[ Príspevkov: 15 ] 
AutorSpráva
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17 | 17
Bydlisko: Myjava
NapísalOffline : 02.04.2009 22:52 | n1deiect.com, amvo.exe

No takže ... :-D Má niekto skúsenosť s týmito červami ? čo spôsobujú a jak ich 100% vymažem z kompu a zo všetkych USBčiek, Mobilu, a šetkeho čo som pripojil do PC ? :lol:

A pozor vymazat bez toho aby som každe jedno zariadenie/kartu musel resetovať ! proste kvalitny Antivirak ktory mi to na 100% vylieči...


_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 09.05.10
Príspevky: 147
Témy: 1 | 1
Bydlisko: Sereď
NapísalOffline : 03.04.2009 7:07 | n1deiect.com, amvo.exe

Antivirus ti 100%tne nepomoze. USBcka bude treba precistit.

Ale najprv precistime PC.

Aplikuj Combofix:
Citácia:
Stiahni si na plochu

Kód:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Nasledne ho spustite (ucet Administratora).
Po spusteni naskocia licencne podmienky s ktorymi suhlaste a pokracujte ANO/YES/OK.
Zacne sken pocas ktoreho neklikajte pomimo okna. Cely sken trva cca. 10 minut.
Po skene ComboFix vygeneruje log, ktory ulozi do cielovej jednotky, napr. c:\ s nazvom ComboFix.log.


Log skopiruj sem.


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17 | 17
Bydlisko: Myjava
Napísal autor témyOffline : 03.04.2009 8:54 | n1deiect.com, amvo.exe

Ty kks kolko bordelu tam mam :-D Jak odstranim tu haved, sam vidím čo tam nemá byť len Combo som doteraz nepoužival tak neviem...
PS: amvo to odstranilo

Prikladám LOG:
Citácia:
ComboFix 09-04-01.01 - M4rekX 2009-04-03 8:31:36.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.690 [GMT 2:00]
Running from: c:\documents and settings\M4rekX\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\M4rekX\Application Data\inst.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\amvo.exe
c:\windows\system32\amvo0.dll
c:\windows\system32\amvo1.dll
c:\windows\system32\pthreadGC2.dll
V:\Autorun.inf
X:\Autorun.inf
Y:\Autorun.inf
Z:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-03-03 to 2009-04-03 )))))))))))))))))))))))))))))))
.

2009-04-03 00:45 . 2009-04-03 00:45 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-03 00:45 . 2009-04-03 00:45 1,409 --a------ c:\windows\QTFont.for
2009-03-20 19:23 . 2009-03-22 12:26 <DIR> d-------- C:\temp
2009-03-20 19:18 . 2009-03-20 19:18 <DIR> d-------- c:\program files\FLV Player
2009-03-20 19:17 . 2009-03-17 14:59 4,425,076 --a------ c:\windows\system32\libavcodec.dll
2009-03-20 19:17 . 2009-03-17 15:05 1,390,867 --a------ c:\windows\system32\ffmpegmt.dll
2009-03-20 19:17 . 2009-03-02 15:32 790,190 --a------ c:\windows\system32\xvidcore.dll
2009-03-20 19:17 . 2009-03-10 15:48 557,451 --a------ c:\windows\system32\libmplayer.dll
2009-03-20 19:17 . 2009-03-02 15:42 425,040 --a------ c:\windows\system32\TomsMoComp_ff.dll
2009-03-20 19:17 . 2009-03-02 15:45 146,098 --a------ c:\windows\system32\libmpeg2_ff.dll
2009-03-20 19:17 . 2009-03-02 20:10 96,768 --a------ c:\windows\system32\ffvdub.vdf
2009-03-20 19:17 . 2007-10-20 13:04 1,708 --a------ c:\windows\system32\openIE.js
2009-03-11 16:50 . 2009-03-11 16:50 677,736 --a------ c:\documents and settings\razitko_dermato.psd
2009-03-11 16:47 . 2009-03-11 16:49 116,830 --a------ c:\documents and settings\razitko_2_raz.jpg
2009-03-11 16:37 . 2009-03-11 16:37 402,206 --a------ c:\documents and settings\razitko_2.jpg
2009-03-03 22:19 . 2009-03-03 22:19 <DIR> d-------- c:\program files\QIP Infium

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 14:08 --------- d-----w c:\program files\WinClamAVShield
2009-04-02 14:07 --------- d-----w c:\program files\Spyware Terminator
2009-03-22 21:01 --------- d-----w c:\program files\QIP
2009-03-20 17:23 --------- d-----w c:\documents and settings\M4rekX\Application Data\Vso
2009-03-11 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-05 13:12 --------- d-----w c:\documents and settings\M4rekX\Application Data\ICQ
2009-02-23 15:37 --------- d-----w c:\program files\Virtual Piano
2009-02-23 15:05 --------- d-----w c:\program files\ICQToolbar
2009-02-22 19:31 --------- d-----w c:\program files\ICQ6
2009-02-22 11:04 --------- d-----w c:\documents and settings\M4rekX\Application Data\GRETECH
2009-02-22 11:04 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-02-22 11:03 --------- d-----w c:\program files\GRETECH
2009-02-22 11:02 --------- d-----w c:\program files\Mv2Player
2009-02-22 10:50 --------- d-----w c:\program files\VirtualDJ
2009-02-19 20:54 --------- d-----w c:\documents and settings\M4rekX\Application Data\Ahead
2009-02-16 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2009-02-15 11:33 --------- d-----w c:\documents and settings\M4rekX\Application Data\Spyware Terminator
2009-02-12 01:29 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 02:20 --------- d-----w c:\documents and settings\M4rekX\Application Data\uTorrent
2009-02-05 16:33 --------- d-----w c:\documents and settings\M4rekX\Application Data\InstallShield
2009-02-05 16:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-01-08 01:26 102,475 ----a-w c:\documents and settings\M4rekX\Application Data\mdbu.bin
2008-10-21 16:28 47,360 ----a-w c:\documents and settings\M4rekX\Application Data\pcouffin.sys
2007-04-29 19:46 13,795 ----a-w c:\documents and settings\M4rekX\wz_cz_exploit.vbs
2006-10-21 07:38 81,920 ----a-w c:\documents and settings\M4rekX\Application Data\ezpinst.exe
2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe
2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe
2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2008-01-23 18:14 88 --sh--r c:\windows\system32\DE64B6FFF3.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2006-04-27 09:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-10-21 1783808]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2006-04-04 99840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^M4rekX^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\M4rekX\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2004-09-30 08:44 7957504 c:\program files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-29 16:48 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2004-10-11 08:54 589824 c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-10-21 23:22 1783808 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\Apache.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Miranda\\Computer Miranda Pack\\Miranda IM\\miranda32.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\M4rekX\\Desktop\\Programing\\qip8000\\qip.exe"=
"c:\\Games\\LANChatbox\\lanchatbox.exe"=
"c:\\Games\\Codemasters\\MicroMachines V4\\MMV4.exe"=
"v:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"v:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"v:\\Games\\Capcom\\MotoGP 08\\Launcher.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-09-28 141312]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [2008-11-15 49152]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-08-29 33792]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2006-10-21 44032]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [2008-11-15 102528]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [2007-10-16 11648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cddb620-8e48-11dd-8ca1-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4062f3bf-f6e3-11dd-8df7-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4062f3c0-f6e3-11dd-8df7-00110964a949}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66f4da8b-8945-11dc-88a1-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dd65120-60d3-11db-b93b-000cbf0121cd}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eea888c-ef2e-11dd-8de3-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5619c5c-f3a0-11dd-8def-00110964a949}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebf389c-ac7a-11db-842b-000cbf0121cd}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebf389d-ac7a-11db-842b-000cbf0121cd}]
\Shell\AutoRun\command - K:\n1deiect.com
\Shell\explore\Command - K:\n1deiect.com
\Shell\open\Command - K:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d29a7979-8014-11dc-886d-00110964a949}]
\Shell\AutoRun\command - I:\n1deiect.com
\Shell\explore\Command - I:\n1deiect.com
\Shell\open\Command - I:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8312d50-bda1-11dd-8d18-00110964a949}]
\Shell\AutoRun\command - F:\n1deiect.com
\Shell\explore\Command - F:\n1deiect.com
\Shell\open\Command - F:\n1deiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d934dfbc-9b58-11dd-8cbe-00110964a949}]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3b0af8-e30e-11dd-8d98-000cbf0121cd}]
\Shell\AutoRun\command - J:\n1deiect.com
\Shell\explore\Command - J:\n1deiect.com
\Shell\open\Command - J:\n1deiect.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LANChatbox - (no file)
MSConfigStartUp-brwdiag - c:\windows\system32\brwconf.exe
MSConfigStartUp-DaemonTools_WhenUSave_Installer - c:\program files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
MSConfigStartUp-msupdtwiz - c:\windows\msupdtwiz.exe
MSConfigStartUp-serrv - c:\windows\serrv.exe
MSConfigStartUp-sserrvv - c:\windows\sserrvv.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-Device Detector - DevDetect.exe


.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\M4rekX\Application Data\Mozilla\Firefox\Profiles\99eefcyo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\documents and settings\M4rekX\Application Data\Mozilla\Firefox\Profiles\99eefcyo.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: c:\install\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\install\Opera\program\plugins\NPOFF12.DLL
FF - plugin: c:\install\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\install\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-03 08:41:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-790525478-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:87,37,0d,95,17,d2,b7,4a,18,ad,5d,e0,f5,80,6b,3b,3d,89,69,2e,38,1c,a0,
4d,f6,ec,9c,23,51,d0,ec,50,cf,14,57,8b,ca,65,24,47,db,12,cb,b6,2e,0d,f7,88,\
"??"=hex:23,48,2d,71,f8,de,6a,fc,d7,00,08,51,86,29,28,63

[HKEY_USERS\S-1-5-21-682003330-790525478-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:ec,72,68,e4,97,99,ae,31,47,34,53,38,bf,5b,59,8a,f0,71,aa,a2,03,
40,91,75,89,e4,dc,07,e7,3c,88,8b,d0,08,d6,5c,f3,2d,fd,25,ae,e6,2a,2c,00,cf,\
"rkeysecu"=hex:42,eb,b1,4e,1a,7d,ec,09,e9,50,f7,9e,45,31,b7,73

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,ed,fc,67,92,b2,
8d,6f,4c,e2,63,26,f1,3f,c8,ff,68,a0,40,84,f7,f0,22,c4,b5,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,3e,ad,e0,45,
6b,cb,9d,6a,9c,d6,61,af,45,84,18,5d,50,0d,af,3b,05,34,cd,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,23,00,b3,a5,b8,
02,f3,e8,ff,7c,85,e0,43,d4,0e,fe,1d,b8,5b,2a,5b,bc,1f,27,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,b4,31,34,17,11,
32,1f,1f,86,8c,21,01,be,91,eb,e7,73,9d,3f,a2,06,b8,b5,43,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,01,d1,be,d6,87,
77,f8,a5,f5,1d,4d,73,a8,13,5c,05,d4,e3,8f,a8,fb,ec,3f,f9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,b7,18,75,52,98,
53,f1,f3,df,20,58,62,78,6b,cf,c8,9b,92,93,21,5f,c5,ff,66,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f1,5f,40,db,3c,
b4,b5,84,fb,a7,78,e6,12,2f,9a,ea,14,7c,8c,85,d0,b1,13,4d,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,06,c5,45,9c,07,
51,74,b8,01,3a,48,fc,e8,04,4a,f1,c4,93,75,b2,99,3f,94,b6,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,45,03,1d,2d,db,
89,fe,92,f6,0f,4e,58,98,5b,89,c9,e9,9a,c8,a8,2f,83,48,c2,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,84,62,22,bb,ed,
a9,24,c7,3d,ce,ea,26,2d,45,aa,78,14,2f,e7,2f,6a,d3,41,c3,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,86,aa,d1,b9,90,
a5,2e,98,2a,b7,cc,b5,b9,7f,41,e7,33,ce,6c,46,59,2c,8a,80,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,30,40,b1,a1,47,
a7,56,57,6c,43,2d,1e,aa,22,2f,9c,bd,14,9e,36,bc,97,24,8c,6c,43,2d,1e,aa,22,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\M-Audio\Fast Track USB\MAUSBFTInst.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\progra~1\SPYWAR~1\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2009-04-03 8:50:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-03 06:50:09

Pre-Run: 8 250 769 408 bytes free
Post-Run: 8,278,421,504 voľných bajtov

347


_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 09.05.10
Príspevky: 147
Témy: 1 | 1
Bydlisko: Sereď
NapísalOffline : 03.04.2009 14:47 | n1deiect.com, amvo.exe

Otvor poznamkovy blok a skopiruj doneho:

Citácia:
File::
c:\windows\meta4.exe
c:\windows\MOTA113.exe
F:\n1deiect.com
I:\n1deiect.com
K:\n1deiect.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2cddb620-8e48-11dd-8ca1-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4062f3bf-f6e3-11dd-8df7-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4062f3c0-f6e3-11dd-8df7-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66f4da8b-8945-11dc-88a1-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dd65120-60d3-11db-b93b-000cbf0121cd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eea888c-ef2e-11dd-8de3-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5619c5c-f3a0-11dd-8def-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebf389c-ac7a-11db-842b-000cbf0121cd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cebf389d-ac7a-11db-842b-000cbf0121cd}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d29a7979-8014-11dc-886d-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8312d50-bda1-11dd-8d18-00110964a949}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe3b0af8-e30e-11dd-8d98-000cbf0121cd}]


Subor uloz ako CFScript.txt na plochu. Mysou ho pretiahni nad ikonu combofixu a pusti.

n1deiect.com, amvo.exe

Novy log sem.


Tieto subory otestuj na www.virustotal.com

I:\AutoRun.exe
F:\AutoRun.exe
c:\windows\system32\openIE.js
c:\windows\system32\DE64B6FFF3.sys

Vysledky sem.


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17 | 17
Bydlisko: Myjava
Napísal autor témyOffline : 03.04.2009 17:45 | n1deiect.com, amvo.exe

Pred tym ako to spravím chcem upozornit že: K,F,I, su vymenitelne zariadenia teda disky sa vytvoria až po tom ako niečo pripojím tzn v mojom prípade asi 4 USBčka s toho jeden je modem huawei, Dve M2 Karty, SD Karta z digitalneho foťaku, pamäť 2 telefónov,pda-čko

ja len tak dopredu či to môžem dať ten skript aj bez toho aby som tam mal niečo zapojené v tych particiach lebo inak ich ani nezobrazí...

zatial otestovane tie subory

c:\windows\system32\DE64B6FFF3.sys
Soubor DE64B6FFF3.sys přijatý 2009.04.03 18:09:48 (CET)
Současný stav: Dokončeno
Výsledek: 0/39 (0.00%)

c:\windows\system32\openIE.js
MD5: 2b11c169761a8d1afc02b7a3eb806315
Poprvé zaslán: -
Datum: 2008.12.07 15:53:35 (CET) [>117D]
Výsledky: 0/38
Stálý odkaz: analisis/1de5313686c21d6edd234ebd2ffc9620

I:\AutoRun.exe
Soubor AutoRun.exe přijatý 2009.04.03 18:14:03 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 0/39 (0%)
Kód:
http://www.virustotal.com/cs/analisis/c324b6124bb3e2feaef5e43c0f36b262


F:\n1deiect.com
Soubor n1deiect.com přijatý 2009.04.03 18:14:38 (CET)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO
Výsledek: 39/40 (97.5%)
Kód:
http://www.virustotal.com/cs/analisis/91f7efec6bf3fb8dbff6dfa41f5c2664


a ten n1deiect.com mam na každom disku :)


_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 09.05.10
Príspevky: 147
Témy: 1 | 1
Bydlisko: Sereď
NapísalOffline : 03.04.2009 19:11 | n1deiect.com, amvo.exe

Nastrkaj vsetky USBcka a ostatne flash pamete do PC.

Potom pusti ten script co pisem hore. A daj novy log kttory sa vytvori.


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17 | 17
Bydlisko: Myjava
Napísal autor témyOffline : 04.04.2009 4:08 | n1deiect.com, amvo.exe

Citácia:
ComboFix 09-04-01.01 - M4rekX 2009-04-04 3:26:22.3 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.655 [GMT 2:00]
Running from: c:\documents and settings\M4rekX\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\M4rekX\Desktop\CFScript.txt.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\n1deiect.com
c:\windows\meta4.exe
c:\windows\MOTA113.exe
F:\n1deiect.com
I:\n1deiect.com
J:\n1deiect.com
K:\n1deiect.com
V:\n1deiect.com
X:\n1deiect.com
Y:\n1deiect.com
Z:\n1deiect.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\n1deiect.com
c:\windows\meta4.exe
c:\windows\MOTA113.exe
J:\n1deiect.com
K:\Autorun.inf
K:\n1deiect.com
V:\n1deiect.com
X:\n1deiect.com
Y:\n1deiect.com
Z:\n1deiect.com

.
((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.

2009-04-03 00:45 . 2009-04-03 00:45 54,156 --ah----- c:\windows\QTFont.qfn
2009-04-03 00:45 . 2009-04-03 00:45 1,409 --a------ c:\windows\QTFont.for
2009-03-20 19:23 . 2009-03-22 12:26 <DIR> d-------- C:\temp
2009-03-20 19:18 . 2009-03-20 19:18 <DIR> d-------- c:\program files\FLV Player
2009-03-20 19:17 . 2009-03-17 14:59 4,425,076 --a------ c:\windows\system32\libavcodec.dll
2009-03-20 19:17 . 2009-03-17 15:05 1,390,867 --a------ c:\windows\system32\ffmpegmt.dll
2009-03-20 19:17 . 2009-03-02 15:32 790,190 --a------ c:\windows\system32\xvidcore.dll
2009-03-20 19:17 . 2009-03-10 15:48 557,451 --a------ c:\windows\system32\libmplayer.dll
2009-03-20 19:17 . 2009-03-02 15:42 425,040 --a------ c:\windows\system32\TomsMoComp_ff.dll
2009-03-20 19:17 . 2009-03-02 15:45 146,098 --a------ c:\windows\system32\libmpeg2_ff.dll
2009-03-20 19:17 . 2009-03-02 20:10 96,768 --a------ c:\windows\system32\ffvdub.vdf
2009-03-20 19:17 . 2007-10-20 13:04 1,708 --a------ c:\windows\system32\openIE.js
2009-03-11 16:50 . 2009-03-11 16:50 677,736 --a------ c:\documents and settings\razitko_dermato.psd
2009-03-11 16:47 . 2009-03-11 16:49 116,830 --a------ c:\documents and settings\razitko_2_raz.jpg
2009-03-11 16:37 . 2009-03-11 16:37 402,206 --a------ c:\documents and settings\razitko_2.jpg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 14:08 --------- d-----w c:\program files\WinClamAVShield
2009-04-02 14:07 --------- d-----w c:\program files\Spyware Terminator
2009-03-22 21:01 --------- d-----w c:\program files\QIP
2009-03-20 17:23 --------- d-----w c:\documents and settings\M4rekX\Application Data\Vso
2009-03-20 17:16 697,814 ----a-w c:\windows\system32\unins000.exe
2009-03-11 17:10 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-05 13:12 --------- d-----w c:\documents and settings\M4rekX\Application Data\ICQ
2009-03-03 20:19 --------- d-----w c:\program files\QIP Infium
2009-03-02 18:10 98,304 ----a-w c:\windows\system32\ff_wmv9.dll
2009-03-02 18:10 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-03-02 15:19 183,296 ----a-w c:\windows\system32\ff_samplerate.dll
2009-03-02 15:19 178,688 ----a-w c:\windows\system32\ff_libmad.dll
2009-03-02 15:19 113,152 ----a-w c:\windows\system32\ff_unrar.dll
2009-03-02 15:18 486,400 ----a-w c:\windows\system32\ff_libfaad2.dll
2009-03-02 15:18 257,024 ----a-w c:\windows\system32\ff_libdts.dll
2009-03-02 15:18 146,944 ----a-w c:\windows\system32\ff_tremor.dll
2009-03-02 15:18 142,848 ----a-w c:\windows\system32\ff_liba52.dll
2009-03-02 13:54 328,334 ----a-w c:\windows\system32\ff_kernelDeint.dll
2009-03-02 13:35 898,465 ----a-w c:\windows\system32\ff_x264.dll
2009-02-23 15:37 --------- d-----w c:\program files\Virtual Piano
2009-02-23 15:05 --------- d-----w c:\program files\ICQToolbar
2009-02-22 19:31 --------- d-----w c:\program files\ICQ6
2009-02-22 11:04 --------- d-----w c:\documents and settings\M4rekX\Application Data\GRETECH
2009-02-22 11:04 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2009-02-22 11:03 --------- d-----w c:\program files\GRETECH
2009-02-22 11:02 --------- d-----w c:\program files\Mv2Player
2009-02-22 10:50 --------- d-----w c:\program files\VirtualDJ
2009-02-19 20:54 --------- d-----w c:\documents and settings\M4rekX\Application Data\Ahead
2009-02-16 23:14 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2009-02-15 11:33 --------- d-----w c:\documents and settings\M4rekX\Application Data\Spyware Terminator
2009-02-12 01:29 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-06 02:20 --------- d-----w c:\documents and settings\M4rekX\Application Data\uTorrent
2009-02-05 16:33 --------- d-----w c:\documents and settings\M4rekX\Application Data\InstallShield
2009-02-05 16:28 --------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-01-10 09:38 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-08 01:26 102,475 ----a-w c:\documents and settings\M4rekX\Application Data\mdbu.bin
2008-10-21 16:28 47,360 ----a-w c:\documents and settings\M4rekX\Application Data\pcouffin.sys
2007-04-29 19:46 13,795 ----a-w c:\documents and settings\M4rekX\wz_cz_exploit.vbs
2006-10-21 07:38 81,920 ----a-w c:\documents and settings\M4rekX\Application Data\ezpinst.exe
2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe
2005-06-26 14:32 616,448 --sha-r c:\windows\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r c:\windows\system32\cygz.dll
2008-01-23 18:14 88 --sh--r c:\windows\system32\DE64B6FFF3.sys
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\i420vfw.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sh--r c:\windows\system32\nbDX.dll
2006-04-27 09:24 2,945,024 --sha-r c:\windows\system32\Smab.dll
2005-02-28 12:16 240,128 --sha-r c:\windows\system32\x.264.exe
2004-01-24 23:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-03_ 8.49.15.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-03 05:52:17 74,904 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-04 00:43:31 74,904 ----a-w c:\windows\system32\perfc009.dat
- 2009-04-03 05:52:17 448,326 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-04 00:43:31 448,326 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-10-21 1783808]
"M-Audio Taskbar Icon"="c:\windows\System32\M-AudioTaskBarIcon.exe" [2006-04-04 99840]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2006-06-01 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 c:\windows\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^M4rekX^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\M4rekX\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2004-09-30 08:44 7957504 c:\program files\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-29 16:48 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2004-10-11 08:54 589824 c:\program files\VIA\RAID\raid_tool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-01-12 03:01 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-10-21 23:22 1783808 c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\VertrigoServ\\Mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\VertrigoServ\\Apache\\bin\\Apache.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Miranda\\Computer Miranda Pack\\Miranda IM\\miranda32.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\M4rekX\\Desktop\\Programing\\qip8000\\qip.exe"=
"c:\\Games\\LANChatbox\\lanchatbox.exe"=
"c:\\Games\\Codemasters\\MicroMachines V4\\MMV4.exe"=
"v:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"v:\\Games\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"v:\\Games\\Capcom\\MotoGP 08\\Launcher.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2007-09-28 141312]
R2 MAudioUSBService;M-Audio USB Installer;c:\program files\M-Audio\Fast Track Pro\MAUSBInst.exe [2008-11-15 49152]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-08-29 33792]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2006-10-21 44032]
R3 MAUSB;Service for M-Audio Fast Track Pro Driver (WDM);c:\windows\system32\drivers\mausb.sys [2008-11-15 102528]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [2007-10-16 11648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d934dfbc-9b58-11dd-8cbe-00110964a949}]
\Shell\AutoRun\command - I:\AutoRun.exe
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\M4rekX\Application Data\Mozilla\Firefox\Profiles\99eefcyo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - component: c:\documents and settings\M4rekX\Application Data\Mozilla\Firefox\Profiles\99eefcyo.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - plugin: c:\install\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\install\Opera\program\plugins\NPOFF12.DLL
FF - plugin: c:\install\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\install\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-04 03:31:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-790525478-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:87,37,0d,95,17,d2,b7,4a,18,ad,5d,e0,f5,80,6b,3b,3d,89,69,2e,38,1c,a0,
4d,f6,ec,9c,23,51,d0,ec,50,cf,14,57,8b,ca,65,24,47,db,12,cb,b6,2e,0d,f7,88,\
"??"=hex:23,48,2d,71,f8,de,6a,fc,d7,00,08,51,86,29,28,63

[HKEY_USERS\S-1-5-21-682003330-790525478-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:ec,72,68,e4,97,99,ae,31,47,34,53,38,bf,5b,59,8a,f0,71,aa,a2,03,
40,91,75,89,e4,dc,07,e7,3c,88,8b,d0,08,d6,5c,f3,2d,fd,25,ae,e6,2a,2c,00,cf,\
"rkeysecu"=hex:42,eb,b1,4e,1a,7d,ec,09,e9,50,f7,9e,45,31,b7,73

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,ed,fc,67,92,b2,
8d,6f,4c,e2,63,26,f1,3f,c8,ff,68,a0,40,84,f7,f0,22,c4,b5,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,9d,3e,ad,e0,45,
6b,cb,9d,6a,9c,d6,61,af,45,84,18,5d,50,0d,af,3b,05,34,cd,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,23,00,b3,a5,b8,
02,f3,e8,ff,7c,85,e0,43,d4,0e,fe,1d,b8,5b,2a,5b,bc,1f,27,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,b4,31,34,17,11,
32,1f,1f,86,8c,21,01,be,91,eb,e7,73,9d,3f,a2,06,b8,b5,43,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,01,d1,be,d6,87,
77,f8,a5,f5,1d,4d,73,a8,13,5c,05,d4,e3,8f,a8,fb,ec,3f,f9,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,b7,18,75,52,98,
53,f1,f3,df,20,58,62,78,6b,cf,c8,9b,92,93,21,5f,c5,ff,66,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f1,5f,40,db,3c,
b4,b5,84,fb,a7,78,e6,12,2f,9a,ea,14,7c,8c,85,d0,b1,13,4d,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,06,c5,45,9c,07,
51,74,b8,01,3a,48,fc,e8,04,4a,f1,c4,93,75,b2,99,3f,94,b6,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,45,03,1d,2d,db,
89,fe,92,f6,0f,4e,58,98,5b,89,c9,e9,9a,c8,a8,2f,83,48,c2,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,84,62,22,bb,ed,
a9,24,c7,3d,ce,ea,26,2d,45,aa,78,14,2f,e7,2f,6a,d3,41,c3,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,86,aa,d1,b9,90,
a5,2e,98,2a,b7,cc,b5,b9,7f,41,e7,33,ce,6c,46,59,2c,8a,80,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,30,40,b1,a1,47,
a7,56,57,6c,43,2d,1e,aa,22,2f,9c,bd,14,9e,36,bc,97,24,8c,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-04-04 3:40:06
ComboFix-quarantined-files.txt 2009-04-04 01:39:54
ComboFix2.txt 2009-04-03 16:03:16
ComboFix3.txt 2009-04-03 06:50:15

Pre-Run: 8 218 603 520 bytes free
Post-Run: 8,199,712,768 voľných bajtov

306



_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 09.05.10
Príspevky: 147
Témy: 1 | 1
Bydlisko: Sereď
NapísalOffline : 04.04.2009 15:12 | n1deiect.com, amvo.exe

OK. Znovu nastrkaj vsetky USB a ine pamete do PC a spusti FlashDisinfector:

http://download.bleepingcomputer.com/sU ... fector.exe

Potom odinstaluj combofix:

Start -> Spustit -> napis "combofix /u" bez " ".

Stiahni CCleaner a precisti snim PC.
http://www.james008.net/download/index.php?dlid=2

Potom mas hotovo.


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17 | 17
Bydlisko: Myjava
Napísal autor témyOffline : 05.04.2009 2:58 | n1deiect.com, amvo.exe

Díky ;) už maš hotovo ...
Idem ešte defragmentovať disk a potom to celé prešupnem cez Aviru ... dufam že potom už budem mať PC kompletne čistý :D


_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 09.05.10
Príspevky: 147
Témy: 1 | 1
Bydlisko: Sereď
NapísalOffline : 05.04.2009 8:04 | n1deiect.com, amvo.exe

Mal by byt :)


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17 | 17
Bydlisko: Myjava
Napísal autor témyOffline : 05.04.2009 13:41 | n1deiect.com, amvo.exe

Noo takže 37 Infikovaných súborov ... dal som to repair takže snad už to bude ok hh...
len ešte som tam mal nejaké varovania a neviem či to mam mazať alebo čo ... heh

Prípajam finalny LOG z AVSCAN-u
Citácia:

Avira AntiVir Personal
Report file date: 5. apríla 2009 08:28

Scanning for 1339172 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : M4rekX
Computer name : M4REKX-PC

Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24.3.2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24.2.2009 10:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27.2.2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20.2.2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27.2.2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.2.2009 18:33:26
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 1.4.2009 06:26:31
ANTIVIR3.VDF : 7.1.3.13 57344 Bytes 3.4.2009 06:26:34
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 27.1.2009 15:36:42
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 5.4.2009 06:27:35
AESCN.DLL : 8.1.1.10 127348 Bytes 5.4.2009 06:27:29
AERDL.DLL : 8.1.1.3 438645 Bytes 29.10.2008 16:24:41
AEPACK.DLL : 8.1.3.12 397687 Bytes 5.4.2009 06:27:26
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26.2.2009 18:01:56
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 5.4.2009 06:27:14
AEHELP.DLL : 8.1.2.2 119158 Bytes 26.2.2009 18:01:56
AEGEN.DLL : 8.1.1.33 340340 Bytes 5.4.2009 06:26:45
AEEMU.DLL : 8.1.0.9 393588 Bytes 9.10.2008 12:32:40
AECORE.DLL : 8.1.6.7 176502 Bytes 5.4.2009 06:26:38
AEBB.DLL : 8.1.0.3 53618 Bytes 9.10.2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 5.12.2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20.1.2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5.12.2008 08:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 9.2.2009 05:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.1.2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.1.2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2.2.2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5.12.2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 9.2.2009 09:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11.3.2009 13:55:12

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: c:\program files\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, V:, X:, Y:, Z:, A:, D:, E:, G:, H:, I:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 5. apríla 2009 08:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'mplayerc.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'Mobile Connect.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'M-AudioTaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned
Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'MAUSBInst.exe' - '1' Module(s) have been scanned
Scan process 'MAUSBFTInst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '49' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\M4rekX\wz_cz_exploit.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
C:\Documents and Settings\M4rekX\Desktop\Grafika\DVD_X_Studios_CloneDVD_CZ_by_kabelman.rar
[0] Archive type: RAR
--> DVD X Studios CloneDVD\Keygen\DVDXCloneDVDKeygen.exe
[DETECTION] Contains recognition pattern of the DIAL/211177.A dialer
C:\Documents and Settings\M4rekX\Desktop\Grafika\DVD_X_Studios_CloneDVD_CZ_by_kabelman\DVD X Studios CloneDVD\Keygen\DVDXCloneDVDKeygen.exe
[DETECTION] Contains recognition pattern of the DIAL/211177.A dialer
C:\Documents and Settings\M4rekX\Desktop\java_hry_nove\Flash_Disinfector.exe
[DETECTION] Contains recognition pattern of the WORM/Generic.4084 worm
C:\Documents and Settings\M4rekX\Desktop\Programing\RcvD\326676309_Wolf\CC3_Keygen.exe
[DETECTION] Is the TR/Agent.448345 Trojan
C:\Documents and Settings\M4rekX\Desktop\PROGRAMY\setup_amr.exe
[DETECTION] Is the TR/Agent.4240176 Trojan
C:\Games\Cain\Abel.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Program Files\CloneDVD\BurnerDetector.exe
[DETECTION] Contains recognition pattern of the DIAL/49152.A.14 dialer
C:\Program Files\Foxmail\mail\MarekX350\in.BOX
[0] Archive type: MIME
--> file0.mim
[1] Archive type: MIME
--> file0.mim
[2] Archive type: MIME
--> file0.mim
[3] Archive type: MIME
--> file0.mim
[4] Archive type: MIME
--> document.zip
[DETECTION] Contains recognition pattern of the WORM/Netsky.HB worm
--> data.rtf .scr
[DETECTION] Contains recognition pattern of the WORM/Netsky.HB worm
C:\Program Files\Servant Salamander 2.5 RC1\patch.exe
[DETECTION] Is the TR/Gendal.32256.1 Trojan
C:\Program Files\VertrigoServ\www\fake_login\login.php
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Program Files\VertrigoServ\www\madsoft\novinky.html
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'V:\' <Games>
V:\Games\Mobil\autorun.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.asb worm
V:\Install\W3\Razor1911\warcraft3 keygen.exe
[DETECTION] Is the TR/Spy.61440.F Trojan
V:\ZALOHA_M4rekX\Appz\Portable APPS\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
Begin scan in 'X:\' <Multimedia>
Begin scan in 'Y:\' <Software>
Y:\007 Quantum of Solace USB\nod\fix+2.70\NOD32.FiX.v2.2.exe
[DETECTION] Is the TR/Dropp.D Trojan
Y:\007 Quantum of Solace USB\nod\NOD 1\NOD32.FiX.v2.2-nsane.exe
[DETECTION] Is the TR/Dropp.D Trojan
Y:\C_PLOCHA\Temy+k800i\themes\FAR_RED_52.RAR
[0] Archive type: RAR
--> FAR RED 52\Plugins\gdfstool\gdfstool.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Y:\DVD2\Ostatné\fake_login.rar
[0] Archive type: RAR
--> login.php
[DETECTION] Contains HEUR/HTML.Malware suspicious code
Y:\DVD2\Ostatné\cs_map\OGC Speedhack.exe
[0] Archive type: RAR SFX (self extracting)
[DETECTION] Contains recognition pattern of the DR/PSW.QQPass.JD dropper
--> OGC Speedhack\speed.exe
[DETECTION] Is the TR/Agent.13824.15 Trojan
Y:\DVD2\Ostatné\cs_map\OGC Speedhack\speed.exe
[DETECTION] Is the TR/Agent.13824.15 Trojan
Y:\DVD2\PORTABLE+DUGINHO\Portable_appz.rar
[0] Archive type: RAR
--> portable\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
Y:\DVD2\PORTABLE+DUGINHO\portable20070429100006\portable\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
Y:\DVD2\Programing\madsoft.ic.cz\novinky.html
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
Y:\DVD3\Softwares\bsplayer212.941_clip.exe
[0] Archive type: NSIS
--> [ProgramFilesDir]/Webteh/BSplayer/BSplayer_WhenUSave_InstallerInst.exe
[1] Archive type: RSRC
[DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
Y:\DVD3\Softwares\HHEJ6_by_softland.biz_\visit_softland.biz_4_more\rise.r00
[0] Archive type: RAR
--> HipHop6\bitmaps\1024x768\FileManager\file_manager_main.bmp
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Y:\DVD3\Softwares\HHEJ6_by_softland.biz_\visit_softland.biz_4_more\rise.r01
[0] Archive type: RAR
--> HTML Help\right_header.gif
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
Y:\DVD4\Photoshop CS2\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
Y:\DVD4\Photoshop CS2\Photoshop_CS2\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
Y:\DVD4\USB DISK 25_APRIL_2007\Programy\Nero 7.8.5.0 SK.exe
[0] Archive type: RAR SFX (self extracting)
--> Cab\28E70B86.cab
[1] Archive type: CAB (Microsoft)
--> NBImageReaderAD308823.dll
[WARNING] The file could not be written!
--> NBRes9033BA6E.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\A75C16D6.cab
[1] Archive type: CAB (Microsoft)
--> MMCA56CDF51.dll
[WARNING] The file could not be written!
--> nero50DEFBE1.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\DD3AACFD.cab
[1] Archive type: CAB (Microsoft)
--> gaa87623F1A.bin
[WARNING] The file could not be written!
--> incd1252685369A4.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
Y:\DVD4\USB DISK 25_APRIL_2007\Programy\Programx\irfan399.zip
[0] Archive type: ZIP
--> cestina399.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Y:\DVD5\10_jun_2007\Pinnacle Studio KEYGEN\keygen.exe
[DETECTION] Is the TR/Renaz.66952 Trojan
Y:\DVD6\16.máj_2007\wz_cz_exploit.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
Y:\DVD6\25.februar\Toto_si_stiahnite\irfan399.zip
[0] Archive type: ZIP
--> cestina399.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Y:\DVD6\Other\13.augusta_2007\acid_4_pro.rar
[0] Archive type: RAR
--> Acid Pro 4.0 keygenerator.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Y:\DVD6\Programing\qip8000\Users\322408280\RcvdFiles\326676309_Wolf\CC3_Keygen.exe
[DETECTION] Is the TR/Agent.448345 Trojan
Begin scan in 'Z:\' <ZALOHA>
Z:\USB_2_jul_2007\Other\Programy\Programx\irfan399.zip
[0] Archive type: ZIP
--> cestina399.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Z:\usb_fofiho_4_jul\Applications\Nero 7.8.5.0 SK.exe
[0] Archive type: RAR SFX (self extracting)
--> Cab\28E70B86.cab
[1] Archive type: CAB (Microsoft)
--> NBImageReaderAD308823.dll
[WARNING] The file could not be written!
--> NBRes9033BA6E.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\A75C16D6.cab
[1] Archive type: CAB (Microsoft)
--> MMCA56CDF51.dll
[WARNING] The file could not be written!
--> nero50DEFBE1.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\DD3AACFD.cab
[1] Archive type: CAB (Microsoft)
--> gaa87623F1A.bin
[WARNING] The file could not be written!
--> incd1252685369A4.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
Z:\usb_fofiho_4_jul\Applications\NERO 7~0.2
[0] Archive type: RAR SFX (self extracting)
--> Cab\0D6F6A73.cab
[1] Archive type: CAB (Microsoft)
--> iconv741EF1A1.dll
[WARNING] The file could not be written!
--> lgplD509316A.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\1B05D29F.cab
[1] Archive type: CAB (Microsoft)
--> VCDDoc9640972E.DLL
[WARNING] The file could not be written!
--> VCDEngine0944D317.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\28E70B86.cab
[1] Archive type: CAB (Microsoft)
--> NBFtp4A80FEF2.dll
[WARNING] The file could not be written!
--> NBHDMgr92B9F8F8.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\97F4A46E.cab
[1] Archive type: CAB (Microsoft)
--> iconvE70F30B6.dll
[WARNING] The file could not be written!
--> lib3ds_dll380FCC3B.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\A75C16D6.cab
[1] Archive type: CAB (Microsoft)
--> CDROM5C6B3477.dll
[WARNING] The file could not be written!
--> FATImporter1372122A.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\B4056539.cab
[1] Archive type: CAB (Microsoft)
--> DVDUI_SkyEE449D82.nls
[WARNING] The file could not be written!
--> ExpressUI_SkyB5380F96.nls
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\C65395A1.cab
[1] Archive type: CAB (Microsoft)
--> InstanceMgrF011A538.dll
[WARNING] The file could not be written!
--> NSPluginMgr6C72B7AA.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\CE86BCAB.cab
[1] Archive type: CAB (Microsoft)
--> NBVSS_0378A38CD2.dll
[WARNING] The file could not be written!
--> NBVSS_xpEE2D9DB1.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\CFEA0F1A.cab
[1] Archive type: CAB (Microsoft)
--> iconv684480B1.dll
[WARNING] The file could not be written!
--> lib3ds_dll07DD6D1A.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\D6C89E66.cab
[1] Archive type: CAB (Microsoft)
--> KARAOKE3DE180FF.DLL
[WARNING] The file could not be written!
--> nero920D0564.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\DD3AACFD.cab
[1] Archive type: CAB (Microsoft)
--> gaa87623F1A.bin
[WARNING] The file could not be written!
--> incd1252685369A4.txt
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\E63C3C70.cab
[1] Archive type: CAB (Microsoft)
--> NMPlaybackComponent9D6A0DBC.dll
[WARNING] The file could not be written!
--> NMSlideShowC0848489.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\F85341BE.cab
[1] Archive type: CAB (Microsoft)
--> def738EAA4C.dat
[WARNING] The file could not be written!
--> stocksFF54ECE6.dat
[WARNING] No further files can be extracted from this archive. The archive will be closed
--> Cab\F9874CBB.cab
[1] Archive type: CAB (Microsoft)
--> NeroMediaBrowserInterface7877C151.dll
[WARNING] The file could not be written!
--> NMOEMCustomisationB2CE72A3.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
Z:\usb_fofiho_4_jul\Applications\Adobe Illustrator CS2 - v12.0 FULL\Keygen\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
Z:\usb_fofiho_4_jul\Applications\Winamp.Pro.v5.54.Multilingual.Incl.Keymaker-CORE\keygen.exe
[DETECTION] Is the TR/Agent.14336.L Trojan
Z:\usb_fofiho_4_jul\Applications\Portable APPS\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Zariadenie nie je pripravené.
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Zariadenie nie je pripravené.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Zariadenie nie je pripravené.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Zariadenie nie je pripravené.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Zariadenie nie je pripravené.
Begin scan in 'I:\' <MOBILE_CONNECT>

Beginning disinfection:
C:\Documents and Settings\M4rekX\wz_cz_exploit.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
[NOTE] The file was moved to '4a37988e.qua'!
C:\Documents and Settings\M4rekX\Desktop\Grafika\DVD_X_Studios_CloneDVD_CZ_by_kabelman.rar
[NOTE] The file was moved to '4a1c986a.qua'!
C:\Documents and Settings\M4rekX\Desktop\Grafika\DVD_X_Studios_CloneDVD_CZ_by_kabelman\DVD X Studios CloneDVD\Keygen\DVDXCloneDVDKeygen.exe
[DETECTION] Contains recognition pattern of the DIAL/211177.A dialer
[NOTE] The file was moved to '4a1c986e.qua'!
C:\Documents and Settings\M4rekX\Desktop\java_hry_nove\Flash_Disinfector.exe
[DETECTION] Contains recognition pattern of the WORM/Generic.4084 worm
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
C:\Documents and Settings\M4rekX\Desktop\Programing\RcvD\326676309_Wolf\CC3_Keygen.exe
[DETECTION] Is the TR/Agent.448345 Trojan
[NOTE] The file was moved to '4a0b987c.qua'!
C:\Documents and Settings\M4rekX\Desktop\PROGRAMY\setup_amr.exe
[DETECTION] Is the TR/Agent.4240176 Trojan
[NOTE] The file was moved to '4a4c989f.qua'!
C:\Games\Cain\Abel.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '4a3d989c.qua'!
C:\Program Files\CloneDVD\BurnerDetector.exe
[DETECTION] Contains recognition pattern of the DIAL/49152.A.14 dialer
[NOTE] The file was moved to '4a4a98af.qua'!
C:\Program Files\Foxmail\mail\MarekX350\in.BOX
[NOTE] The file was moved to '4a0698a8.qua'!
C:\Program Files\Servant Salamander 2.5 RC1\patch.exe
[DETECTION] Is the TR/Gendal.32256.1 Trojan
[NOTE] The file was moved to '4a4c989b.qua'!
C:\Program Files\VertrigoServ\www\fake_login\login.php
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a3f98aa.qua'!
C:\Program Files\VertrigoServ\www\madsoft\novinky.html
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4a4e98aa.qua'!
V:\Games\Mobil\autorun.inf
[DETECTION] Contains recognition pattern of the WORM/Autorun.asb worm
[NOTE] The file was moved to '4a4c98b0.qua'!
V:\Install\W3\Razor1911\warcraft3 keygen.exe
[DETECTION] Is the TR/Spy.61440.F Trojan
[NOTE] The file was moved to '4a4a989c.qua'!
V:\ZALOHA_M4rekX\Appz\Portable APPS\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
[NOTE] The file was moved to '4a4a98aa.qua'!
Y:\007 Quantum of Solace USB\nod\fix+2.70\NOD32.FiX.v2.2.exe
[DETECTION] Is the TR/Dropp.D Trojan
[NOTE] The file was moved to '4a1c988a.qua'!
Y:\007 Quantum of Solace USB\nod\NOD 1\NOD32.FiX.v2.2-nsane.exe
[DETECTION] Is the TR/Dropp.D Trojan
[NOTE] The file was moved to '48c2a833.qua'!
Y:\C_PLOCHA\Temy+k800i\themes\FAR_RED_52.RAR
[NOTE] The file was moved to '4a2a987c.qua'!
Y:\DVD2\Ostatné\fake_login.rar
[NOTE] The file was moved to '4a43989d.qua'!
Y:\DVD2\Ostatné\cs_map\OGC Speedhack.exe
[DETECTION] Contains recognition pattern of the DR/PSW.QQPass.JD dropper
[NOTE] The file was moved to '4a1b9883.qua'!
Y:\DVD2\Ostatné\cs_map\OGC Speedhack\speed.exe
[DETECTION] Is the TR/Agent.13824.15 Trojan
[NOTE] The file was moved to '4a3d98ac.qua'!
Y:\DVD2\PORTABLE+DUGINHO\Portable_appz.rar
[NOTE] The file was moved to '4a4a98ab.qua'!
Y:\DVD2\PORTABLE+DUGINHO\portable20070429100006\portable\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
[NOTE] The file was moved to '4a4a98b9.qua'!
Y:\DVD2\Programing\madsoft.ic.cz\novinky.html
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4a4e98b9.qua'!
Y:\DVD3\Softwares\bsplayer212.941_clip.exe
[NOTE] The file was moved to '4a4898bd.qua'!
Y:\DVD4\Photoshop CS2\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
[NOTE] The file was moved to '4a5198b1.qua'!
Y:\DVD4\Photoshop CS2\Photoshop_CS2\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
[NOTE] The file was moved to '48f8be8a.qua'!
Y:\DVD4\USB DISK 25_APRIL_2007\Programy\Programx\irfan399.zip
[NOTE] The file was moved to '4a3e98be.qua'!
Y:\DVD5\10_jun_2007\Pinnacle Studio KEYGEN\keygen.exe
[DETECTION] Is the TR/Renaz.66952 Trojan
[NOTE] The file was moved to '4a5198b3.qua'!
Y:\DVD6\16.máj_2007\wz_cz_exploit.vbs
[DETECTION] Contains recognition pattern of the HTML/ADODB.Exploit.Gen HTML script virus
[NOTE] The file was moved to '4a3798c8.qua'!
Y:\DVD6\25.februar\Toto_si_stiahnite\irfan399.zip
[NOTE] The file was moved to '4a3e98c0.qua'!
Y:\DVD6\Other\13.augusta_2007\acid_4_pro.rar
[NOTE] The file was moved to '4a4198b2.qua'!
Y:\DVD6\Programing\qip8000\Users\322408280\RcvdFiles\326676309_Wolf\CC3_Keygen.exe
[DETECTION] Is the TR/Agent.448345 Trojan
[NOTE] The file was moved to '4a0b9897.qua'!
Z:\USB_2_jul_2007\Other\Programy\Programx\irfan399.zip
[NOTE] The file was moved to '4a3e98c6.qua'!
Z:\usb_fofiho_4_jul\Applications\Adobe Illustrator CS2 - v12.0 FULL\Keygen\keygen.exe
[DETECTION] Is the TR/Agent.59904.B Trojan
[NOTE] The file was moved to '4a5198ba.qua'!
Z:\usb_fofiho_4_jul\Applications\Winamp.Pro.v5.54.Multilingual.Incl.Keymaker-CORE\keygen.exe
[DETECTION] Is the TR/Agent.14336.L Trojan
[NOTE] The file was moved to '48ec6f33.qua'!
Z:\usb_fofiho_4_jul\Applications\Portable APPS\PowerDVD\Portable PowerDVD.exe
[DETECTION] Is the TR/Drop.SGR.38 Trojan
[NOTE] The file was moved to '4a4a98c5.qua'!


End of the scan: 5. apríla 2009 13:39
Used time: 4:28:24 Hour(s)

The scan has been done completely.

24540 Scanned directories
1063032 Files were scanned
37 Viruses and/or unwanted programs were found
2 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
36 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
1062990 Files not concerned
18150 Archives were scanned
48 Warnings
39 Notes



_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 09.05.10
Príspevky: 147
Témy: 1 | 1
Bydlisko: Sereď
NapísalOffline : 05.04.2009 14:07 | n1deiect.com, amvo.exe

Ako pozeram ten log tak samy crack, keygen, hack ... jedine normalne co tam vidim ze zmazalo autorun.inf a par falsnych poplachov.

Malo by to byt OK. A za tie cracky, keygeny atd si uz mozes sam ...


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 04.05.07
Prihlásený: 16.01.11
Príspevky: 192
Témy: 32 | 32
NapísalOffline : 05.04.2009 19:20 | n1deiect.com, amvo.exe

...nechapem ta... tolko kvalitneho free softu je na svete, niekedy lepsieho ako plateny a ludia stale stahuju nelegalny soft...

pozri sa napr. po nejakom radsej na tejto stranke

http://www.techsupportalert.com/

pre bezne pouzitie nepotrebujes ziadne platene programy


Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 20.02.07
Prihlásený: 19.11.09
Príspevky: 161
Témy: 17 | 17
Bydlisko: Myjava
Napísal autor témyOffline : 05.04.2009 21:48 | n1deiect.com, amvo.exe

tantum, fiiha díky to som ani nevedel o tomto ...

a čo sa tyka programov tak ide o to že som študent a moj príjem je prax a prípadne práce čo sa mi podari zohnat na nete že niečo niekomu spravím ... tzn že nemam ocinka milionara ktory by mi kupil software ktory si povjem a zo svojho si to dovolit zatial nemôžem ... ale ked budem mat keše tak si ich kupim...

tak ako sa snažim podporovat hudobnu scenu (kupou originalov)
a aktualne aj playstation 3 plus hry setko origo tak sa dostanem aj k PC časom...

bayo, jop jako inak mne ten windows ide už 5 rokov bez formatovania disku, bez antivirusu, firewallu atd.. jedine čo som mal bol Spyware Terminator ... a vypaty Win Firewall, aktualizacie... :)

Díky ešte raz..

ešte preventívne Log z HJT:
Citácia:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:37, on 5.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe
C:\Program Files\QIP\qip.exe
C:\Documents and Settings\M4rekX\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF853669-B088-4C83-B733-AF10DADDCEF0}: NameServer = 213.151.208.161 213.151.200.30
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: M-Audio Fast Track Installer (FastTrackInstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\Fast Track USB\MAUSBFTInst.exe
O23 - Service: M-Audio USB Installer (MAudioUSBService) - M-Audio - C:\Program Files\M-Audio\Fast Track Pro\MAUSBInst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

--
End of file - 4690 bytes


Povedal by som že už som čisty ... ;)


_________________
M4rekX
Offline

Užívateľ
Užívateľ
n1deiect.com, amvo.exe

Registrovaný: 19.02.09
Prihlásený: 09.05.10
Príspevky: 147
Témy: 1 | 1
Bydlisko: Sereď
NapísalOffline : 06.04.2009 7:09 | n1deiect.com, amvo.exe

Vyzera to cisto..


 [ Príspevkov: 15 ] 


n1deiect.com, amvo.exe



Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy.

dllhost.exe COM Surrogate

v Operačné systémy Microsoft

12

240

04.05.2013 18:58

BleakCloud

V tomto fóre nie sú ďalšie neprečítané témy.

explorer.exe, dllhost.exe - vyťaženie 100% CPU

v Antivíry a antispywary

3

1429

24.01.2012 15:41

Reverser

V tomto fóre nie sú ďalšie neprečítané témy.

egui.exe a ekern.exe

v Antivíry a antispywary

4

865

24.04.2010 15:32

feldino

V tomto fóre nie sú ďalšie neprečítané témy.

.exe

v Operačné systémy Microsoft

1

82

19.05.2015 20:16

liqua1

V tomto fóre nie sú ďalšie neprečítané témy.

Kdbsync.exe

v Ovládače

9

521

07.01.2013 5:31

skorab

V tomto fóre nie sú ďalšie neprečítané témy.

Explorer.exe

v Operačné systémy Microsoft

8

1044

21.02.2010 17:28

Bluedragon12

V tomto fóre nie sú ďalšie neprečítané témy.

svchost.exe

v Antivíry a antispywary

3

1048

24.11.2007 19:38

Rbot

V tomto fóre nie sú ďalšie neprečítané témy.

wizzcaster.exe

v Antivíry a antispywary

5

152

31.12.2016 16:10

Pedro84

V tomto fóre nie sú ďalšie neprečítané témy.

winutly.exe

v Operačné systémy Microsoft

9

1029

29.06.2009 21:46

markopolo

V tomto fóre nie sú ďalšie neprečítané témy.

lsaas.exe

v Operačné systémy Microsoft

1

47

18.12.2012 19:05

personal compuper

V tomto fóre nie sú ďalšie neprečítané témy.

Issas.exe

v Operačné systémy Microsoft

10

1974

23.03.2008 18:45

cipo11

V tomto fóre nie sú ďalšie neprečítané témy.

Launcher.exe

v Ostatné programy

2

76

09.03.2013 12:30

walther

V tomto fóre nie sú ďalšie neprečítané témy.

Nircmd.exe

v Antivíry a antispywary

1

526

16.02.2009 19:08

CoderMan

V tomto fóre nie sú ďalšie neprečítané témy.

svshost.exe

v Antivíry a antispywary

3

392

22.05.2010 11:33

Dzin

V tomto fóre nie sú ďalšie neprečítané témy.

svchost.exe

v Operačné systémy Microsoft

5

457

16.06.2006 16:44

Luks

V tomto fóre nie sú ďalšie neprečítané témy.

PING.exe

v Ostatné programy

2

321

28.10.2011 19:26

miso7554



© 2005 - 2017 PCforum, edited by JanoF