Jak odstranim tu haved, sam vidím čo tam nemá byť len Combo som doteraz nepoužival tak neviem...
ComboFix 09-04-01.01 - M4rekX 2009-04-03 8:31:36.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.690 [GMT 2:00]
Running from: c:\documents and settings\M4rekX\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\documents and settings\M4rekX\Application Data\inst.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\amvo.exe
c:\windows\system32\amvo0.dll
c:\windows\system32\amvo1.dll
c:\windows\system32\pthreadGC2.dll
V:\Autorun.inf
X:\Autorun.inf
Y:\Autorun.inf
Z:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.
2009-04-03 00:45 . 2009-04-03 00:45 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-03 00:45 . 2009-04-03 00:45 1,409 --a------ c:\windows\QTFont.for
2009-03-20 19:23 . 2009-03-22 12:26 <DIR> d-------- C:\temp
2009-03-20 19:18 . 2009-03-20 19:18 <DIR> d-------- c:\program files\FLV Player
2009-03-20 19:17 . 2009-03-17 14:59 4,425,076 --a------ c:\windows\system32\libavcodec.dll
2009-03-20 19:17 . 2009-03-17 15:05 1,390,867 --a------ c:\windows\system32\ffmpegmt.dll
2009-03-20 19:17 . 2009-03-02 15:32 790,190 --a------ c:\windows\system32\xvidcore.dll
2009-03-20 19:17 . 2009-03-10 15:48 557,451 --a------ c:\windows\system32\libmplayer.dll
2009-03-20 19:17 . 2009-03-02 15:42 425,040 --a------ c:\windows\system32\TomsMoComp_ff.dll
2009-03-20 19:17 . 2009-03-02 15:45 146,098 --a------ c:\windows\system32\libmpeg2_ff.dll
2009-03-20 19:17 . 2009-03-02 20:10 96,768 --a------ c:\windows\system32\ffvdub.vdf
2009-03-20 19:17 . 2007-10-20 13:04 1,708 --a------ c:\windows\system32\openIE.js
2009-03-11 16:50 . 2009-03-11 16:50 677,736 --a------ c:\documents and settings\razitko_dermato.psd
2009-03-11 16:47 . 2009-03-11 16:49 116,830 --a------ c:\documents and settings\razitko_2_raz.jpg
2009-03-11 16:37 . 2009-03-11 16:37 402,206 --a------ c:\documents and settings\razitko_2.jpg
2009-03-03 22:19 . 2009-03-03 22:19 <DIR> d-------- c:\program files\QIP Infium
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 14:08 --------- d-----w c:\program files\WinClamAVShield
2009-04-02 14:07 --------- d-----w c:\program files\Spyware Terminator
2009-03-22 21:01 --------- d-----w c:\program files\QIP
2009-03-20 17:23 --------- d-----w c:\documents and settings\M4rekX\Application Data\Vso
2009-03-11 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-05 13:12 --------- d-----w c:\documents and settings\M4rekX\Application Data\ICQ
2009-02-23 15:37 --------- d-----w c:\program files\Virtual Piano
2009-02-23 15:05 --------- d-----w c:\program files\ICQToolbar
2009-02-22 19:31 --------- d-----w c:\program files\ICQ6
2009-02-22 11:04 --------- d-----w c:\documents and settings\M4rekX\Application Data\GRETECH
2009-02-22 11:04 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-02-22 11:03 --------- d-----w c:\program files\GRETECH
2009-02-22 11:02 --------- d-----w c:\program files\Mv2Player
2009-02-22 10:50 --------- d-----w c:\program files\VirtualDJ
2009-02-19 20:54 --------- d-----w c:\documents and settings\M4rekX\Application Data\Ahead
2009-02-16 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2009-02-15 11:33 --------- d-----w c:\documents and settings\M4rekX\Application Data\Spyware Terminator
2009-02-12 01:29 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 02:20 --------- d-----w c:\documents and settings\M4rekX\Application Data\uTorrent
2009-02-05 16:33 --------- d-----w c:\documents and settings\M4rekX\Application Data\InstallShield
2009-02-05 16:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-01-08 01:26 102,475 ----a-w c:\documents and settings\M4rekX\Application Data\mdbu.bin
2008-10-21 16:28 47,360 ----a-w c:\documents and settings\M4rekX\Application Data\pcouffin.sys
2007-04-29 19:46 13,795 ----a-w c:\documents and settings\M4rekX\wz_cz_exploit.vbs
2006-10-21 07:38 81,920 ----a-w c:\documents and settings\M4rekX\Application Data\ezpinst.exe
2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2008-01-23 18:14 88 --sh--r c:\windows\system32\DE64B6FFF3.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2006-04-27 09:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-10-21 1783808]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2006-04-04 99840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^M4rekX^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\M4rekX\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2004-09-30 08:44 7957504 c:\program files\VIAudioi\SBADeck\ADeck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 c:\program files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-29 16:48 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2004-10-11 08:54 589824 c:\program files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-10-21 23:22 1783808 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\Apache.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Miranda\\Computer Miranda Pack\\Miranda IM\\miranda32.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\M4rekX\\Desktop\\Programing\\qip8000\\qip.exe"=
"c:\\Games\\LANChatbox\\lanchatbox.exe"=
"c:\\Games\\Codemasters\\MicroMachines V4\\MMV4.exe"=
"v:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"v:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"v:\\Games\\Capcom\\MotoGP 08\\Launcher.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-09-28 141312]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [2008-11-15 49152]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-08-29 33792]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2006-10-21 44032]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [2008-11-15 102528]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [2007-10-16 11648]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cddb620-8e48-11dd-8ca1-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4062f3bf-f6e3-11dd-8df7-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4062f3c0-f6e3-11dd-8df7-00110964a949}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66f4da8b-8945-11dc-88a1-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dd65120-60d3-11db-b93b-000cbf0121cd}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eea888c-ef2e-11dd-8de3-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5619c5c-f3a0-11dd-8def-00110964a949}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebf389c-ac7a-11db-842b-000cbf0121cd}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebf389d-ac7a-11db-842b-000cbf0121cd}]
\Shell\AutoRun\command - K:\n1deiect.com
\Shell\explore\Command - K:\n1deiect.com
\Shell\open\Command - K:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d29a7979-8014-11dc-886d-00110964a949}]
\Shell\AutoRun\command - I:\n1deiect.com
\Shell\explore\Command - I:\n1deiect.com
\Shell\open\Command - I:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8312d50-bda1-11dd-8d18-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d934dfbc-9b58-11dd-8cbe-00110964a949}]
\Shell\AutoRun\command - I:\AutoRun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3b0af8-e30e-11dd-8d98-000cbf0121cd}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-LANChatbox - (no file)
MSConfigStartUp-brwdiag - c:\windows\system32\brwconf.exe
MSConfigStartUp-DaemonTools_WhenUSave_Installer - c:\program files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
MSConfigStartUp-msupdtwiz - c:\windows\msupdtwiz.exe
MSConfigStartUp-serrv - c:\windows\serrv.exe
MSConfigStartUp-sserrvv - c:\windows\sserrvv.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\M4rekX\Application Data\Mozilla\Firefox\Profiles\99eefcyo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.sk/FF - component: c:\documents and settings\M4rekX\Application Data\Mozilla\Firefox\Profiles\99eefcyo.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: c:\install\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\install\Opera\program\plugins\NPOFF12.DLL
FF - plugin: c:\install\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\install\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-03 08:41:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-682003330-790525478-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:87,37,0d,95,17,d2,b7,4a,18,ad,5d,e0,f5,80,6b,3b,3d,89,69,2e,38,1c,a0,
4d,f6,ec,9c,23,51,d0,ec,50,cf,14,57,8b,ca,65,24,47,db,12,cb,b6,2e,0d,f7,88,\
"??"=hex:23,48,2d,71,f8,de,6a,fc,d7,00,08,51,86,29,28,63
[HKEY_USERS\S-1-5-21-682003330-790525478-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:ec,72,68,e4,97,99,ae,31,47,34,53,38,bf,5b,59,8a,f0,71,aa,a2,03,
40,91,75,89,e4,dc,07,e7,3c,88,8b,d0,08,d6,5c,f3,2d,fd,25,ae,e6,2a,2c,00,cf,\
"rkeysecu"=hex:42,eb,b1,4e,1a,7d,ec,09,e9,50,f7,9e,45,31,b7,73
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,ed,fc,67,92,b2,
8d,6f,4c,e2,63,26,f1,3f,c8,ff,68,a0,40,84,f7,f0,22,c4,b5,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,3e,ad,e0,45,
6b,cb,9d,6a,9c,d6,61,af,45,84,18,5d,50,0d,af,3b,05,34,cd,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,23,00,b3,a5,b8,
02,f3,e8,ff,7c,85,e0,43,d4,0e,fe,1d,b8,5b,2a,5b,bc,1f,27,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,b4,31,34,17,11,
32,1f,1f,86,8c,21,01,be,91,eb,e7,73,9d,3f,a2,06,b8,b5,43,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,01,d1,be,d6,87,
77,f8,a5,f5,1d,4d,73,a8,13,5c,05,d4,e3,8f,a8,fb,ec,3f,f9,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,b7,18,75,52,98,
53,f1,f3,df,20,58,62,78,6b,cf,c8,9b,92,93,21,5f,c5,ff,66,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f1,5f,40,db,3c,
b4,b5,84,fb,a7,78,e6,12,2f,9a,ea,14,7c,8c,85,d0,b1,13,4d,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,06,c5,45,9c,07,
51,74,b8,01,3a,48,fc,e8,04,4a,f1,c4,93,75,b2,99,3f,94,b6,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,45,03,1d,2d,db,
89,fe,92,f6,0f,4e,58,98,5b,89,c9,e9,9a,c8,a8,2f,83,48,c2,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,84,62,22,bb,ed,
a9,24,c7,3d,ce,ea,26,2d,45,aa,78,14,2f,e7,2f,6a,d3,41,c3,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,86,aa,d1,b9,90,
a5,2e,98,2a,b7,cc,b5,b9,7f,41,e7,33,ce,6c,46,59,2c,8a,80,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,30,40,b1,a1,47,
a7,56,57,6c,43,2d,1e,aa,22,2f,9c,bd,14,9e,36,bc,97,24,8c,6c,43,2d,1e,aa,22,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\M-Audio\Fast Track USB\MAUSBFTInst.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-04-03 8:50:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-03 06:50:09
Pre-Run: 8 250 769 408 bytes free
Post-Run: 8,278,421,504 voľných bajtov
347
Má niekto skúsenosť s týmito červami ? čo spôsobujú a jak ich 100% vymažem z kompu a zo všetkych USBčiek, Mobilu, a šetkeho čo som pripojil do PC ? 
už maš hotovo ...
