Obsah fóra
PravidláRegistrovaťPrihlásenie




Odpovedať na tému [ Príspevkov: 15 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17
Bydlisko: Myjava
Príspevok NapísalOffline : 02.04.2009 22:52

No takže ... :-D Má niekto skúsenosť s týmito červami ? čo spôsobujú a jak ich 100% vymažem z kompu a zo všetkych USBčiek, Mobilu, a šetkeho čo som pripojil do PC ? :lol:

A pozor vymazat bez toho aby som každe jedno zariadenie/kartu musel resetovať ! proste kvalitny Antivirak ktory mi to na 100% vylieči...







_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 24.04.19
Príspevky: 147
Témy: 1
Príspevok NapísalOffline : 03.04.2009 7:07

Antivirus ti 100%tne nepomoze. USBcka bude treba precistit.

Ale najprv precistime PC.

Aplikuj Combofix:
Citácia:
Stiahni si na plochu

Kód:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Nasledne ho spustite (ucet Administratora).
Po spusteni naskocia licencne podmienky s ktorymi suhlaste a pokracujte ANO/YES/OK.
Zacne sken pocas ktoreho neklikajte pomimo okna. Cely sken trva cca. 10 minut.
Po skene ComboFix vygeneruje log, ktory ulozi do cielovej jednotky, napr. c:\ s nazvom ComboFix.log.


Log skopiruj sem.


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17
Bydlisko: Myjava
Príspevok Napísal autor témyOffline : 03.04.2009 8:54

Ty kks kolko bordelu tam mam :-D Jak odstranim tu haved, sam vidím čo tam nemá byť len Combo som doteraz nepoužival tak neviem...
PS: amvo to odstranilo

Prikladám LOG:
Citácia:
ComboFix 09-04-01.01 - M4rekX 2009-04-03 8:31:36.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.690 [GMT 2:00]
Running from: c:\documents and settings\M4rekX\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\M4rekX\Application Data\inst.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\amvo.exe
c:\windows\system32\amvo0.dll
c:\windows\system32\amvo1.dll
c:\windows\system32\pthreadGC2.dll
V:\Autorun.inf
X:\Autorun.inf
Y:\Autorun.inf
Z:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.

2009-04-03 00:45 . 2009-04-03 00:45 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-03 00:45 . 2009-04-03 00:45 1,409 --a------ c:\windows\QTFont.for
2009-03-20 19:23 . 2009-03-22 12:26 <DIR> d-------- C:\temp
2009-03-20 19:18 . 2009-03-20 19:18 <DIR> d-------- c:\program files\FLV Player
2009-03-20 19:17 . 2009-03-17 14:59 4,425,076 --a------ c:\windows\system32\libavcodec.dll
2009-03-20 19:17 . 2009-03-17 15:05 1,390,867 --a------ c:\windows\system32\ffmpegmt.dll
2009-03-20 19:17 . 2009-03-02 15:32 790,190 --a------ c:\windows\system32\xvidcore.dll
2009-03-20 19:17 . 2009-03-10 15:48 557,451 --a------ c:\windows\system32\libmplayer.dll
2009-03-20 19:17 . 2009-03-02 15:42 425,040 --a------ c:\windows\system32\TomsMoComp_ff.dll
2009-03-20 19:17 . 2009-03-02 15:45 146,098 --a------ c:\windows\system32\libmpeg2_ff.dll
2009-03-20 19:17 . 2009-03-02 20:10 96,768 --a------ c:\windows\system32\ffvdub.vdf
2009-03-20 19:17 . 2007-10-20 13:04 1,708 --a------ c:\windows\system32\openIE.js
2009-03-11 16:50 . 2009-03-11 16:50 677,736 --a------ c:\documents and settings\razitko_dermato.psd
2009-03-11 16:47 . 2009-03-11 16:49 116,830 --a------ c:\documents and settings\razitko_2_raz.jpg
2009-03-11 16:37 . 2009-03-11 16:37 402,206 --a------ c:\documents and settings\razitko_2.jpg
2009-03-03 22:19 . 2009-03-03 22:19 <DIR> d-------- c:\program files\QIP Infium

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 14:08 --------- d-----w c:\program files\WinClamAVShield
2009-04-02 14:07 --------- d-----w c:\program files\Spyware Terminator
2009-03-22 21:01 --------- d-----w c:\program files\QIP
2009-03-20 17:23 --------- d-----w c:\documents and settings\M4rekX\Application Data\Vso
2009-03-11 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-05 13:12 --------- d-----w c:\documents and settings\M4rekX\Application Data\ICQ
2009-02-23 15:37 --------- d-----w c:\program files\Virtual Piano
2009-02-23 15:05 --------- d-----w c:\program files\ICQToolbar
2009-02-22 19:31 --------- d-----w c:\program files\ICQ6
2009-02-22 11:04 --------- d-----w c:\documents and settings\M4rekX\Application Data\GRETECH
2009-02-22 11:04 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-02-22 11:03 --------- d-----w c:\program files\GRETECH
2009-02-22 11:02 --------- d-----w c:\program files\Mv2Player
2009-02-22 10:50 --------- d-----w c:\program files\VirtualDJ
2009-02-19 20:54 --------- d-----w c:\documents and settings\M4rekX\Application Data\Ahead
2009-02-16 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2009-02-15 11:33 --------- d-----w c:\documents and settings\M4rekX\Application Data\Spyware Terminator
2009-02-12 01:29 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 02:20 --------- d-----w c:\documents and settings\M4rekX\Application Data\uTorrent
2009-02-05 16:33 --------- d-----w c:\documents and settings\M4rekX\Application Data\InstallShield
2009-02-05 16:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-01-08 01:26 102,475 ----a-w c:\documents and settings\M4rekX\Application Data\mdbu.bin
2008-10-21 16:28 47,360 ----a-w c:\documents and settings\M4rekX\Application Data\pcouffin.sys
2007-04-29 19:46 13,795 ----a-w c:\documents and settings\M4rekX\wz_cz_exploit.vbs
2006-10-21 07:38 81,920 ----a-w c:\documents and settings\M4rekX\Application Data\ezpinst.exe
2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2008-01-23 18:14 88 --sh--r c:\windows\system32\DE64B6FFF3.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2006-04-27 09:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-10-21 1783808]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2006-04-04 99840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^M4rekX^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\M4rekX\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2004-09-30 08:44 7957504 c:\program files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-29 16:48 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2004-10-11 08:54 589824 c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-10-21 23:22 1783808 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\Apache.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Miranda\\Computer Miranda Pack\\Miranda IM\\miranda32.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\M4rekX\\Desktop\\Programing\\qip8000\\qip.exe"=
"c:\\Games\\LANChatbox\\lanchatbox.exe"=
"c:\\Games\\Codemasters\\MicroMachines V4\\MMV4.exe"=
"v:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"v:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"v:\\Games\\Capcom\\MotoGP 08\\Launcher.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-09-28 141312]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [2008-11-15 49152]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-08-29 33792]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2006-10-21 44032]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [2008-11-15 102528]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [2007-10-16 11648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cddb620-8e48-11dd-8ca1-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4062f3bf-f6e3-11dd-8df7-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4062f3c0-f6e3-11dd-8df7-00110964a949}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66f4da8b-8945-11dc-88a1-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dd65120-60d3-11db-b93b-000cbf0121cd}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eea888c-ef2e-11dd-8de3-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5619c5c-f3a0-11dd-8def-00110964a949}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebf389c-ac7a-11db-842b-000cbf0121cd}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebf389d-ac7a-11db-842b-000cbf0121cd}]
\Shell\AutoRun\command - K:\n1deiect.com
\Shell\explore\Command - K:\n1deiect.com
\Shell\open\Command - K:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d29a7979-8014-11dc-886d-00110964a949}]
\Shell\AutoRun\command - I:\n1deiect.com
\Shell\explore\Command - I:\n1deiect.com
\Shell\open\Command - I:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8312d50-bda1-11dd-8d18-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d934dfbc-9b58-11dd-8cbe-00110964a949}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3b0af8-e30e-11dd-8d98-000cbf0121cd}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LANChatbox - (no file)
MSConfigStartUp-brwdiag - c:\windows\system32\brwconf.exe
MSConfigStartUp-DaemonTools_WhenUSave_Installer - c:\program files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
MSConfigStartUp-msupdtwiz - c:\windows\msupdtwiz.exe
MSConfigStartUp-serrv - c:\windows\serrv.exe
MSConfigStartUp-sserrvv - c:\windows\sserrvv.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-Device Detector - DevDetect.exe


.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\M4rekX\Application Data\Mozilla\Firefox\Profiles\99eefcyo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\documents and settings\M4rekX\Application Data\Mozilla\Firefox\Profiles\99eefcyo.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: c:\install\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\install\Opera\program\plugins\NPOFF12.DLL
FF - plugin: c:\install\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\install\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 08:41:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-790525478-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:87,37,0d,95,17,d2,b7,4a,18,ad,5d,e0,f5,80,6b,3b,3d,89,69,2e,38,1c,a0,
4d,f6,ec,9c,23,51,d0,ec,50,cf,14,57,8b,ca,65,24,47,db,12,cb,b6,2e,0d,f7,88,\
"??"=hex:23,48,2d,71,f8,de,6a,fc,d7,00,08,51,86,29,28,63

[HKEY_USERS\S-1-5-21-682003330-790525478-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:ec,72,68,e4,97,99,ae,31,47,34,53,38,bf,5b,59,8a,f0,71,aa,a2,03,
40,91,75,89,e4,dc,07,e7,3c,88,8b,d0,08,d6,5c,f3,2d,fd,25,ae,e6,2a,2c,00,cf,\
"rkeysecu"=hex:42,eb,b1,4e,1a,7d,ec,09,e9,50,f7,9e,45,31,b7,73

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,ed,fc,67,92,b2,
8d,6f,4c,e2,63,26,f1,3f,c8,ff,68,a0,40,84,f7,f0,22,c4,b5,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,3e,ad,e0,45,
6b,cb,9d,6a,9c,d6,61,af,45,84,18,5d,50,0d,af,3b,05,34,cd,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,23,00,b3,a5,b8,
02,f3,e8,ff,7c,85,e0,43,d4,0e,fe,1d,b8,5b,2a,5b,bc,1f,27,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,b4,31,34,17,11,
32,1f,1f,86,8c,21,01,be,91,eb,e7,73,9d,3f,a2,06,b8,b5,43,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,01,d1,be,d6,87,
77,f8,a5,f5,1d,4d,73,a8,13,5c,05,d4,e3,8f,a8,fb,ec,3f,f9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,b7,18,75,52,98,
53,f1,f3,df,20,58,62,78,6b,cf,c8,9b,92,93,21,5f,c5,ff,66,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f1,5f,40,db,3c,
b4,b5,84,fb,a7,78,e6,12,2f,9a,ea,14,7c,8c,85,d0,b1,13,4d,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,06,c5,45,9c,07,
51,74,b8,01,3a,48,fc,e8,04,4a,f1,c4,93,75,b2,99,3f,94,b6,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,45,03,1d,2d,db,
89,fe,92,f6,0f,4e,58,98,5b,89,c9,e9,9a,c8,a8,2f,83,48,c2,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,84,62,22,bb,ed,
a9,24,c7,3d,ce,ea,26,2d,45,aa,78,14,2f,e7,2f,6a,d3,41,c3,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,86,aa,d1,b9,90,
a5,2e,98,2a,b7,cc,b5,b9,7f,41,e7,33,ce,6c,46,59,2c,8a,80,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,30,40,b1,a1,47,
a7,56,57,6c,43,2d,1e,aa,22,2f,9c,bd,14,9e,36,bc,97,24,8c,6c,43,2d,1e,aa,22,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\M-Audio\Fast Track USB\MAUSBFTInst.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-04-03 8:50:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-03 06:50:09

Pre-Run: 8 250 769 408 bytes free
Post-Run: 8,278,421,504 voľných bajtov

347







_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 24.04.19
Príspevky: 147
Témy: 1
Príspevok NapísalOffline : 03.04.2009 14:47

Otvor poznamkovy blok a skopiruj doneho:

Citácia:
File::
c:\windows\meta4.exe
c:\windows\MOTA113.exe
F:\n1deiect.com
I:\n1deiect.com
K:\n1deiect.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cddb620-8e48-11dd-8ca1-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4062f3bf-f6e3-11dd-8df7-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4062f3c0-f6e3-11dd-8df7-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66f4da8b-8945-11dc-88a1-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dd65120-60d3-11db-b93b-000cbf0121cd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eea888c-ef2e-11dd-8de3-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5619c5c-f3a0-11dd-8def-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebf389c-ac7a-11db-842b-000cbf0121cd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebf389d-ac7a-11db-842b-000cbf0121cd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d29a7979-8014-11dc-886d-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8312d50-bda1-11dd-8d18-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3b0af8-e30e-11dd-8d98-000cbf0121cd}]


Subor uloz ako CFScript.txt na plochu. Mysou ho pretiahni nad ikonu combofixu a pusti.

n1deiect.com, amvo.exe

Novy log sem.


Tieto subory otestuj na www.virustotal.com

I:\AutoRun.exe
F:\AutoRun.exe
c:\windows\system32\openIE.js
c:\windows\system32\DE64B6FFF3.sys

Vysledky sem.


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17
Bydlisko: Myjava
Príspevok Napísal autor témyOffline : 03.04.2009 17:45

Pred tym ako to spravím chcem upozornit že: K,F,I, su vymenitelne zariadenia teda disky sa vytvoria až po tom ako niečo pripojím tzn v mojom prípade asi 4 USBčka s toho jeden je modem huawei, Dve M2 Karty, SD Karta z digitalneho foťaku, pamäť 2 telefónov,pda-čko

ja len tak dopredu či to môžem dať ten skript aj bez toho aby som tam mal niečo zapojené v tych particiach lebo inak ich ani nezobrazí...

zatial otestovane tie subory

c:\windows\system32\DE64B6FFF3.sys
Soubor DE64B6FFF3.sys přijatý 2009.04.03 18:09:48 (CET)
Současný stav: Dokončeno
Výsledek: 0/39 (0.00%)

c:\windows\system32\openIE.js
MD5: 2b11c169761a8d1afc02b7a3eb806315
Poprvé zaslán: -
Datum: 2008.12.07 15:53:35 (CET) [>117D]
Výsledky: 0/38
Stálý odkaz: analisis/1de5313686c21d6edd234ebd2ffc9620

I:\AutoRun.exe
Soubor AutoRun.exe přijatý 2009.04.03 18:14:03 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/39 (0%)
Kód:
http://www.virustotal.com/cs/analisis/c324b6124bb3e2feaef5e43c0f36b262


F:\n1deiect.com
Soubor n1deiect.com přijatý 2009.04.03 18:14:38 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 39/40 (97.5%)
Kód:
http://www.virustotal.com/cs/analisis/91f7efec6bf3fb8dbff6dfa41f5c2664


a ten n1deiect.com mam na každom disku :)







_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 24.04.19
Príspevky: 147
Témy: 1
Príspevok NapísalOffline : 03.04.2009 19:11

Nastrkaj vsetky USBcka a ostatne flash pamete do PC.

Potom pusti ten script co pisem hore. A daj novy log kttory sa vytvori.


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17
Bydlisko: Myjava
Príspevok Napísal autor témyOffline : 04.04.2009 4:08

Citácia:
ComboFix 09-04-01.01 - M4rekX 2009-04-04 3:26:22.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.655 [GMT 2:00]
Running from: c:\documents and settings\M4rekX\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\M4rekX\Desktop\CFScript.txt.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\n1deiect.com
c:\windows\meta4.exe
c:\windows\MOTA113.exe
F:\n1deiect.com
I:\n1deiect.com
J:\n1deiect.com
K:\n1deiect.com
V:\n1deiect.com
X:\n1deiect.com
Y:\n1deiect.com
Z:\n1deiect.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\n1deiect.com
c:\windows\meta4.exe
c:\windows\MOTA113.exe
J:\n1deiect.com
K:\Autorun.inf
K:\n1deiect.com
V:\n1deiect.com
X:\n1deiect.com
Y:\n1deiect.com
Z:\n1deiect.com

.
((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.

2009-04-03 00:45 . 2009-04-03 00:45 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-03 00:45 . 2009-04-03 00:45 1,409 --a------ c:\windows\QTFont.for
2009-03-20 19:23 . 2009-03-22 12:26 <DIR> d-------- C:\temp
2009-03-20 19:18 . 2009-03-20 19:18 <DIR> d-------- c:\program files\FLV Player
2009-03-20 19:17 . 2009-03-17 14:59 4,425,076 --a------ c:\windows\system32\libavcodec.dll
2009-03-20 19:17 . 2009-03-17 15:05 1,390,867 --a------ c:\windows\system32\ffmpegmt.dll
2009-03-20 19:17 . 2009-03-02 15:32 790,190 --a------ c:\windows\system32\xvidcore.dll
2009-03-20 19:17 . 2009-03-10 15:48 557,451 --a------ c:\windows\system32\libmplayer.dll
2009-03-20 19:17 . 2009-03-02 15:42 425,040 --a------ c:\windows\system32\TomsMoComp_ff.dll
2009-03-20 19:17 . 2009-03-02 15:45 146,098 --a------ c:\windows\system32\libmpeg2_ff.dll
2009-03-20 19:17 . 2009-03-02 20:10 96,768 --a------ c:\windows\system32\ffvdub.vdf
2009-03-20 19:17 . 2007-10-20 13:04 1,708 --a------ c:\windows\system32\openIE.js
2009-03-11 16:50 . 2009-03-11 16:50 677,736 --a------ c:\documents and settings\razitko_dermato.psd
2009-03-11 16:47 . 2009-03-11 16:49 116,830 --a------ c:\documents and settings\razitko_2_raz.jpg
2009-03-11 16:37 . 2009-03-11 16:37 402,206 --a------ c:\documents and settings\razitko_2.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 14:08 --------- d-----w c:\program files\WinClamAVShield
2009-04-02 14:07 --------- d-----w c:\program files\Spyware Terminator
2009-03-22 21:01 --------- d-----w c:\program files\QIP
2009-03-20 17:23 --------- d-----w c:\documents and settings\M4rekX\Application Data\Vso
2009-03-20 17:16 697,814 ----a-w c:\windows\system32\unins000.exe
2009-03-11 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-05 13:12 --------- d-----w c:\documents and settings\M4rekX\Application Data\ICQ
2009-03-03 20:19 --------- d-----w c:\program files\QIP Infium
2009-03-02 18:10 98,304 ----a-w c:\windows\system32\ff_wmv9.dll
2009-03-02 18:10 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-03-02 15:19 183,296 ----a-w c:\windows\system32\ff_samplerate.dll
2009-03-02 15:19 178,688 ----a-w c:\windows\system32\ff_libmad.dll
2009-03-02 15:19 113,152 ----a-w c:\windows\system32\ff_unrar.dll
2009-03-02 15:18 486,400 ----a-w c:\windows\system32\ff_libfaad2.dll
2009-03-02 15:18 257,024 ----a-w c:\windows\system32\ff_libdts.dll
2009-03-02 15:18 146,944 ----a-w c:\windows\system32\ff_tremor.dll
2009-03-02 15:18 142,848 ----a-w c:\windows\system32\ff_liba52.dll
2009-03-02 13:54 328,334 ----a-w c:\windows\system32\ff_kernelDeint.dll
2009-03-02 13:35 898,465 ----a-w c:\windows\system32\ff_x264.dll
2009-02-23 15:37 --------- d-----w c:\program files\Virtual Piano
2009-02-23 15:05 --------- d-----w c:\program files\ICQToolbar
2009-02-22 19:31 --------- d-----w c:\program files\ICQ6
2009-02-22 11:04 --------- d-----w c:\documents and settings\M4rekX\Application Data\GRETECH
2009-02-22 11:04 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-02-22 11:03 --------- d-----w c:\program files\GRETECH
2009-02-22 11:02 --------- d-----w c:\program files\Mv2Player
2009-02-22 10:50 --------- d-----w c:\program files\VirtualDJ
2009-02-19 20:54 --------- d-----w c:\documents and settings\M4rekX\Application Data\Ahead
2009-02-16 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2009-02-15 11:33 --------- d-----w c:\documents and settings\M4rekX\Application Data\Spyware Terminator
2009-02-12 01:29 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 02:20 --------- d-----w c:\documents and settings\M4rekX\Application Data\uTorrent
2009-02-05 16:33 --------- d-----w c:\documents and settings\M4rekX\Application Data\InstallShield
2009-02-05 16:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-01-10 09:38 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-08 01:26 102,475 ----a-w c:\documents and settings\M4rekX\Application Data\mdbu.bin
2008-10-21 16:28 47,360 ----a-w c:\documents and settings\M4rekX\Application Data\pcouffin.sys
2007-04-29 19:46 13,795 ----a-w c:\documents and settings\M4rekX\wz_cz_exploit.vbs
2006-10-21 07:38 81,920 ----a-w c:\documents and settings\M4rekX\Application Data\ezpinst.exe
2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2008-01-23 18:14 88 --sh--r c:\windows\system32\DE64B6FFF3.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2006-04-27 09:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-03_ 8.49.15.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-03 05:52:17 74,904 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-04 00:43:31 74,904 ----a-w c:\windows\system32\perfc009.dat
- 2009-04-03 05:52:17 448,326 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-04 00:43:31 448,326 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-10-21 1783808]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2006-04-04 99840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^M4rekX^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\M4rekX\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2004-09-30 08:44 7957504 c:\program files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-29 16:48 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2004-10-11 08:54 589824 c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-10-21 23:22 1783808 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\Apache.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Miranda\\Computer Miranda Pack\\Miranda IM\\miranda32.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\M4rekX\\Desktop\\Programing\\qip8000\\qip.exe"=
"c:\\Games\\LANChatbox\\lanchatbox.exe"=
"c:\\Games\\Codemasters\\MicroMachines V4\\MMV4.exe"=
"v:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"v:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"v:\\Games\\Capcom\\MotoGP 08\\Launcher.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-09-28 141312]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [2008-11-15 49152]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-08-29 33792]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2006-10-21 44032]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [2008-11-15 102528]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [2007-10-16 11648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d934dfbc-9b58-11dd-8cbe-00110964a949}]
\Shell\AutoRun\command - I:\AutoRun.exe
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\M4rekX\Application Data\Mozilla\Firefox\Profiles\99eefcyo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\documents and settings\M4rekX\Application Data\Mozilla\Firefox\Profiles\99eefcyo.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: c:\install\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\install\Opera\program\plugins\NPOFF12.DLL
FF - plugin: c:\install\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\install\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 03:31:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-790525478-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:87,37,0d,95,17,d2,b7,4a,18,ad,5d,e0,f5,80,6b,3b,3d,89,69,2e,38,1c,a0,
4d,f6,ec,9c,23,51,d0,ec,50,cf,14,57,8b,ca,65,24,47,db,12,cb,b6,2e,0d,f7,88,\
"??"=hex:23,48,2d,71,f8,de,6a,fc,d7,00,08,51,86,29,28,63

[HKEY_USERS\S-1-5-21-682003330-790525478-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:ec,72,68,e4,97,99,ae,31,47,34,53,38,bf,5b,59,8a,f0,71,aa,a2,03,
40,91,75,89,e4,dc,07,e7,3c,88,8b,d0,08,d6,5c,f3,2d,fd,25,ae,e6,2a,2c,00,cf,\
"rkeysecu"=hex:42,eb,b1,4e,1a,7d,ec,09,e9,50,f7,9e,45,31,b7,73

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,ed,fc,67,92,b2,
8d,6f,4c,e2,63,26,f1,3f,c8,ff,68,a0,40,84,f7,f0,22,c4,b5,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,3e,ad,e0,45,
6b,cb,9d,6a,9c,d6,61,af,45,84,18,5d,50,0d,af,3b,05,34,cd,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,23,00,b3,a5,b8,
02,f3,e8,ff,7c,85,e0,43,d4,0e,fe,1d,b8,5b,2a,5b,bc,1f,27,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,b4,31,34,17,11,
32,1f,1f,86,8c,21,01,be,91,eb,e7,73,9d,3f,a2,06,b8,b5,43,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,01,d1,be,d6,87,
77,f8,a5,f5,1d,4d,73,a8,13,5c,05,d4,e3,8f,a8,fb,ec,3f,f9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,b7,18,75,52,98,
53,f1,f3,df,20,58,62,78,6b,cf,c8,9b,92,93,21,5f,c5,ff,66,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f1,5f,40,db,3c,
b4,b5,84,fb,a7,78,e6,12,2f,9a,ea,14,7c,8c,85,d0,b1,13,4d,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,06,c5,45,9c,07,
51,74,b8,01,3a,48,fc,e8,04,4a,f1,c4,93,75,b2,99,3f,94,b6,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,45,03,1d,2d,db,
89,fe,92,f6,0f,4e,58,98,5b,89,c9,e9,9a,c8,a8,2f,83,48,c2,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,84,62,22,bb,ed,
a9,24,c7,3d,ce,ea,26,2d,45,aa,78,14,2f,e7,2f,6a,d3,41,c3,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,86,aa,d1,b9,90,
a5,2e,98,2a,b7,cc,b5,b9,7f,41,e7,33,ce,6c,46,59,2c,8a,80,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,30,40,b1,a1,47,
a7,56,57,6c,43,2d,1e,aa,22,2f,9c,bd,14,9e,36,bc,97,24,8c,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-04-04 3:40:06
ComboFix-quarantined-files.txt 2009-04-04 01:39:54
ComboFix2.txt 2009-04-03 16:03:16
ComboFix3.txt 2009-04-03 06:50:15

Pre-Run: 8 218 603 520 bytes free
Post-Run: 8,199,712,768 voľných bajtov

306








_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 24.04.19
Príspevky: 147
Témy: 1
Príspevok NapísalOffline : 04.04.2009 15:12

OK. Znovu nastrkaj vsetky USB a ine pamete do PC a spusti FlashDisinfector:

http://download.bleepingcomputer.com/sU ... fector.exe

Potom odinstaluj combofix:

Start -> Spustit -> napis "combofix /u" bez " ".

Stiahni CCleaner a precisti snim PC.
http://www.james008.net/download/index.php?dlid=2

Potom mas hotovo.


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17
Bydlisko: Myjava
Príspevok Napísal autor témyOffline : 05.04.2009 2:58

Díky ;) už maš hotovo ...
Idem ešte defragmentovať disk a potom to celé prešupnem cez Aviru ... dufam že potom už budem mať PC kompletne čistý :D







_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 24.04.19
Príspevky: 147
Témy: 1
Príspevok NapísalOffline : 05.04.2009 8:04

Mal by byt :)


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17
Bydlisko: Myjava
Príspevok Napísal autor témyOffline : 05.04.2009 13:41

Noo takže 37 Infikovaných súborov ... dal som to repair takže snad už to bude ok hh...
len ešte som tam mal nejaké varovania a neviem či to mam mazať alebo čo ... heh

Prípajam finalny LOG z AVSCAN-u
Citácia:

Avira AntiVir Personal
Report file date: 5. apríla 2009 08:28

Scanning for 1339172 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : M4rekX
Computer name : M4REKX-PC

Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24.3.2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24.2.2009 10:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.2.2009 18:33:26
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 1.4.2009 06:26:31
ANTIVIR3.VDF : 7.1.3.13 57344 Bytes 3.4.2009 06:26:34
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 27.1.2009 15:36:42
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 5.4.2009 06:27:35
AESCN.DLL : 8.1.1.10 127348 Bytes 5.4.2009 06:27:29
AERDL.DLL : 8.1.1.3 438645 Bytes 29.10.2008 16:24:41
AEPACK.DLL : 8.1.3.12 397687 Bytes 5.4.2009 06:27:26
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26.2.2009 18:01:56
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 5.4.2009 06:27:14
AEHELP.DLL : 8.1.2.2 119158 Bytes 26.2.2009 18:01:56
AEGEN.DLL : 8.1.1.33 340340 Bytes 5.4.2009 06:26:45
AEEMU.DLL : 8.1.0.9 393588 Bytes 9.10.2008 12:32:40
AECORE.DLL : 8.1.6.7 176502 Bytes 5.4.2009 06:26:38
AEBB.DLL : 8.1.0.3 53618 Bytes 9.10.2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 5.12.2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5.12.2008 08:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 9.2.2009 05:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2.2.2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5.12.2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 9.2.2009 09:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11.3.2009 13:55:12

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: c:\program files\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, V:, X:, Y:, Z:, A:, D:, E:, G:, H:, I:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 5. apríla 2009 08:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'mplayerc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'Mobile Connect.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'M-AudioTaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'MAUSBInst.exe' - '1' Module(s) have been scanned
Scan process 'MAUSBFTInst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '49' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\M4rekX\wz_cz_exploit.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
C:\Documents and Settings\M4rekX\Desktop\Grafika\DVD_X_Studios_CloneDVD_CZ_by_kabelman.rar
[0] Archive type: RAR
--> DVD X Studios CloneDVD\Keygen\DVDXCloneDVDKeygen.exe
[DETECTION] Contains recognition pattern of the DIAL/211177.A dialer
C:\Documents and Settings\M4rekX\Desktop\Grafika\DVD_X_Studios_CloneDVD_CZ_by_kabelman\DVD X Studios CloneDVD\Keygen\DVDXCloneDVDKeygen.exe
[DETECTION] Contains recognition pattern of the DIAL/211177.A dialer
C:\Documents and Settings\M4rekX\Desktop\java_hry_nove\Flash_Disinfector.exe
[DETECTION] Contains recognition pattern of the WORM/Generic.4084 worm
C:\Documents and Settings\M4rekX\Desktop\Programing\RcvD\326676309_Wolf\CC3_Keygen.exe
[DETECTION] Is the TR/Agent.448345 Trojan
C:\Documents and Settings\M4rekX\Desktop\PROGRAMY\setup_amr.exe
[DETECTION] Is the TR/Agent.4240176 Trojan
C:\Games\Cain\Abel.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Program Files\CloneDVD\BurnerDetector.exe
[DETECTION] Contains recognition pattern of the DIAL/49152.A.14 dialer
C:\Program Files\Foxmail\mail\MarekX350\in.BOX
[0] Archive type: MIME
--> file0.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> file0.mim
[3] Archive type: MIME
--> file0.mim
[4] Archive type: MIME
--> document.zip
[DETECTION] Contains recognition pattern of the WORM/Netsky.HB worm
--> data.rtf .scr
[DETECTION] Contains recognition pattern of the WORM/Netsky.HB worm
C:\Program Files\Servant Salamander 2.5 RC1\patch.exe
[DETECTION] Is the TR/Gendal.32256.1 Trojan
C:\Program Files\VertrigoServ\www\fake_login\login.php
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Program Files\VertrigoServ\www\madsoft\novinky.html
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'V:\' <Games>
V:\Games\Mobil\autorun.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.asb worm
V:\Install\W3\Razor1911\warcraft3 keygen.exe
[DETECTION] Is the TR/Spy.61440.F Trojan
V:\ZALOHA_M4rekX\Appz\Portable APPS\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
Begin scan in 'X:\' <Multimedia>
Begin scan in 'Y:\' <Software>
Y:\007 Quantum of Solace USB\nod\fix+2.70\NOD32.FiX.v2.2.exe
[DETECTION] Is the TR/Dropp.D Trojan
Y:\007 Quantum of Solace USB\nod\NOD 1\NOD32.FiX.v2.2-nsane.exe
[DETECTION] Is the TR/Dropp.D Trojan
Y:\C_PLOCHA\Temy+k800i\themes\FAR_RED_52.RAR
[0] Archive type: RAR
--> FAR RED 52\Plugins\gdfstool\gdfstool.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Y:\DVD2\Ostatné\fake_login.rar
[0] Archive type: RAR
--> login.php
[DETECTION] Contains HEUR/HTML.Malware suspicious code
Y:\DVD2\Ostatné\cs_map\OGC Speedhack.exe
[0] Archive type: RAR SFX (self extracting)
[DETECTION] Contains recognition pattern of the DR/PSW.QQPass.JD dropper
--> OGC Speedhack\speed.exe
[DETECTION] Is the TR/Agent.13824.15 Trojan
Y:\DVD2\Ostatné\cs_map\OGC Speedhack\speed.exe
[DETECTION] Is the TR/Agent.13824.15 Trojan
Y:\DVD2\PORTABLE+DUGINHO\Portable_appz.rar
[0] Archive type: RAR
--> portable\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
Y:\DVD2\PORTABLE+DUGINHO\portable20070429100006\portable\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
Y:\DVD2\Programing\madsoft.ic.cz\novinky.html
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
Y:\DVD3\Softwares\bsplayer212.941_clip.exe
[0] Archive type: NSIS
--> [ProgramFilesDir]/Webteh/BSplayer/BSplayer_WhenUSave_InstallerInst.exe
[1] Archive type: RSRC
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
Y:\DVD3\Softwares\HHEJ6_by_softland.biz_\visit_softland.biz_4_more\rise.r00
[0] Archive type: RAR
--> HipHop6\bitmaps\1024x768\FileManager\file_manager_main.bmp
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Y:\DVD3\Softwares\HHEJ6_by_softland.biz_\visit_softland.biz_4_more\rise.r01
[0] Archive type: RAR
--> HTML Help\right_header.gif
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Y:\DVD4\Photoshop CS2\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
Y:\DVD4\Photoshop CS2\Photoshop_CS2\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
Y:\DVD4\USB DISK 25_APRIL_2007\Programy\Nero 7.8.5.0 SK.exe
[0] Archive type: RAR SFX (self extracting)
--> Cab\28E70B86.cab
[1] Archive type: CAB (Microsoft)
--> NBImageReaderAD308823.dll
[WARNING] The file could not be written!
--> NBRes9033BA6E.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\A75C16D6.cab
[1] Archive type: CAB (Microsoft)
--> MMCA56CDF51.dll
[WARNING] The file could not be written!
--> nero50DEFBE1.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\DD3AACFD.cab
[1] Archive type: CAB (Microsoft)
--> gaa87623F1A.bin
[WARNING] The file could not be written!
--> incd1252685369A4.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
Y:\DVD4\USB DISK 25_APRIL_2007\Programy\Programx\irfan399.zip
[0] Archive type: ZIP
--> cestina399.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Y:\DVD5\10_jun_2007\Pinnacle Studio KEYGEN\keygen.exe
[DETECTION] Is the TR/Renaz.66952 Trojan
Y:\DVD6\16.máj_2007\wz_cz_exploit.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
Y:\DVD6\25.februar\Toto_si_stiahnite\irfan399.zip
[0] Archive type: ZIP
--> cestina399.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Y:\DVD6\Other\13.augusta_2007\acid_4_pro.rar
[0] Archive type: RAR
--> Acid Pro 4.0 keygenerator.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Y:\DVD6\Programing\qip8000\Users\322408280\RcvdFiles\326676309_Wolf\CC3_Keygen.exe
[DETECTION] Is the TR/Agent.448345 Trojan
Begin scan in 'Z:\' <ZALOHA>
Z:\USB_2_jul_2007\Other\Programy\Programx\irfan399.zip
[0] Archive type: ZIP
--> cestina399.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Z:\usb_fofiho_4_jul\Applications\Nero 7.8.5.0 SK.exe
[0] Archive type: RAR SFX (self extracting)
--> Cab\28E70B86.cab
[1] Archive type: CAB (Microsoft)
--> NBImageReaderAD308823.dll
[WARNING] The file could not be written!
--> NBRes9033BA6E.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\A75C16D6.cab
[1] Archive type: CAB (Microsoft)
--> MMCA56CDF51.dll
[WARNING] The file could not be written!
--> nero50DEFBE1.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\DD3AACFD.cab
[1] Archive type: CAB (Microsoft)
--> gaa87623F1A.bin
[WARNING] The file could not be written!
--> incd1252685369A4.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
Z:\usb_fofiho_4_jul\Applications\NERO 7~0.2
[0] Archive type: RAR SFX (self extracting)
--> Cab\0D6F6A73.cab
[1] Archive type: CAB (Microsoft)
--> iconv741EF1A1.dll
[WARNING] The file could not be written!
--> lgplD509316A.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\1B05D29F.cab
[1] Archive type: CAB (Microsoft)
--> VCDDoc9640972E.DLL
[WARNING] The file could not be written!
--> VCDEngine0944D317.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\28E70B86.cab
[1] Archive type: CAB (Microsoft)
--> NBFtp4A80FEF2.dll
[WARNING] The file could not be written!
--> NBHDMgr92B9F8F8.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\97F4A46E.cab
[1] Archive type: CAB (Microsoft)
--> iconvE70F30B6.dll
[WARNING] The file could not be written!
--> lib3ds_dll380FCC3B.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\A75C16D6.cab
[1] Archive type: CAB (Microsoft)
--> CDROM5C6B3477.dll
[WARNING] The file could not be written!
--> FATImporter1372122A.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\B4056539.cab
[1] Archive type: CAB (Microsoft)
--> DVDUI_SkyEE449D82.nls
[WARNING] The file could not be written!
--> ExpressUI_SkyB5380F96.nls
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\C65395A1.cab
[1] Archive type: CAB (Microsoft)
--> InstanceMgrF011A538.dll
[WARNING] The file could not be written!
--> NSPluginMgr6C72B7AA.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\CE86BCAB.cab
[1] Archive type: CAB (Microsoft)
--> NBVSS_0378A38CD2.dll
[WARNING] The file could not be written!
--> NBVSS_xpEE2D9DB1.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\CFEA0F1A.cab
[1] Archive type: CAB (Microsoft)
--> iconv684480B1.dll
[WARNING] The file could not be written!
--> lib3ds_dll07DD6D1A.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\D6C89E66.cab
[1] Archive type: CAB (Microsoft)
--> KARAOKE3DE180FF.DLL
[WARNING] The file could not be written!
--> nero920D0564.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\DD3AACFD.cab
[1] Archive type: CAB (Microsoft)
--> gaa87623F1A.bin
[WARNING] The file could not be written!
--> incd1252685369A4.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\E63C3C70.cab
[1] Archive type: CAB (Microsoft)
--> NMPlaybackComponent9D6A0DBC.dll
[WARNING] The file could not be written!
--> NMSlideShowC0848489.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\F85341BE.cab
[1] Archive type: CAB (Microsoft)
--> def738EAA4C.dat
[WARNING] The file could not be written!
--> stocksFF54ECE6.dat
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\F9874CBB.cab
[1] Archive type: CAB (Microsoft)
--> NeroMediaBrowserInterface7877C151.dll
[WARNING] The file could not be written!
--> NMOEMCustomisationB2CE72A3.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
Z:\usb_fofiho_4_jul\Applications\Adobe Illustrator CS2 - v12.0 FULL\Keygen\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
Z:\usb_fofiho_4_jul\Applications\Winamp.Pro.v5.54.Multilingual.Incl.Keymaker-CORE\keygen.exe
[DETECTION] Is the TR/Agent.14336.L Trojan
Z:\usb_fofiho_4_jul\Applications\Portable APPS\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Zariadenie nie je pripravené.
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Zariadenie nie je pripravené.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Zariadenie nie je pripravené.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Zariadenie nie je pripravené.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Zariadenie nie je pripravené.
Begin scan in 'I:\' <MOBILE_CONNECT>

Beginning disinfection:
C:\Documents and Settings\M4rekX\wz_cz_exploit.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
[NOTE] The file was moved to '4a37988e.qua'!
C:\Documents and Settings\M4rekX\Desktop\Grafika\DVD_X_Studios_CloneDVD_CZ_by_kabelman.rar
[NOTE] The file was moved to '4a1c986a.qua'!
C:\Documents and Settings\M4rekX\Desktop\Grafika\DVD_X_Studios_CloneDVD_CZ_by_kabelman\DVD X Studios CloneDVD\Keygen\DVDXCloneDVDKeygen.exe
[DETECTION] Contains recognition pattern of the DIAL/211177.A dialer
[NOTE] The file was moved to '4a1c986e.qua'!
C:\Documents and Settings\M4rekX\Desktop\java_hry_nove\Flash_Disinfector.exe
[DETECTION] Contains recognition pattern of the WORM/Generic.4084 worm
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
C:\Documents and Settings\M4rekX\Desktop\Programing\RcvD\326676309_Wolf\CC3_Keygen.exe
[DETECTION] Is the TR/Agent.448345 Trojan
[NOTE] The file was moved to '4a0b987c.qua'!
C:\Documents and Settings\M4rekX\Desktop\PROGRAMY\setup_amr.exe
[DETECTION] Is the TR/Agent.4240176 Trojan
[NOTE] The file was moved to '4a4c989f.qua'!
C:\Games\Cain\Abel.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '4a3d989c.qua'!
C:\Program Files\CloneDVD\BurnerDetector.exe
[DETECTION] Contains recognition pattern of the DIAL/49152.A.14 dialer
[NOTE] The file was moved to '4a4a98af.qua'!
C:\Program Files\Foxmail\mail\MarekX350\in.BOX
[NOTE] The file was moved to '4a0698a8.qua'!
C:\Program Files\Servant Salamander 2.5 RC1\patch.exe
[DETECTION] Is the TR/Gendal.32256.1 Trojan
[NOTE] The file was moved to '4a4c989b.qua'!
C:\Program Files\VertrigoServ\www\fake_login\login.php
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a3f98aa.qua'!
C:\Program Files\VertrigoServ\www\madsoft\novinky.html
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4a4e98aa.qua'!
V:\Games\Mobil\autorun.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.asb worm
[NOTE] The file was moved to '4a4c98b0.qua'!
V:\Install\W3\Razor1911\warcraft3 keygen.exe
[DETECTION] Is the TR/Spy.61440.F Trojan
[NOTE] The file was moved to '4a4a989c.qua'!
V:\ZALOHA_M4rekX\Appz\Portable APPS\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
[NOTE] The file was moved to '4a4a98aa.qua'!
Y:\007 Quantum of Solace USB\nod\fix+2.70\NOD32.FiX.v2.2.exe
[DETECTION] Is the TR/Dropp.D Trojan
[NOTE] The file was moved to '4a1c988a.qua'!
Y:\007 Quantum of Solace USB\nod\NOD 1\NOD32.FiX.v2.2-nsane.exe
[DETECTION] Is the TR/Dropp.D Trojan
[NOTE] The file was moved to '48c2a833.qua'!
Y:\C_PLOCHA\Temy+k800i\themes\FAR_RED_52.RAR
[NOTE] The file was moved to '4a2a987c.qua'!
Y:\DVD2\Ostatné\fake_login.rar
[NOTE] The file was moved to '4a43989d.qua'!
Y:\DVD2\Ostatné\cs_map\OGC Speedhack.exe
[DETECTION] Contains recognition pattern of the DR/PSW.QQPass.JD dropper
[NOTE] The file was moved to '4a1b9883.qua'!
Y:\DVD2\Ostatné\cs_map\OGC Speedhack\speed.exe
[DETECTION] Is the TR/Agent.13824.15 Trojan
[NOTE] The file was moved to '4a3d98ac.qua'!
Y:\DVD2\PORTABLE+DUGINHO\Portable_appz.rar
[NOTE] The file was moved to '4a4a98ab.qua'!
Y:\DVD2\PORTABLE+DUGINHO\portable20070429100006\portable\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
[NOTE] The file was moved to '4a4a98b9.qua'!
Y:\DVD2\Programing\madsoft.ic.cz\novinky.html
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4a4e98b9.qua'!
Y:\DVD3\Softwares\bsplayer212.941_clip.exe
[NOTE] The file was moved to '4a4898bd.qua'!
Y:\DVD4\Photoshop CS2\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
[NOTE] The file was moved to '4a5198b1.qua'!
Y:\DVD4\Photoshop CS2\Photoshop_CS2\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
[NOTE] The file was moved to '48f8be8a.qua'!
Y:\DVD4\USB DISK 25_APRIL_2007\Programy\Programx\irfan399.zip
[NOTE] The file was moved to '4a3e98be.qua'!
Y:\DVD5\10_jun_2007\Pinnacle Studio KEYGEN\keygen.exe
[DETECTION] Is the TR/Renaz.66952 Trojan
[NOTE] The file was moved to '4a5198b3.qua'!
Y:\DVD6\16.máj_2007\wz_cz_exploit.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
[NOTE] The file was moved to '4a3798c8.qua'!
Y:\DVD6\25.februar\Toto_si_stiahnite\irfan399.zip
[NOTE] The file was moved to '4a3e98c0.qua'!
Y:\DVD6\Other\13.augusta_2007\acid_4_pro.rar
[NOTE] The file was moved to '4a4198b2.qua'!
Y:\DVD6\Programing\qip8000\Users\322408280\RcvdFiles\326676309_Wolf\CC3_Keygen.exe
[DETECTION] Is the TR/Agent.448345 Trojan
[NOTE] The file was moved to '4a0b9897.qua'!
Z:\USB_2_jul_2007\Other\Programy\Programx\irfan399.zip
[NOTE] The file was moved to '4a3e98c6.qua'!
Z:\usb_fofiho_4_jul\Applications\Adobe Illustrator CS2 - v12.0 FULL\Keygen\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
[NOTE] The file was moved to '4a5198ba.qua'!
Z:\usb_fofiho_4_jul\Applications\Winamp.Pro.v5.54.Multilingual.Incl.Keymaker-CORE\keygen.exe
[DETECTION] Is the TR/Agent.14336.L Trojan
[NOTE] The file was moved to '48ec6f33.qua'!
Z:\usb_fofiho_4_jul\Applications\Portable APPS\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
[NOTE] The file was moved to '4a4a98c5.qua'!


End of the scan: 5. apríla 2009 13:39
Used time: 4:28:24 Hour(s)

The scan has been done completely.

24540 Scanned directories
1063032 Files were scanned
37 Viruses and/or unwanted programs were found
2 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
36 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
1062990 Files not concerned
18150 Archives were scanned
48 Warnings
39 Notes








_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 24.04.19
Príspevky: 147
Témy: 1
Príspevok NapísalOffline : 05.04.2009 14:07

Ako pozeram ten log tak samy crack, keygen, hack ... jedine normalne co tam vidim ze zmazalo autorun.inf a par falsnych poplachov.

Malo by to byt OK. A za tie cracky, keygeny atd si uz mozes sam ...


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 04.05.07
Prihlásený: 16.01.11
Príspevky: 192
Témy: 32
Príspevok NapísalOffline : 05.04.2009 19:20

...nechapem ta... tolko kvalitneho free softu je na svete, niekedy lepsieho ako plateny a ludia stale stahuju nelegalny soft...

pozri sa napr. po nejakom radsej na tejto stranke

http://www.techsupportalert.com/

pre bezne pouzitie nepotrebujes ziadne platene programy


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17
Bydlisko: Myjava
Príspevok Napísal autor témyOffline : 05.04.2009 21:48

tantum, fiiha díky to som ani nevedel o tomto ...

a čo sa tyka programov tak ide o to že som študent a moj príjem je prax a prípadne práce čo sa mi podari zohnat na nete že niečo niekomu spravím ... tzn že nemam ocinka milionara ktory by mi kupil software ktory si povjem a zo svojho si to dovolit zatial nemôžem ... ale ked budem mat keše tak si ich kupim...

tak ako sa snažim podporovat hudobnu scenu (kupou originalov)
a aktualne aj playstation 3 plus hry setko origo tak sa dostanem aj k PC časom...

bayo, jop jako inak mne ten windows ide už 5 rokov bez formatovania disku, bez antivirusu, firewallu atd.. jedine čo som mal bol Spyware Terminator ... a vypaty Win Firewall, aktualizacie... :)

Díky ešte raz..

ešte preventívne Log z HJT:
Citácia:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:37, on 5.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\QIP\qip.exe
C:\Documents and Settings\M4rekX\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF853669-B088-4C83-B733-AF10DADDCEF0}: NameServer = 213.151.208.161 213.151.200.30
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 4690 bytes


Povedal by som že už som čisty ... ;)







_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 24.04.19
Príspevky: 147
Témy: 1
Príspevok NapísalOffline : 06.04.2009 7:09

Vyzera to cisto..


Odpovedať na tému [ Príspevkov: 15 ] 


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. dllhost.exe COM Surrogate

v Operačné systémy Microsoft

12

615

04.05.2013 18:58

BleakCloud Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. explorer.exe, dllhost.exe - vyťaženie 100% CPU

v Antivíry a antispywary

3

1835

24.01.2012 15:41

Reverser Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. egui.exe a ekern.exe

v Antivíry a antispywary

4

1158

24.04.2010 15:32

feldino Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. .exe

v Operačné systémy Microsoft

1

379

19.05.2015 20:16

liqua1 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Launcher.exe

v Ostatné programy

2

241

09.03.2013 12:30

walther Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. CTFMON.EXE

v Operačné systémy Microsoft

8

5207

29.08.2008 0:32

dedko45 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. WinHlp32.exe

v Ostatné programy

9

1728

19.07.2009 14:26

zihos Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. winlogon.exe

v Operačné systémy Microsoft

5

1104

30.04.2007 18:53

Logistik Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. lsass.exe

v Antivíry a antispywary

5

1832

25.06.2008 21:57

Kosak Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. svchost.exe

v Antivíry a antispywary

11

698

02.08.2012 10:48

Trojan4x4 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. service.exe

v Operačné systémy Microsoft

1

342

20.04.2008 14:23

br4n0 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. ntvdm.exe

v Operačné systémy Microsoft

1

832

25.01.2009 11:25

shiro Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Checker.exe

v Ostatné programy

0

378

12.11.2012 20:24

hugo7777 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. svchost.exe

v Antivíry a antispywary

5

1099

10.05.2007 23:09

psv Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Notepad.exe

v Operačné systémy Microsoft

1

376

24.11.2007 13:09

eXistenZ Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. wcmdmgr.exe

v Ostatné programy

3

700

24.09.2009 15:37

foxXx Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra