Obsah fóra
PravidláRegistrovaťPrihlásenie

Obsah fóra » Software » Antivíry, bezpečnosť a sieť » Bezpečnosť a firewally » velky problem s virusom





Odpovedať na tému Stránka: 1 z 2
 [ Príspevkov: 33 ] Choď na stránku: 1, 2 ďalšia
AutorSpráva
Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok NapísalOffline miroslavmi71: 17.09.2009 14:00

cawte.windows mi oznamil ze mam v pc trojkeho kona ktory trocha zasiahol windows ci co uz som ten vir cez ess4 odstranil ale windows mi vzdy pise ze ak chcem aby som tie chyby sposobene tym virusom odstranil tak mam poslat sms v tvare...ale ja ju poslat nemozem bo mi pise na mobile nezmamy prijemca...pls poradte co najskor...uz som sa dozvedel na inom fore ze to nepise windows ale ten virus sa som nou hraje


Offline erikoo

Zmazaný užívateľ
Zmazaný užívateľ
Obrázok užívateľa
Príspevok NapísalOffline erikoo: 17.09.2009 18:38

miroslavmi71 píše:
...uz som sa dozvedel na inom fore ze to nepise windows ale ten virus sa som nou hraje

To bude najpravdepodobnejšia možnosť :-) .
Format C:\.


Offline Ďuri

Čestný člen
Čestný člen
velky problem s virusom

Registrovaný: 11.08.07
Príspevky: 4088
Témy: 34
Bydlisko: Brno
Príspevok NapísalOffline Ďuri: 17.09.2009 18:41

http://www.pcforum.sk/cistime-napadnuty ... 54491.html


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline pitimir: 17.09.2009 18:44

Nazdar, nic neposielaj a riad sa instrukciami. Ak tam nic ine nemas, tak mu dame raz-dva na drzku ;)

Stiahni RSIT. Spust, klik na "Continue". Po dokoneceni by se ti mal otvorit textovy subor. Ten skopiruj sem.
Pokial by sa nieco stalo, najdes ho aj na adrese "C:\rsit\log.txt".


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 17.09.2009 20:47

tu to mas...co s tim???:

Logfile of random's system information tool 1.06 (written by random/random)
Run by miro at 2009-09-17 20:45:08
Systém Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 14 GB (46%) free of 30 GB
Total RAM: 2046 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:45:17, on 17. 9. 2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
E:\grand theft auto 4\Grand Theft Auto IV\RGSC\1_1_3_0\RGSC.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\programy proti virusom\RSIT.exe
C:\Program Files\trend micro\miro.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\spybot\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - E:\midpx\JadInvoker\MidpInvoker.dll
O2 - BHO: SweetIM Toolbar Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - E:\midpx\JadInvoker\MidpInvoker.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RGSC] E:\grand theft auto 4\Grand Theft Auto IV\RGSC\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "E:\burnout paradise\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\daemon tools\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\spybot\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: system32.lnk = C:\WINDOWS\winapp\ssh.exe
O4 - Global Startup: 2x-Office.lnk = ?
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - E:\midpx\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra 'Tools' menuitem: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\Program Files\Software602\Print2PDF\Print602.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\spybot\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\spybot\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\icq 6.5\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\icq 6.5\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9d2f5669b1ad2) (gupdate1c9d2f5669b1ad2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10150 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{59DF31A7-48AC-4BB1-AC64-D1EAADD7EF4E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - E:\spybot\Spybot - Search & Destroy\SDHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-20 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}]
Kwyshell MidpX - E:\midpx\JadInvoker\MidpInvoker.dll [2004-12-03 100864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431}
{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - Kwyshell MidpX - E:\midpx\JadInvoker\MidpInvoker.dll [2004-12-03 100864]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-08-26 16851456]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"GEST"=m‘|\ü []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-04-09 2029640]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-03-05 111928]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2008-10-03 77824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-28 61440]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]
"PCSuiteTrayApplication"=E:\nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe -startup []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-20 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"RGSC"=E:\grand theft auto 4\Grand Theft Auto IV\RGSC\RGSCLauncher.exe [2009-05-13 306088]
"OEXPRESS"= []
"fsm"= []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024]
"EA Core"=E:\burnout paradise\EADM\Core.exe -silent []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-06-30 25604904]
"DAEMON Tools Lite"=E:\daemon tools\DAEMON Tools Lite\daemon.exe -autorun []
"SpybotSD TeaTimer"=E:\spybot\Spybot - Search & Destroy\TeaTimer.exe []
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-10 218032]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
2x-Office.lnk - E:\mouse driver\Juchin Mouse.exe
AVer HID Receiver.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

C:\Documents and Settings\miro\Start Menu\Programs\Startup
system32.lnk - C:\WINDOWS\winapp\ssh.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-29 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\icq 6.5\ICQ6.5\ICQ.exe"="E:\icq 6.5\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"E:\utorrent\uTorrent.exe"="E:\utorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\wheelman\Binaries\WheelmanGame-Final.exe"="E:\wheelman\Binaries\WheelmanGame-Final.exe:*:Enabled:Wheelman"
"E:\assasins creed cz game\AssassinsCreed_Dx9.exe"="E:\assasins creed cz game\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"E:\assasins creed cz game\AssassinsCreed_Dx10.exe"="E:\assasins creed cz game\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"E:\assasins creed cz game\AssassinsCreed_Launcher.exe"="E:\assasins creed cz game\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"E:\far-cry 2\Far Cry 2\bin\FarCry2.exe"="E:\far-cry 2\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"E:\far-cry 2\Far Cry 2\bin\FC2Launcher.exe"="E:\far-cry 2\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"E:\far-cry 2\Far Cry 2\bin\FC2Editor.exe"="E:\far-cry 2\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"E:\fuel\FUEL.exe"="E:\fuel\FUEL.exe:*:Enabled:FUEL"
"E:\delta force 2\dfx2.exe"="E:\delta force 2\dfx2.exe:*:Enabled:Delta Force Xtreme 2"
"E:\delta force 2\UPDATE.EXE"="E:\delta force 2\UPDATE.EXE:*:Enabled:Delta Force Xtreme 2"
"E:\pro evolution soccer 2009\pes2009.exe"="E:\pro evolution soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"E:\ghost recon aw 2\Ghost Recon Advanced Warfighter 2\graw2.exe"="E:\ghost recon aw 2\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2"
"E:\ghost recon aw 2\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe"="E:\ghost recon aw 2\Ghost Recon Advanced Warfighter 2\graw2_dedicated.exe:*:Enabled:Vyhrazený server Ghost Recon Advanced Warfighter® 2"
"E:\juiced 2\Juiced2_HIN.exe"="E:\juiced 2\Juiced2_HIN.exe:*:Enabled:Juiced2_HIN"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4915c914-8383-11de-99c9-00241d22d8d3}]
shell\AutoRun\command - H:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-09-17 20:45:08 ----D---- C:\rsit
2009-09-17 20:45:08 ----D---- C:\Program Files\trend micro
2009-09-17 15:35:05 ----D---- C:\WINDOWS\winapp
2009-09-16 22:04:44 ----D---- C:\WINDOWS\applic
2009-09-08 19:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-08 19:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-04 14:16:15 ----D---- C:\Program Files\Common Files\DirectX
2009-08-26 22:41:43 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-22 16:06:59 ----D---- C:\WINDOWS\Sun
2009-08-20 11:42:08 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-20 11:42:08 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-20 11:42:08 ----A---- C:\WINDOWS\system32\java.exe
2009-08-20 11:42:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-20 11:41:53 ----D---- C:\Program Files\Java
2009-08-20 11:41:30 ----D---- C:\Documents and Settings\miro\Application Data\Sun
2009-08-19 03:22:02 ----D---- C:\Documents and Settings\miro\Application Data\2K Sports
2009-08-18 11:50:21 ----A---- C:\WINDOWS\system32\Juchinsetmenu.exe

======List of files/folders modified in the last 1 months======

2009-09-17 20:45:11 ----D---- C:\WINDOWS\Prefetch
2009-09-17 20:45:09 ----D---- C:\WINDOWS\Temp
2009-09-17 20:45:08 ----RD---- C:\Program Files
2009-09-17 20:05:48 ----D---- C:\Documents and Settings\miro\Application Data\Skype
2009-09-17 19:06:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-17 19:06:02 ----D---- C:\Documents and Settings\miro\Application Data\skypePM
2009-09-17 19:05:33 ----D---- C:\WINDOWS
2009-09-17 18:55:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-17 15:35:07 ----D---- C:\Program Files\Electronic Arts
2009-09-17 14:56:10 ----D---- C:\Documents and Settings\miro\Application Data\Mozilla
2009-09-16 22:13:49 ----D---- C:\Documents and Settings\miro\Application Data\Desktopicon
2009-09-16 21:21:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-16 15:30:28 ----SHD---- C:\WINDOWS\Installer
2009-09-16 15:22:50 ----D---- C:\WINDOWS\system32\DirectX
2009-09-16 15:22:48 ----HD---- C:\WINDOWS\inf
2009-09-16 15:21:46 ----RSD---- C:\WINDOWS\assembly
2009-09-16 15:19:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-09-16 15:18:59 ----D---- C:\Program Files\AGEIA Technologies
2009-09-16 15:18:18 ----D---- C:\WINDOWS\system32
2009-09-16 12:35:07 ----A---- C:\WINDOWS\wincmd.ini
2009-09-14 22:22:31 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-09-14 19:13:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-14 19:13:31 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-09-13 21:06:48 ----D---- C:\Documents and Settings\miro\Application Data\ICQ
2009-09-13 19:36:49 ----A---- C:\WINDOWS\WDICT32.INI
2009-09-13 18:58:18 ----D---- C:\Documents and Settings\miro\Application Data\InstallShield
2009-09-13 18:46:12 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-12 19:15:06 ----A---- C:\WINDOWS\WINTRAN.INI
2009-09-08 19:27:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-08 19:27:23 ----A---- C:\WINDOWS\imsins.BAK
2009-09-08 19:27:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-08 19:24:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-09-04 14:15:49 ----D---- C:\Documents and Settings\miro\Application Data\THQ
2009-09-04 14:15:26 ----A---- C:\WINDOWS\win.ini
2009-09-03 18:33:51 ----D---- C:\WINDOWS\system32\drivers
2009-09-01 21:00:16 ----A---- C:\WINDOWS\PROFITL.INI
2009-08-28 23:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-19 23:08:34 ----D---- C:\Documents and Settings\miro\Application Data\uTorrent
2009-08-18 20:30:19 ----A---- C:\WINDOWS\AVerText.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-04-09 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-04-09 55768]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-04-09 113960]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-04-09 133000]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-29 3643904]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service; C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys [2008-08-27 1238272]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-04-09 33096]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-27 4754432]
R3 Juchin;Juchin; \??\C:\WINDOWS\System32\Drivers\Juchin.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ar5hop73;ar5hop73; C:\WINDOWS\system32\drivers\ar5hop73.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2008-08-26 3684352]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-29 602112]
R2 AVerRemote;AVerRemote; C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2008-09-10 352256]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-10-09 413696]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-04-09 731840]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-20 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-07-23 66872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-28 593920]
S2 gupdate1c9d2f5669b1ad2;Google Update Service (gupdate1c9d2f5669b1ad2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-12 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-04-09 20680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline pitimir: 17.09.2009 20:53

Co s tym? Ide o priamarny scaner, poskytuje zakladne info o systeme. Teraz pouzi ComboFix, ten by si s tym mal poradit:

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 18.09.2009 12:06

to ako mam odinstalovat ess4 a ostatne antiviraky alebo ich vypnut???a vlastne ako vypnem ess4


Offline citizen

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 27.05.09
Prihlásený: 19.09.21
Príspevky: 374
Témy: 27
Príspevok NapísalOffline citizen: 18.09.2009 12:11

skus ctrl+alt+del a daj ho takto vypnut.nie odinstalovat len vypnut vsetko ake programy bezia..hry surfovanie zatvor muziku atd atd


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 18.09.2009 12:22

aha ty si myslel len aby som nemal zapnuty antivirak cize nemam prechadzat pc cez antivirak...taze nemusim vypinat vsetky csti antiviraku:spyware,spam...???


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline pitimir: 18.09.2009 17:35

Hlavne uz vloz ten log.


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 19.09.2009 13:47

ale pri zapinani pc mi vzdy ukazuje pc o tom viruse a uz m i tam pise ze pokial 8x zapnem pc tak bude system zablokovany... to potom ako zapnem pc???... kolko vlastne stoji ta sms co mi vzdy vypisuje??? a v dalsom pripajam ten log :ComboFix 09-09-17.04 - miro . 09. 2009 13:58.1.2 - NTFSx86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.2046.1414 [GMT 2:00]
Running from: c:\documents and settings\miro\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\miro\Local Settings\Application Data\DoubleD
c:\documents and settings\miro\Local Settings\Temporary Internet Files\_tm149A.tmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\_tm5C.tmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\_tm800.tmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\_tm980.tmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\bg.jpg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\CurrentVersion.xml
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Data\ProductInfo.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\ExtractZipFile.zip
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\icon.ico
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\tdf.dat
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\248d6576afce4ee94af42d7350131106.gif
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\24a70fb875fab686b6b3c217612bc07c.gif
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\2afcf6f3f2e19cc42d7f72f3b18b26ef.gif
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\50bffa6936b3e661971a58e3c8bdf4cb.gif
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\default1.dat
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.dat
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Cache\loading.gif
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Cursor.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_DailyVideo.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Game.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Glitter.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Logo.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Option.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Recipe.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Ringtone.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Screensaver.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Search.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_Config.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Smiley_TellAFriend.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Wallpaper.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\Module_Web.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\pixel.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ProductInfo.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\profile.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\SearchEngineList.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\tbcore.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\ToolbarLayout.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentre.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\UpdateCentreBk.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLDynamic.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Data\URLStatic.mx
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\About.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Component_ComboBox.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Cursor.png
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_DailyVideo.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Game.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Glitter.png
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Logo.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Option.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Recipe.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Ringtone.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Screensaver.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Search.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Smiley.png
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Wallpaper.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\Module_Web.mg
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDefault.png
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay.png
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay18.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnDisplay20.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters.png
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters18.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnGlitters20.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnOption.png
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley.png
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley18.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnSmiley20.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd.png
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd18.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnTellFd20.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink.png
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink18.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Icons\TBBtnWink20.bmp
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin1.skf
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin2.skf
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin3.skf
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\myskin4.skf
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin.skf
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\TellafriendSkin_s.skf
c:\documents and settings\miro\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\TDF\Skins\ToastSkin.skf
c:\documents and settings\miro\Local Settings\Temporary Internet Files\stb06759.tmp
c:\windows\Installer\527457.msi
c:\windows\Installer\9560.msi
c:\windows\Installer\e4c85.msi

.
((((((((((((((((((((((((( Files Created from 2009-08-19 to 2009-09-19 )))))))))))))))))))))))))))))))
.

2009-09-17 18:45 . 2009-09-17 18:45 -------- d-----w- C:\rsit
2009-09-17 18:45 . 2009-09-17 18:45 -------- d-----w- c:\program files\trend micro
2009-09-17 13:35 . 2009-09-17 13:35 -------- d-----w- c:\windows\winapp
2009-09-16 20:04 . 2009-09-17 11:44 -------- d-----w- c:\windows\applic
2009-09-13 17:00 . 2009-09-13 17:00 -------- d-----w- c:\documents and settings\miro\Local Settings\Application Data\Ubisoft
2009-09-08 17:24 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-04 12:16 . 2009-09-04 12:16 -------- d-----w- c:\program files\Common Files\DirectX
2009-08-22 14:06 . 2009-08-22 14:06 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 12:03 . 2009-07-05 18:36 -------- d-----w- c:\documents and settings\miro\Application Data\Skype
2009-09-19 11:43 . 2009-05-12 15:01 2702064 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-19 09:34 . 2009-07-05 18:59 -------- d-----w- c:\documents and settings\miro\Application Data\skypePM
2009-09-17 13:35 . 2009-06-07 15:16 -------- d-----w- c:\program files\Electronic Arts
2009-09-16 20:13 . 2009-07-24 11:58 -------- d-----w- c:\documents and settings\miro\Application Data\Desktopicon
2009-09-16 13:19 . 2009-05-26 15:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-16 13:18 . 2009-05-26 15:32 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-14 20:22 . 2009-05-13 09:49 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-14 20:22 . 2009-05-13 09:49 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-14 17:13 . 2009-05-07 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-14 17:13 . 2009-05-24 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2009-09-13 19:06 . 2009-05-11 21:14 -------- d-----w- c:\documents and settings\miro\Application Data\ICQ
2009-09-13 16:58 . 2009-05-14 19:12 -------- d-----w- c:\documents and settings\miro\Application Data\InstallShield
2009-09-08 17:24 . 2009-05-17 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-04 12:15 . 2009-05-22 17:51 -------- d-----w- c:\documents and settings\miro\Application Data\THQ
2009-08-20 09:41 . 2009-08-20 09:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-20 09:41 . 2009-08-20 09:41 -------- d-----w- c:\program files\Java
2009-08-19 21:08 . 2009-05-16 08:00 -------- d-----w- c:\documents and settings\miro\Application Data\uTorrent
2009-08-19 01:22 . 2009-08-19 01:22 -------- d-----w- c:\documents and settings\miro\Application Data\2K Sports
2009-08-07 20:15 . 2009-08-07 18:52 -------- d-----w- c:\documents and settings\miro\Application Data\U3
2009-08-05 18:20 . 2009-08-05 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 17:19 . 2009-08-02 17:19 -------- d-----w- c:\program files\Imesh Mp3 Downloader
2009-08-02 08:40 . 2009-07-01 17:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-23 19:54 . 2009-05-13 09:49 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-23 16:57 . 2009-07-23 16:57 -------- d-----w- c:\program files\Common Files\BUSINESS OBJECTS
2009-07-22 19:04 . 2009-07-22 19:04 347976 ----a-w- C:\MZDY0000.zip
2009-07-20 07:34 . 2009-07-20 07:34 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 18:59 . 2009-07-05 18:59 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2006-02-28 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-02-28 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-02-28 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-02-28 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2006-02-28 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2006-02-28 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 10:22 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="e:\grand theft auto 4\Grand Theft Auto IV\RGSC\RGSCLauncher.exe" [2009-05-13 306088]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-30 25604904]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-03-05 111928]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2008-10-03 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-20 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-08-26 16851456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\miro\Start Menu\Programs\Startup\
system32.lnk - c:\windows\winapp\ssh.exe [2009-9-17 28672]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\icq 6.5\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [30. 7. 2008 7:51 277736]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [7. 5. 2009 18:03 352256]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [7. 5. 2009 18:03 413696]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [11. 5. 2009 23:14 222456]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [7. 5. 2009 17:12 89600]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [7. 5. 2009 18:04 1238272]
R3 Juchin;Juchin;c:\windows\system32\drivers\Juchin.sys [18. 8. 2009 11:50 9984]
S2 gupdate1c9d2f5669b1ad2;Google Update Service (gupdate1c9d2f5669b1ad2);c:\program files\Google\Update\GoogleUpdate.exe [12. 5. 2009 13:32 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:32]

2009-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-12 11:32]

2009-09-18 c:\windows\Tasks\User_Feed_Synchronization-{59DF31A7-48AC-4BB1-AC64-D1EAADD7EF4E}.job
- c:\windows\system32\msfeedssync.exe [2009-08-02 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Link to &MidpX - e:\midpx\JadInvoker\Extent\jad_wrap.htm
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-EA Core - e:\burnout paradise\EADM\Core.exe
HKCU-Run-DAEMON Tools Lite - e:\daemon tools\DAEMON Tools Lite\daemon.exe
HKCU-Run-SpybotSD TeaTimer - e:\spybot\Spybot - Search & Destroy\TeaTimer.exe
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-fsm - (no file)
HKLM-Run-PCSuiteTrayApplication - e:\nokia pc suite\Nokia PC Suite 6\LaunchApplication.exe
HKU-Default-Run-Nokia.PCSync - e:\nokia pc suite\Nokia PC Suite 6\PcSync2.exe
AddRemove-AVS Update Manager_is1 - c:\program files\AVS4YOU\AVSUpdateManger\unins000.exe
AddRemove-AVS4YOU Software Navigator_is1 - c:\program files\AVS4YOU\AVSSoftwareNavigator\unins000.exe
AddRemove-AVS4YOU Video Converter 6_is1 - e:\avs\AVSVideoConverter6\unins000.exe
AddRemove-Counter-Strike: Source - e:\counter-strike source\Uninst.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-EADM - e:\burnout paradise\EADM\Uninstall.exe
AddRemove-MV2Player - e:\mv2 player\Mv2Player\uninst.exe
AddRemove-NFS Pro Street - e:\need for speed pro street\Need for Speed ProStreet\Uninstall NFSPS_SK.exe
AddRemove-RAR Password Cracker - e:\program na zistovanie hesiel\RAR Password Cracker\uninstall.exe
AddRemove-Totalcmd - e:\total comander\totalcmd\tcuninst.exe
AddRemove-VMCPlayer_is1 - e:\3gp player\VMCPlayer\unins000.exe
AddRemove-WinX DVD Player_is1 - e:\dvd player\WinX DVD Player 3.0\unins000.exe
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.0.850\unins000.exe
AddRemove-{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1 - c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - e:\spybot\Spybot - Search & Destroy\unins000.exe
AddRemove-{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 - c:\program files\System Search Dispatcher\1.3.0.840\unins000.exe
AddRemove-{C5A9382C-C87E-4A98-80FB-988F3D71FCEB}_is1 - e:\3gp convertor\3GP Converter\unins000.exe
AddRemove-{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1 - e:\vdownloader 0.83\VDOWNLOADER\unins000.exe
AddRemove-uTorrent - e:\utorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 14:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-602162358-725345543-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,d7,39,1e,59,bb,7d,ed,84,23,15,5c,57,f0,7a,74,0f,57,07,df,0e,94,75,
1c,2d,68,87,a4,f4,5b,af,81,cb,79,0c,2d,9a,7d,03,54,d7,8e,b0,7b,ab,b1,d0,4d,\
"??"=hex:04,fc,7a,01,db,ad,04,c9,90,a9,00,48,f8,01,88,41

[HKEY_USERS\S-1-5-21-1229272821-602162358-725345543-1005\Software\SecuROM\License information*]
"datasecu"=hex:bd,40,b4,0e,1f,3b,e9,85,c0,15,24,56,0b,c2,af,07,fc,f0,63,7e,c0,
58,8d,61,65,db,0e,85,d9,58,dd,6f,0f,2b,0e,60,3e,1d,f9,9d,41,ae,d9,00,68,b5,\
"rkeysecu"=hex:f3,e2,8f,c9,4a,6e,7c,8e,97,f3,e9,99,c1,ce,8b,59

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|ŕťn]
"DisplayName"="?\11???"
"DeviceDesc"="?\11???"
"ProviderName"=""
"MFG"="????Ö"
"ReinstallString"="c:\\WINDOWS\\System32\\ReinstallBackups\\]???\\DriverFiles\\.INF"
"DeviceInstanceIds"=multi:"\0c\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-19 14:04
ComboFix-quarantined-files.txt 2009-09-19 12:04

Pre-Run: 14 124 613 632 bytes free
Post-Run: 10 adresárov, 14 965 174 272 voľných bajtov

315 --- E O F --- 2009-08-26 20:41


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline pitimir: 19.09.2009 19:00

Este stale to nechapes? Ta SMS je jeden velky oblb, vdaka ktoremu autori smejda rizuju na zufalych ludoch...Ale uz ho tlacime, sviniara ;)

1) Otestuj subor(y) na VIRUSTOTALe:

Kód:
c:\windows\system32\drivers\Juchin.sys

Ak vypise, ze subor uz bol testovany, daj ho otestovat znovu. Vysledok posli ako LINK.


2) Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 19.09.2009 19:10

odpoved z tej stranky:
Kód:
Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.24 2009.09.19 -
AhnLab-V3 5.0.0.2 2009.09.19 -
AntiVir 7.9.1.19 2009.09.18 -
Antiy-AVL 2.0.3.7 2009.09.18 -
Authentium 5.1.2.4 2009.09.19 -
Avast 4.8.1351.0 2009.09.18 -
AVG 8.5.0.412 2009.09.19 -
BitDefender 7.2 2009.09.19 -
CAT-QuickHeal 10.00 2009.09.19 -
ClamAV 0.94.1 2009.09.19 -
Comodo 2370 2009.09.19 -
DrWeb 5.0.0.12182 2009.09.19 -
eSafe 7.0.17.0 2009.09.17 -
eTrust-Vet 31.6.6746 2009.09.18 -
F-Prot 4.5.1.85 2009.09.19 -
F-Secure 8.0.14470.0 2009.09.18 -
Fortinet 3.120.0.0 2009.09.19 -
GData 19 2009.09.19 -
Ikarus T3.1.1.72.0 2009.09.19 -
Jiangmin 11.0.800 2009.09.19 -
K7AntiVirus 7.10.849 2009.09.19 -
Kaspersky 7.0.0.125 2009.09.19 -
McAfee 5746 2009.09.19 -
McAfee+Artemis 5745 2009.09.18 -
McAfee-GW-Edition 6.8.5 2009.09.18 -
Microsoft 1.5005 2009.09.19 -
NOD32 4440 2009.09.19 -
Norman 6.01.09 2009.09.18 -
nProtect 2009.1.8.0 2009.09.19 -
Panda 10.0.2.2 2009.09.19 -
PCTools 4.4.2.0 2009.09.19 -
Prevx 3.0 2009.09.19 -
Rising 21.47.52.00 2009.09.19 -
Sophos 4.45.0 2009.09.19 -
Sunbelt 3.2.1858.2 2009.09.19 -
Symantec 1.4.4.12 2009.09.19 -
TheHacker 6.5.0.2.012 2009.09.18 -
TrendMicro 8.950.0.1094 2009.09.18 -
VBA32 3.12.10.10 2009.09.18 -
ViRobot 2009.9.18.1943 2009.09.18 -
VirusBuster 4.6.5.0 2009.09.18 -
Rozšiřující informace
File size: 9984 bytes
MD5...: 5fd2e197ee07459ec21a904e2d25ff42
SHA1..: 7a0fefe0f42e1e3f45a3e3d0c166c5ee39ad1593
SHA256: bac1abe055359de75eb0b4a89ea4f8979f035467a9d46327aeb39470035a9855
ssdeep: 96:WbL0HZZ6uYabHllbZUGJiputC+AVbvwacw0WH4wXsbYV/WQpAjRG5esJNDk7I
0Y9:cUfpXTZzJZnw0umcORGRJFp+G9X
 
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x20be
timedatestamp.....: 0x49dafcd8 (Tue Apr 07 07:12:24 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x480 0x3ac 0x400 5.56 9da7c2edd226704aa82d1f6d5e8a719a
.rdata 0x880 0x106 0x180 3.46 957241fd919085ad8171739b4c9fd90a
.data 0xa00 0xc4 0x100 0.46 0a4e3cb4a6beb601edc6686571aa54b5
PAGE 0xb00 0x1461 0x1480 6.13 fe754f57d332dd488c0c6edb720ba550
INIT 0x1f80 0x4a0 0x500 5.39 4331de710e615770cc4d218da1f9783c
.reloc 0x2480 0x232 0x280 4.74 b3c6afa151d7dc63b59605343c14f2d5

( 2 imports )
> NTOSKRNL.EXE: IoInitializeRemoveLockEx, IoDeleteDevice, IoAttachDeviceToDeviceStack, DbgPrint, ObfDereferenceObject, IoGetAttachedDeviceReference, IoIsWdmVersionAvailable, RtlAssert, IoCreateDevice, IoReleaseRemoveLockEx, IofCallDriver, IofCompleteRequest, IoAcquireRemoveLockEx, IoDetachDevice, IoReleaseRemoveLockAndWaitEx, KeWaitForSingleObject, ExReleaseFastMutexUnsafe, ExAcquireFastMutexUnsafe, KeSetEvent, PoCallDriver, PoStartNextPowerIrp, IoCreateSymbolicLink, RtlInitUnicodeString, IoDeleteSymbolicLink, KeTickCount, KeInitializeEvent
> HAL.DLL: KeGetCurrentIrql

( 0 exports )
 
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
 
packers (Kaspersky): PE_Patch
trid..: Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline pitimir: 19.09.2009 19:13

OK, tak a este ten MbAM.


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 19.09.2009 19:31

akurat cez neho prechadzam pc napisem ako to dopadlo zatial naslo 30 malwerov


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 19.09.2009 19:55

uz mozem ten program odinstalovat???...tu je log:Malwarebytes' Anti-Malware 1.41
Verzia databázy: 2824
Windows 5.1.2600 Service Pack 3

19. 9. 2009 19:55:58
mbam-log-2009-09-19 (19-55-58).txt

Typ kontroly: Úplná (C:\|E:\|)
Objektov kontrolovaných: 226451
Uplynutý cas: 38 minute(s), 18 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 37
Infikovaných registracných hodnôt: 3
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 6
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1.1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{42c23154-00fa-4a93-9de9-3eb523cffff6} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{480098c6-f6ad-4c61-9b5c-2bae228a34d1} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6160f76a-1992-4b17-a32d-0c706d159105} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{803e73fe-cb73-4d49-8aff-653fd6f44171} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{877f3eab-4462-44df-8475-6064eafd7fbf} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{57aba38e-6535-48f3-99fd-efdc62137c78} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2e8e2100-98cb-4aac-9480-63a281acaff5} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fb17508-0bf4-4fde-845a-323a1052957c} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51b67a88-02d0-43cb-8d12-5ca3e2d4cf49} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d44cc2fb-77b8-48a5-a5dc-f961f2d258fb} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0514c9b0-e4c6-4d6b-a3a6-b38bc280b115} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{883dfc00-8a21-411d-956c-73a4e4b7d16f} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{ac5ab953-ed25-4f9c-87f0-b086b0178ffa} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c28a0312-c403-417b-a425-a915bc0519cd} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d335d84d-61d8-4b5f-9c4e-067dc8b27ed5} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.dll (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Outlook\Addins\OEActiveXDLL.DesktopOEAddin1 (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> Quarantined and deleted successfully.

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
C:\Documents and Settings\miro\Local Settings\Application Data\Internet Saving Optimizer (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\miro\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\miro\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340 (Adware.DoubleD) -> Files: 359 -> Quarantined and deleted successfully.
C:\Documents and Settings\miro\Local Settings\Application Data\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\miro\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\miro\Local Settings\Application Data\Media Access Startup\1.5.0.850 (Adware.DoubleD) -> Files: 361 -> Quarantined and deleted successfully.

Infikovaných súborov:
(Žiadne škodlivé položky)


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 20.09.2009 12:27

je na to este niejake riesenie???lebo vzdy mi to zobrazuje...ja som si nasiel dajaky program ktory aj opravuje windows ci co tu je link:
Kód:
http://www.skodlivysoftware.cz/informace/ultimate-process-manager
...ale ja s tim program nwm robit po dokonceni scanovania mi vypise dajake subory a ja nwm co dalej


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline pitimir: 20.09.2009 14:01

V prvom rade uz nic nerob na vlastnu past a nic ine nespustaj a neinstaluj. Zbytocne tym komplikujes robotu.

Stiahni RootRepeal. Spustis program, kliknes na "Report" -> "Scan" a zafajknes vsetky polozky. Stlac "OK" a spusti sa scan. Po jeho dokonceni klik na "Save Report" a vzniknuty log skopiruj sem.


Offline ac.milan

Správca fóra
Správca fóra
velky problem s virusom

Registrovaný: 17.04.08
Prihlásený: 08.04.24
Príspevky: 13258
Témy: 420
Bydlisko: Myjava
Príspevok NapísalOffline ac.milan: 20.09.2009 14:26

miroslavmi71 - toto bol tvoj posledny spam/posthunting. neposluchas rady pitimir-a, robis si co chces a teda akekolvek rady su pre teba zbytocne.







_________________
PC: MSI B450 GAMING PLUS / AMD Ryzen 5 2600 / SilentiumPC Fera 3 HE1224 / ADATA XPG Spectrix D40 DDR4 2x8GB / Gainward GeForce GTX 1060 Phoenix 6GB / Adata XPG Gammix S11 M.2 SSD 480GB NVMe / Seagate BarraCuda HDD 2TB / WD Green 4TB / WD My Book Essential 3.0 2000GB / WD Elements 2000GB / ASUS BW-16D1HT / Creative Sound Blaster Audigy RX / Corsair CX450M / SilentiumPC Regnum RG4T / Dell P2719H / Microsoft Natural Ergonomic Keyboard 4000 / Logitech G102 Prodigy Gaming Mouse / Microlab SOLO9C / Microlab B77 / SONY WH-1000XM4 / Koss Porta Pro / Microsoft Windows 10 64-bit FPP
PC (history): ASUS M4A785TD-V EVO / Athlon II X4 640 / Hynix 8GB (2x4GB) DDR3 1600 MHz / Sapphire HD7750 1GB Ultimate Silent Series / AMD Radeon R3 120GB / Seagate 7200.12 500GB / Samsung SH-S223L / Creative Sound Blaster X-Fi XtremeMusic / Axago PCEU-43R USB3.0 / TP-LINK TG-3269 / Corsair VS450 / 24" BenQ G2420HDBL / Gigabyte GT-U8300
NTB: Huawei MateBook D15 NTB2: Alcatel PLUS 10 LTE NTB3: MSI M670X-091SK / Transcend 2x1GB DDR2 667MHz
Phone: Samsung Galaxy S9 Phone2: Samsung Galaxy S20+
Turntable: Tesla NC 470 / Ortofon OM 5E
Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 20.09.2009 14:28

sory...trocha som sa splasil bo som sa zlakol toho ze uz potom nezapnem pc a mam ho iba par mesiacov a oco po mne vkuse vrieskal zeby som s tim daco urobil ta som skusal


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 20.09.2009 14:36

a tu je log:ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/20 14:29
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAAD57000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5E2000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP2732
Image Path: \Driver\PCI_PNP2732
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA752B000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spng.sys
Image Path: spng.sys
Address: 0xB9EA6000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\miro\local settings\temp\~df518f.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x899f18a0

#: 041 Function Name: NtCreateKey
Status: Hooked by "spng.sys" at address 0xb9ea70e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spng.sys" at address 0xb9ec5ca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spng.sys" at address 0xb9ec6032

#: 119 Function Name: NtOpenKey
Status: Hooked by "spng.sys" at address 0xb9ea70c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x899f0cb0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x899f10d0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spng.sys" at address 0xb9ec610a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spng.sys" at address 0xb9ec5f8a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spng.sys" at address 0xb9ec619c

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x899f16d0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x899f14f0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x899f0ee0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x899f1310

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x8a53c6f0]
Process: System Address: 0x899ef930 Size: 1000

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a7e21f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x87800358 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a58c1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a58c1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a58c1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a58c1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a58c1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a58c1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a58c1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a58c1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a58c1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a58c1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a58c1f8 Size: 121

Object: Hidden Code [Driver: prodrv06ࠅ灐†ࠁం汇歮, IRP_MJ_CREATE]
Process: System Address: 0xe2018660 Size: 2465

Object: Hidden Code [Driver: prodrv06ࠅ灐†ࠁం汇歮, IRP_MJ_CLOSE]
Process: System Address: 0xe2018660 Size: 2465

Object: Hidden Code [Driver: prodrv06ࠅ灐†ࠁం汇歮, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0xe2018660 Size: 2465

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x8a3b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x8a3b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x8a3b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3b3500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x8a3b3500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a8551f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a8551f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a8551f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a8551f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a8551f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a8551f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a8551f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a8551f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a8551f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a8551f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a8551f8 Size: 121

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE]
Process: System Address: 0xe18751b8 Size: 949

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE]
Process: System Address: 0xe18751b8 Size: 949

Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0xe18751b8 Size: 949

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x895d41f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x895d41f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x895d41f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x895d41f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x895d41f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x895d41f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a3c7500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a3c7500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3c7500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3c7500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a3c7500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3c7500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a3c7500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x899d81f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_CREATE]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_CLOSE]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_READ]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_SHUTDOWN]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_CLEANUP]
Process: System Address: 0x899bc1f8 Size: 121

Object: Hidden Code [Driver: Cdfs؅అ扏济JuchinMouseP, IRP_MJ_PNP]
Process: System Address: 0x899bc1f8 Size: 121

==EOF==


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline pitimir: 20.09.2009 14:53

OK, a teraz by sme sa toho mali zbavit:

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód:
KillAll::
File::
c:\documents and settings\miro\Start Menu\Programs\Startup\system32.lnk
c:\windows\winapp\ssh.exe

Driver::
ICQ Service

DirLook::
c:\windows\winapp

Folder::
c:\program files\ICQ6Toolbar

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\]*‘|ŕťn]

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

velky problem s virusom

Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 20.09.2009 15:06

velmi ti dakujem za rady lenze ja som tupy takze ja nwm ako tu funkciu systemu obnovym atd...vecer ma do nas prist jeden znamy co pracuje s pocitacmi bo sa vraca z dovolenky ta mu to dam urobit...este raz velke thanks ptimir


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline pitimir: 20.09.2009 15:17

OK, no problem. Tento smejd je "novinka", nikto nic o nom este nevie, takze uvidime, ako to cele dopadne. Si jeden z tych pokusnych kralikov, no malo by to byt v poriadku :)


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 20.09.2009 15:25

dufam aj ja ze to bude v poho aj keby nebolo tak thanks za rady


Offline Tech

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 27.03.08
Príspevky: 698
Témy: 9
Príspevok NapísalOffline Tech: 20.09.2009 18:20

OFFTOPIC: pitimir čo hovoríš na novinku Zeus? Povráva sa, že úspešnosť detekcie je u antivírov okolo 20%, slušné že?


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline pitimir: 20.09.2009 19:43

Zeus? Wtf?

Podla mena ti vela nepoviem, ukaz mi ale smejda a hned to bude o poznanie lepsie ;)


@miroslavmi71: Je to potvrdene, ide o ten subor. Aplikaciou skriptu by si sa mal dostat do starych kolaji. Ostava ale otazka, ako a ci vobec dokaze smejd zablokovat system (keby ano, tak tam mas este "cosi" naviac ;) ).


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 23.09.2009 21:12

dal som to urobit tomu technikovi 3 dni sa s tim babral...nakoniec zistil ze som tam mal 190 spywareov a bol tam najnovsi virus podobny cervu na ktory neni ziaden program lebo je to novy virus...ta musel reinstalovat windows a vsetko klape


Offline pitimir

Skúsený užívateľ
Skúsený užívateľ
Obrázok užívateľa

Registrovaný: 15.08.09
Prihlásený: 05.02.10
Príspevky: 355
Témy: 0
Príspevok NapísalOffline pitimir: 24.09.2009 16:28

A das mi kontakt na toho "technika"? Ze ho pri najblizsom stretnuti kopnem niekam pod chrbticu... :roll:

My sme predsa na tych smejdov nesli na zaklade heuristiky ci zlozitych databaz ako AV spolocnosti. Malware removing je presne o opacnom pristupe, ide o whitelistovanie znamych a odstranovanie neznamych (skodlivych) suborov.

Ale aj format je riesenie, skoda len toho strateneho casu :(


Offline miroslavmi71

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 16.05.09
Prihlásený: 28.09.09
Príspevky: 29
Témy: 5
Príspevok Napísal autor témyOffline miroslavmi71: 24.09.2009 17:21

no zaklad ze uz vsetko ide v poho


Odpovedať na tému Stránka: 1 z 2
 [ Príspevkov: 33 ] Choď na stránku: 1, 2 ďalšia

Obsah fóra » Software » Antivíry, bezpečnosť a sieť » Bezpečnosť a firewally » velky problem s virusom


Podobné témy

 Témy  Odpovede  Zobrazenia  Posledný príspevok 
V tomto fóre nie sú ďalšie neprečítané témy. Problem s virusom

v Operačné systémy Microsoft

8

1005

16.12.2005 22:38

Pufo Callo Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Problem s virusom ??

v Bezpečnosť a firewally

4

814

14.04.2009 11:15

brano03 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Problém s vírusom.

v Antivíry a antispywary

2

2271

08.01.2019 14:35

TobakoLT Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Problem s virusom

v Antivíry a antispywary

7

668

12.02.2012 18:21

VOTRELEC005 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Problem s virusom alebo niecim inym pomoc

v Operačné systémy Microsoft

3

379

12.12.2013 13:46

globalik Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. velky problem

v Operačné systémy Microsoft

5

493

15.01.2008 0:10

malman Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Velmi velky problem

v AMD čipové sady

23

1524

14.11.2009 22:22

mack0 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Modem - veľký problém

v Siete

17

2379

02.03.2008 20:46

Devil_SK Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. VELKY PROBLEM STEAM !!!

v Počítačové hry

26

1229

01.03.2012 20:06

Only Human Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. mam velky problem

v Operačné systémy Microsoft

2

447

18.01.2008 22:08

Tomas1 Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. DOst velky problem

v Operačné systémy Microsoft

12

462

13.04.2008 22:18

prandof Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Veľky insert - problem

v Databázy

8

706

06.05.2009 14:54

Hue Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Ovladace nvidia velky problem

v Ovládače

2

340

25.08.2013 11:26

brmbo Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. NOD 32 - velky problem

v Antivíry a antispywary

9

645

23.05.2010 11:35

Nanosonda Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Velky problem so zostavou

v PC zostavy

20

764

02.01.2008 12:08

.:M@Rt!nKo:. Zobrazenie posledných príspevkov

V tomto fóre nie sú ďalšie neprečítané témy. Veľký problém s chrome

v Sieťové a internetové programy

4

291

01.06.2014 17:13

Samčo Zobrazenie posledných príspevkov


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra