vise problema

1

vise problema

offline
  • smz 
  • Građanin
  • Pridružio: 18 Mar 2008
  • Poruke: 57

Imao sam u laptopu svega i svacega te se cesto gasio, firefox se jednostavno iskljuci, bio je spor strasno te sam izbrisao sve sto je bilo od pre i sto sam smatrao da meni nece trebati no sad se desava povremeno da se firefox opet iskljuci a XP radi no kada sam pokrenuo DDS sa desktopa pojavi se crni prozor samo na tren nesto napise i nestane tako da ne mogu uraditi skaniranje sa DDS-om (avira je iskljucena i zone alarm takodje) . Sa gmer-om sam uradio sva tri skaniranja te Vam to prosledjujem.Sumnjam da ima nekih napasti pa da pokusamo to da iskontrolisemo...
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Skini program RSIT na Desktop:

http://images.malwareremoval.com/random/RSIT.exe


Pokreni ga dvoklikom a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

offline
  • smz 
  • Građanin
  • Pridružio: 18 Mar 2008
  • Poruke: 57

uradjeno....
mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • smz 
  • Građanin
  • Pridružio: 18 Mar 2008
  • Poruke: 57

uradjeno i ovo....

ComboFix 10-04-13.04 - Nicole 14.04.2010 12:27:05.1.1 - FAT32x86
ausgeführt von:: c:\dokumente und einstellungen\Nicole\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Nicole\Anwendungsdaten\ACD Systems\ACDSee\ImageDB.ddf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\Uninstall.ini
D:\Autorun.inf

c:\windows\system32\kernel32.dll . . . ist infiziert!!

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((( Dateien erstellt von 2010-03-14 bis 2010-04-14 ))))))))))))))))))))))))))))))
.

2010-04-15 17:10 . 2010-04-15 17:10 -------- d-----w- C:\FOUND.030
2010-04-14 08:30 . 2010-04-14 08:30 -------- d-----w- c:\programme\Windows Media Connect 2
2010-04-14 08:25 . 2010-04-14 08:25 -------- d-----w- c:\windows\system32\LogFiles
2010-04-14 08:25 . 2010-04-14 08:25 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-14 06:15 . 2010-04-14 06:16 -------- d-----w- c:\programme\trend micro
2010-04-14 06:15 . 2010-04-14 06:16 -------- d-----w- C:\rsit
2010-04-12 17:53 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-11 12:50 . 2010-04-11 12:50 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\HP

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 18:31 . 2006-07-14 05:03 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-14 10:36 . 2008-07-16 17:42 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-14 10:36 . 2008-07-16 17:42 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-14 08:08 . 2010-04-14 08:08 152576 ----a-w- c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Sun\Java\jre1.6.0_17\lzma.dll
2010-04-14 08:07 . 2009-11-15 08:42 79488 ----a-w- c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-13 16:45 . 2010-03-13 16:52 540672 ------w- c:\windows\Internet Logs\xDB34.tmp
2010-03-13 16:45 . 2010-03-13 16:52 2334208 ------w- c:\windows\Internet Logs\xDB35.tmp
2010-03-13 16:30 . 2010-03-13 16:38 24064 ------w- c:\windows\Internet Logs\xDB86E.tmp
2010-03-13 15:50 . 2010-03-13 15:58 540672 ------w- c:\windows\Internet Logs\xDB95C.tmp
2010-03-13 15:50 . 2010-03-13 15:58 2331136 ------w- c:\windows\Internet Logs\xDBAC3.tmp
2010-03-13 15:11 . 2010-03-13 15:18 819200 ------w- c:\windows\Internet Logs\xDB838.tmp
2010-03-13 14:54 . 2010-03-13 15:02 2328576 ------w- c:\windows\Internet Logs\xDB33.tmp
2010-03-11 12:31 . 2004-01-21 16:24 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:31 . 2007-12-07 14:38 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:31 . 1979-12-31 22:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-05 18:41 . 2010-03-06 06:58 2314752 ------w- c:\windows\Internet Logs\xDBA93.tmp
2010-02-23 15:57 . 2004-11-04 19:43 90112 ----a-w- c:\windows\DUMP9ddb.tmp
2010-02-12 09:03 . 2010-03-06 11:13 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-06 12:48 . 2010-02-05 11:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2005-10-26 15:06 . 2005-10-26 15:06 32 --sha-w- c:\windows\{A9711257-6CE5-4025-BBB2-0FD38D644992}.dat
2005-10-26 15:07 . 2005-10-26 15:07 32 --sha-w- c:\windows\{FFF1854E-06BE-45D1-A6FA-EA1DBBCB7116}.dat
2005-10-26 15:08 . 2005-10-26 15:08 32 --sha-w- c:\windows\{C40F97B3-DDC8-4EA8-A843-DC318D9E7DBE}.dat
2005-10-26 15:06 . 2005-10-26 15:06 32 --sha-w- c:\windows\system32\{7C87DB2A-7102-4955-BB00-4EEAD6A27616}.dat
2005-10-26 15:07 . 2005-10-26 15:07 32 --sha-w- c:\windows\system32\{74DF4E8D-7115-4010-BEE9-64D8CEC520E2}.dat
2005-10-26 15:08 . 2005-10-26 15:08 32 --sha-w- c:\windows\system32\{66C7B972-71D2-43E2-B143-EB655B3F1B11}.dat
2009-09-14 19:44 . 2006-08-06 13:15 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-02 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-02 455168]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"LManager"="c:\programme\Launch Manager\QtZgAcer.EXE" [2004-07-05 315392]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"RealTray"="c:\programme\Real\RealPlayer\RealPlay.exe" [2005-10-17 26112]
"NapsterShell"="c:\programme\Napster\napster.exe" [2008-12-18 323216]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"wlconfig"="c:\programme\WLAN Monitor\wlconfig.exe" [2006-03-06 1347584]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Nicole\Startmen\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Acrobat Assistant.lnk - c:\programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

R1 SMBHC;Microsoft SM Bus-Hostcontrollertreiber;c:\windows\system32\drivers\smbhc.sys [06.07.2004 14:47 6784]
R2 accsvc;AccSys WiFi Component;c:\programme\Gemeinsame Dateien\AccSys\accsvc.exe [07.12.2007 16:59 147456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [05.02.2010 13:19 108289]
R3 SMBBATT;Microsoft Smart Battery-Treiber;c:\windows\system32\drivers\smbbatt.sys [06.07.2004 14:47 16000]
S2 XJAIBNLW;XJAIBNLW;\??\c:\windows\System32\xjaibnlw.nnw --> c:\windows\System32\xjaibnlw.nnw [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-17 16:59]

2010-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Arcor AG & Co. KG
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\otzz8vkc.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKU-Default-Run-ALUAlert - c:\programme\Symantec\LiveUpdate\ALUNotify.exe
HKU-Default-Run-AVG7_Run - c:\progra~1\Grisoft\AVG7\avgw.exe
AddRemove-{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1 - c:\programme\ArcorOnline\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-14 12:40
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XJAIBNLW]
"ImagePath"="\??\c:\windows\System32\xjaibnlw.nnw"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\brss01a.exe
c:\acer\eManager\anbmServ.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\ZONELABS\vsmon.exe
c:\programme\iPod\bin\iPodService.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
c:\programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-14 12:44:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-04-14 10:44

Vor Suchlauf: 2.112.159.744 Bytes frei
Nach Suchlauf: 3.542.892.544 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 43F6064C248BB35CAB070CC5DE302C7E

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Uploaduj mi sledeci fajl

Citat:c:\windows\system32\kernel32.dll

Preko sledeceg linka :

http://www.mycity.rs/ambulanta-upload.php

offline
  • smz 
  • Građanin
  • Pridružio: 18 Mar 2008
  • Poruke: 57

poslao sam taj fajl kernel32.dll...

E sad nesto sto mi se desilo dok je racunar stajao na stolu a da ga ja nisam uopste koristio (naravno bio je prkljucen na internet). Slucajno pogledam u ekran a tamo aktiviran program DDS i on vrsi skaniranje sto me je iznenadilo jer ja taj program nisam pokretao od pre neki dan kada sam otvarao ovu temu i kada on nije hteo da se pokrene. Evo txt ako je sad od neke koristi


DDS (Ver_10-03-17.01) - FAT32x86
Run by at 15:47:09,51 on 14.04.2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.510.257 [GMT 2:00]

AV: AVG 0.5.526 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
SVCHOST.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Programme\HP\HP Software Update\HPWuSchd2.exe
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Napster\napster.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\WLAN Monitor\wlconfig.exe
C:\Programme\QuickTime\QTTask.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\Programme\Winamp\winampa.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programme\Gemeinsame Dateien\AccSys\accsvc.exe
C:\Acer\eManager\anbmServ.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Programme\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\DOKUME~1\Nicole\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Arcor AG & Co. KG
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programme\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\programme\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\programme\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\programme\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] c:\programme\cyberlink\powerdvd\PDVDServ.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ATIPTA] c:\programme\ati technologies\ati control panel\atiptaxx.exe
mRun: [LManager] c:\programme\launch manager\QtZgAcer.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] c:\programme\hp\hp software update\HPWuSchd2.exe
mRun: [RealTray] c:\programme\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [NapsterShell] c:\programme\napster\napster.exe /systray
mRun: [ZoneAlarm Client] "c:\programme\zone labs\zonealarm\zlclient.exe"
mRun: [Sony Ericsson PC Suite] "c:\programme\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [wlconfig] "c:\programme\wlan monitor\wlconfig.exe" -autostart
mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\programme\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\programme\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] c:\programme\winamp\winampa.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\dokume~1\nicole\startm~1\progra~1\autost~1\adobeg~1.lnk - c:\programme\gemeinsame dateien\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\acroba~1.lnk - c:\programme\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\hpdigi~1.lnk - c:\programme\hp\digital imaging\bin\hpqtra08.exe
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\programme\gemeinsame dateien\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\nicole\anwend~1\mozilla\firefox\profiles\otzz8vkc.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\programme\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\programme\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programme\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2010-2-5 11608]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-7-16 127768]
R1 SMBHC;Microsoft SM Bus-Hostcontrollertreiber;c:\windows\system32\drivers\smbhc.sys [2004-7-6 6784]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2004-11-10 394952]
R2 accsvc;AccSys WiFi Component;c:\programme\gemeinsame dateien\accsys\accsvc.exe [2007-12-7 147456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\avira\antivir desktop\sched.exe [2010-2-5 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2010-2-5 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-5 56816]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 SMBBATT;Microsoft Smart Battery-Treiber;c:\windows\system32\drivers\smbbatt.sys [2004-7-6 16000]
S2 XJAIBNLW;XJAIBNLW;\??\c:\windows\system32\xjaibnlw.nnw --> c:\windows\system32\xjaibnlw.nnw [?]

=============== Created Last 30 ================

2010-04-15 17:10:58 0 d-----w- C:\FOUND.030
2010-04-14 11:36:37 129784 ------w- c:\windows\system32\pxafs.dll
2010-04-14 11:31:27 0 d-----w- c:\programme\Webteh
2010-04-14 10:25:05 0 d-sha-r- C:\cmdcons
2010-04-14 10:23:46 98816 ----a-w- c:\windows\sed.exe
2010-04-14 10:23:46 77312 ----a-w- c:\windows\MBR.exe
2010-04-14 10:23:46 261632 ----a-w- c:\windows\PEV.exe
2010-04-14 10:23:46 161792 ----a-w- c:\windows\SWREG.exe
2010-04-14 08:30:22 0 d-----w- c:\programme\Windows Media Connect 2
2010-04-14 08:25:23 0 d-----w- c:\windows\system32\LogFiles
2010-04-14 06:15:59 0 d-----w- c:\programme\trend micro
2010-04-12 17:53:37 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-04-14 11:47:36 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-14 11:47:36 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-10 13:17:52 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-10 13:17:52 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-02-23 15:57:24 90112 ----a-w- c:\windows\DUMP9ddb.tmp
2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-02-12 09:03:04 293376 ------w- c:\windows\system32\browserchoice.exe
2005-10-26 15:06:40 32 --sha-w- c:\windows\{A9711257-6CE5-4025-BBB2-0FD38D644992}.dat
2005-10-26 15:07:54 32 --sha-w- c:\windows\{FFF1854E-06BE-45D1-A6FA-EA1DBBCB7116}.dat
2005-10-26 15:08:24 32 --sha-w- c:\windows\{C40F97B3-DDC8-4EA8-A843-DC318D9E7DBE}.dat
2005-10-26 15:06:40 32 --sha-w- c:\windows\system32\{7C87DB2A-7102-4955-BB00-4EEAD6A27616}.dat
2005-10-26 15:07:54 32 --sha-w- c:\windows\system32\{74DF4E8D-7115-4010-BEE9-64D8CEC520E2}.dat
2005-10-26 15:08:24 32 --sha-w- c:\windows\system32\{66C7B972-71D2-43E2-B143-EB655B3F1B11}.dat
2009-09-14 19:44:40 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-10 16:50:16 32768 --sha-w- c:\windows\system32\config\systemprofile\lokale einstellungen\verlauf\history.ie5\mshist012008081020080811\index.dat

============= FINISH: 15:48:14,99 ===============

mycity.rs/must-login.png

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Razz Nemam ideju sta je pokrenulo DDS.. Ovde se cini sve ok.


Uradi sledece :

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\System32\xjaibnlw.nnw

Driver::
XJAIBNLW


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • smz 
  • Građanin
  • Pridružio: 18 Mar 2008
  • Poruke: 57

Uradjeno i ovo. Obavestavao me je da iskljucim antivirusne programe sto sam ja i uradio i za AVIRU i za ZONE ALARM ali se oni aktiviraju opet kada combo napravi restart kompijutera. E sad pojavio se jos jednom prozor u kome me obavestava da je antivirus AVG 0.5.526 jos uvek aktivan ali ja to u tom trenutku nisam pronasao gde se nalazi da bi ga iskljucio(doduse nemam ni vremena jer moram na posao) Evo izvestaja......
ComboFix 10-04-15.02 - Nicole 16.04.2010 7:18.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.510.208 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Nicole\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Nicole\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG 0.5.526 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\System32\xjaibnlw.nnw"
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_XJAIBNLW
-------\Service_XJAIBNLW


((((((((((((((((((((((( Dateien erstellt von 2010-03-16 bis 2010-04-16 ))))))))))))))))))))))))))))))
.

2010-04-16 04:56 . 2010-04-16 04:56 -------- d-----w- c:\windows\LastGood.Tmp
2010-04-15 17:10 . 2010-04-15 17:10 -------- d-----w- C:\FOUND.030
2010-04-14 11:36 . 2006-08-25 03:47 129784 ------w- c:\windows\system32\pxafs.dll
2010-04-14 11:31 . 2010-04-14 11:31 -------- d-----w- c:\programme\Webteh
2010-04-14 08:30 . 2010-04-14 08:30 -------- d-----w- c:\programme\Windows Media Connect 2
2010-04-14 08:25 . 2010-04-14 08:25 -------- d-----w- c:\windows\system32\LogFiles
2010-04-14 08:25 . 2010-04-14 08:25 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-14 06:15 . 2010-04-14 06:16 -------- d-----w- c:\programme\trend micro
2010-04-14 06:15 . 2010-04-14 06:16 -------- d-----w- C:\rsit
2010-04-12 17:53 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-11 12:50 . 2010-04-11 12:50 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\HP

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 18:31 . 2006-07-14 05:03 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-16 05:27 . 2008-07-16 17:42 32 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-16 05:27 . 2008-07-16 17:42 32 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-04-14 08:08 . 2010-04-14 08:08 152576 ----a-w- c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Sun\Java\jre1.6.0_17\lzma.dll
2010-04-14 08:07 . 2009-11-15 08:42 79488 ----a-w- c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-13 16:45 . 2010-03-13 16:52 540672 ------w- c:\windows\Internet Logs\xDB34.tmp
2010-03-13 16:45 . 2010-03-13 16:52 2334208 ------w- c:\windows\Internet Logs\xDB35.tmp
2010-03-13 16:30 . 2010-03-13 16:38 24064 ------w- c:\windows\Internet Logs\xDB86E.tmp
2010-03-13 15:50 . 2010-03-13 15:58 540672 ------w- c:\windows\Internet Logs\xDB95C.tmp
2010-03-13 15:50 . 2010-03-13 15:58 2331136 ------w- c:\windows\Internet Logs\xDBAC3.tmp
2010-03-13 15:11 . 2010-03-13 15:18 819200 ------w- c:\windows\Internet Logs\xDB838.tmp
2010-03-13 14:54 . 2010-03-13 15:02 2328576 ------w- c:\windows\Internet Logs\xDB33.tmp
2010-03-11 12:31 . 2004-01-21 16:24 832512 ------w- c:\windows\system32\wininet.dll
2010-03-11 12:31 . 2007-12-07 14:38 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:31 . 1979-12-31 22:00 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 1979-12-31 22:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 18:41 . 2010-03-06 06:58 2314752 ------w- c:\windows\Internet Logs\xDBA93.tmp
2010-02-24 13:11 . 1979-12-31 22:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 15:57 . 2004-11-04 19:43 90112 ----a-w- c:\windows\DUMP9ddb.tmp
2010-02-17 12:04 . 1979-12-31 22:00 2192256 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:04 . 2002-08-29 01:41 2069120 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 09:03 . 2010-03-06 11:13 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 1979-12-31 22:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 1979-12-31 22:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-06 12:48 . 2010-02-05 11:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2005-10-26 15:06 . 2005-10-26 15:06 32 --sha-w- c:\windows\{A9711257-6CE5-4025-BBB2-0FD38D644992}.dat
2005-10-26 15:07 . 2005-10-26 15:07 32 --sha-w- c:\windows\{FFF1854E-06BE-45D1-A6FA-EA1DBBCB7116}.dat
2005-10-26 15:08 . 2005-10-26 15:08 32 --sha-w- c:\windows\{C40F97B3-DDC8-4EA8-A843-DC318D9E7DBE}.dat
2005-10-26 15:06 . 2005-10-26 15:06 32 --sha-w- c:\windows\system32\{7C87DB2A-7102-4955-BB00-4EEAD6A27616}.dat
2005-10-26 15:07 . 2005-10-26 15:07 32 --sha-w- c:\windows\system32\{74DF4E8D-7115-4010-BEE9-64D8CEC520E2}.dat
2005-10-26 15:08 . 2005-10-26 15:08 32 --sha-w- c:\windows\system32\{66C7B972-71D2-43E2-B143-EB655B3F1B11}.dat
2009-09-14 19:44 . 2006-08-06 13:15 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 98304]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 532480]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 40960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-02 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-04-02 455168]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-15 339968]
"LManager"="c:\programme\Launch Manager\QtZgAcer.EXE" [2004-07-05 315392]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"RealTray"="c:\programme\Real\RealPlayer\RealPlay.exe" [2005-10-17 26112]
"NapsterShell"="c:\programme\Napster\napster.exe" [2008-12-18 323216]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"Sony Ericsson PC Suite"="c:\programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"wlconfig"="c:\programme\WLAN Monitor\wlconfig.exe" [2006-03-06 1347584]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"WinampAgent"="c:\programme\Winamp\winampa.exe" [2007-02-13 35328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Nicole\Startmen\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Acrobat Assistant.lnk - c:\programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

R1 SMBHC;Microsoft SM Bus-Hostcontrollertreiber;c:\windows\system32\drivers\smbhc.sys [06.07.2004 14:47 6784]
R2 accsvc;AccSys WiFi Component;c:\programme\Gemeinsame Dateien\AccSys\accsvc.exe [07.12.2007 16:59 147456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [05.02.2010 13:19 108289]
R3 SMBBATT;Microsoft Smart Battery-Treiber;c:\windows\system32\drivers\smbbatt.sys [06.07.2004 14:47 16000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2010-04-16 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-17 16:59]

2010-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Arcor AG & Co. KG
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Nicole\Anwendungsdaten\Mozilla\Firefox\Profiles\otzz8vkc.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-04-16 07:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'explorer.exe'(2736)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\brss01a.exe
c:\acer\eManager\anbmServ.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\ZONELABS\vsmon.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-04-16 07:35:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-04-16 05:35
ComboFix2.txt 2010-04-14 10:44

Vor Suchlauf: 3.504.570.368 Bytes frei
Nach Suchlauf: 3.462.463.488 Bytes frei

- - End Of File - - 2CE933E9FD7BC7530764363B4530EC41

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kakvo je sad stanje?

Sto se tice AVG-a, ja u logovima ne vidim njegove tragove, verovatno je zaostao neki registry unos. Ignorisi to obavestenje.

Ko je trenutno na forumu
 

Ukupno su 817 korisnika na forumu :: 20 registrovanih, 1 sakriven i 796 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Bob1312, bozo13, ddjxxi, dolinalima, Dorcolac, DucicM, havoc995, Istoricar2015, ladro, loon123, mgolub, nuki1234, Outis, Parker, raketaš, t84dar, W123, Zimbabwe, Zmaj Ognjeni Vuk