E7DBE}.dat 2005-10-26 15:06 . 2005-10-26 15:06 32 --sha-w- c:\windows\system32\{7C87DB2A-7102-4955-BB00-4EEAD6A27616}.dat 2005-10-26 15:07 . 2005-10-26 15:07 32 --sha-w- c:\windows\system32\{74DF4E8D-7115-4010-BEE9-64D8CEC520E2}.dat 2005-10-26 15:08 . 2005-10-26 15:08 32 --sha-w- c:\windows\system32\{66C7B972-71D2-43E2-B143-EB655B3F1B11}.dat 2009-09-14 19:44 . 2006-08-06 13:15 952 --sha-w- c:\windows\system32\KGyGaAvL.sys . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . Hinweis leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480] "RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-02 455168] "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-02 455168] "ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968] "LManager"="c:\programme\Launch Manager\QtZgAcer.EXE" [2004-07-05 315392] "HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128] "HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "RealTray"="c:\programme\Real\RealPlayer\RealPlay.exe" [2005-10-17 26112] "NapsterShell"="c:\programme\Napster\napster.exe" [2008-12-18 323216] "ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] "Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424] "wlconfig"="c:\programme\WLAN Monitor\wlconfig.exe" [2006-03-06 1347584] "QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-07-13 292128] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "WinampAgent"="c:\programme\Winamp\winampa.exe" [2007-02-13 35328] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\dokumente und einstellungen\Nicole\Startmen\Programme\Autostart\ Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\ Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Acrobat Assistant.lnk - c:\programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= R1 SMBHC;Microsoft SM Bus-Hostcontrollertreiber;c:\windows\system32\drivers\smbhc.sys [06.07.2004 14:47 6784] R2 accsvc;AccSys WiFi Component;c:\programme\Gemeinsame Dateien\AccSys\accsvc.exe [07.12.2007 16:59 147456] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [05.02.2010 13:19 108289] R3 SMBBATT;Microsoft Smart Battery-Treiber;c:\windows\system32\drivers\smbbatt.sys [06.07.2004 14:47 16000] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhalt des "geplante Tasks" Ordners 2010-04-16 c:\windows\Tasks\Google Software Updater.job - c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-17 16:59] 2010-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mWindow Title = Arcor AG & Co. KG uInternet Settings,ProxyOverride = .local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\otzz8vkc.default\ FF - prefs.js: browser.startup.homepage - google.de FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\programme\Mozilla Firefox\plugins\npstrlnk.dll FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX Richtlinien ---- FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-04-16 07:31 Windows 5.1.2600 Service Pack 3 FAT NTAPI Scanne versteckte Prozesse... Scanne versteckte Autostarteinträge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ********************************************************************** . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'explorer.exe'(2736) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\brss01a.exe c:\acer\eManager\anbmServ.exe c:\programme\Avira\AntiVir Desktop\avguard.exe c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\programme\Bonjour\mDNSResponder.exe c:\programme\Java\jre6\bin\jqs.exe c:\windows\system32\ZONELABS\vsmon.exe c:\programme\iPod\bin\iPodService.exe c:\programme\Gemeinsame Dateien\Teleca Shared\Generic.exe c:\windows\System32\wbem\wmiapsrv.exe c:\programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************ . Zeit der Fertigstellung: 2010-04-16 07:35:47 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-04-16 05:35 ComboFix2.txt 2010-04-14 10:44 Vor Suchlauf: 3.504.570.368 Bytes frei Nach Suchlauf: 3.462.463.488 Bytes frei - - End Of File - - 2CE933E9FD7BC7530764363B4530EC41

Profil

diarno Poslao: 16 Apr 2010 12:39 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sad stanje? Sto se tice AVG-a, ja u logovima ne vidim njegove tragove, verovatno je zaostao neki registry unos. Ignorisi to obavestenje.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » vise problema

Ko je trenutno na forumu

Ukupno su 826 korisnika na forumu :: 8 registrovanih, 0 sakrivenih i 818 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Fabius, goxin, Neutral-M, robytz, Romibrat, SR-3m, TBF1D, wizzardone

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by