Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

onlinegames.NNU (autorun.inf)

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
aiRen
Návštěvník
Návštěvník
Příspěvky: 38
Registrován: 05 úno 2010 17:21
Bydliště: Poprad
Kontaktovat uživatele:
Kontaktovat uživatele aiRen

onlinegames.NNU (autorun.inf)

#1 Příspěvek od aiRen »

Dobrý deň,
mám tento istý problém.
Skúšal som na vašom fóre rôzne návody a nič.

USB Kľúč infikovaný vírusom Onlinegames.nnu !!!

Prikladám log s MWAV podla návodu :

05 2 2010 17:20:36 - ***** Testování složky J:\ *****
05 2 2010 17:20:36 - [Testování složky: J:\]
05 2 2010 17:20:37 - Testování souboru J:\autorun.inf [**XX**]
05 2 2010 17:20:37 - Testování souboru J:\f2kmj.exe (????)
05 2 2010 17:20:37 - ERROR(3)!!! ScanFile fails for J:\f2kmj.exe

05 2 2010 17:20:37 - [Testování složky: J:\RECYCLERS]
05 2 2010 17:20:37 - Testování souboru J:\RECYCLERS\Desktop.ini [**XX**]
05 2 2010 17:20:37 - Testování souboru J:\RECYCLERS\runmgr.exe (????)

Nedokáže to nič odstraniť, skúšal som aj CCleaner (nema to nič spoločne s registrami) aj všetko možné.
+ Prikladám log s ComboFix a Avanger

ComboFix 10-02-04.06 - Kristián . 02. 2010 15:06:20.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.3326.2512 [GMT 1:00]
Running from: i:\download\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp
c:\windows\system32\stacsv.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 14:12 . 2010-02-05 14:12 -------- d-----w- c:\users\Mario\AppData\Local\temp
2010-02-05 14:12 . 2010-02-05 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-05 14:03 . 2010-02-05 14:04 -------- d-----w- C:\32788R22FWJFW
2010-02-05 13:49 . 2010-02-05 13:49 -------- d-----w- c:\program files\Enigma Software Group
2010-02-05 13:33 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 13:33 . 2010-02-05 13:33 -------- d-----w- c:\programdata\Malwarebytes
2010-02-05 13:33 . 2010-02-05 13:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 13:33 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 20:04 . 2010-02-04 20:04 -------- d-----w- c:\programdata\FLEXnet
2010-02-02 20:10 . 2010-02-02 20:10 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-01-27 14:18 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 14:18 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-24 12:53 . 2010-01-24 12:53 -------- d-----w- c:\program files\Ultra Utility
2010-01-23 23:04 . 2010-01-23 23:04 -------- d-----w- c:\program files\GIMP-2.0
2010-01-22 14:16 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-13 15:10 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 15:10 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 12:07 . 2010-01-10 12:07 -------- d-----w- c:\program files\AnvSoft
2010-01-09 11:40 . 2010-01-09 11:40 -------- d-----w- c:\program files\MagicDVDRipper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 14:05 . 2009-12-05 17:12 -------- d-----w- c:\programdata\NVIDIA
2010-02-05 11:47 . 2009-12-13 13:02 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-05 11:46 . 2009-12-13 13:01 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-04 16:37 . 2009-12-13 13:24 -------- d-----w- c:\programdata\Xfire
2010-01-14 10:12 . 2009-12-05 16:47 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 10:25 . 2009-12-23 20:53 -------- d-----w- c:\users\Mario\AppData\Roaming\uTorrent
2010-01-03 15:45 . 2010-01-03 15:45 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-03 12:05 . 2010-01-03 12:05 -------- d-----w- c:\program files\TeamViewer
2010-01-03 11:59 . 2009-12-30 17:46 -------- d-----r- c:\program files\Skype
2010-01-03 11:58 . 2010-01-03 11:58 -------- d-----w- c:\program files\Common Files\Skype
2010-01-03 11:58 . 2009-12-30 17:46 -------- d-----w- c:\programdata\Skype
2010-01-03 11:51 . 2010-01-03 11:51 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-01-03 01:58 . 2010-01-03 01:25 -------- d-----w- c:\program files\IDT
2010-01-03 01:29 . 2009-12-05 19:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 01:18 . 2010-01-03 01:18 -------- d-----w- c:\program files\Realtek
2010-01-03 01:01 . 2010-01-03 01:01 247296 ----a-w- c:\users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2010-01-03 01:01 . 2010-01-03 01:01 247296 ----a-w- c:\users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2010-01-03 01:01 . 2010-01-03 01:01 247296 ----a-w- c:\users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2010-01-03 01:01 . 2010-01-03 01:01 247296 ----a-w- c:\users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2010-01-03 01:01 . 2010-01-03 01:01 -------- d-----w- c:\users\Mario\AppData\Roaming\SystemRequirementsLab
2010-01-02 20:13 . 2010-01-02 20:13 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-02 20:01 . 2009-12-29 13:44 -------- d-----w- c:\program files\iPod
2010-01-02 20:01 . 2009-12-05 19:50 -------- d-----w- c:\program files\Bonjour
2010-01-02 20:00 . 2009-12-05 19:46 -------- d-----w- c:\program files\CCleaner
2010-01-02 20:00 . 2009-12-29 13:44 -------- d-----w- c:\program files\iTunes
2010-01-02 20:00 . 2009-12-10 16:08 -------- d-----w- c:\programdata\Apple Computer
2009-12-30 18:19 . 2009-12-30 18:19 -------- d-----w- c:\program files\Intel
2009-12-30 17:48 . 2009-12-30 17:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-29 13:45 . 2009-12-29 13:44 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 14:36 . 2009-12-05 20:03 81272 ----a-w- c:\users\Mario\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-25 11:29 . 2009-12-25 11:29 -------- d-----w- c:\program files\Canon
2009-12-24 12:33 . 2009-12-24 12:30 -------- d--h--w- c:\programdata\ArcSoft
2009-12-24 12:33 . 2009-12-24 12:29 -------- d-----w- c:\users\Mario\AppData\Roaming\ArcSoft
2009-12-24 12:33 . 2009-12-24 12:29 -------- d-----w- c:\program files\ArcSoft
2009-12-24 12:29 . 2009-12-24 12:29 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-24 12:29 . 2009-12-05 19:53 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-23 20:54 . 2009-12-22 22:24 -------- d-----w- c:\program files\uTorrent
2009-12-23 18:26 . 2009-12-23 18:26 -------- d-----w- c:\program files\Webteh
2009-12-22 19:48 . 2009-12-22 19:48 -------- d--h--w- c:\programdata\CanonBJ
2009-12-22 19:39 . 2009-12-22 19:39 -------- d--h--w- c:\programdata\CanonIJScan
2009-12-22 19:12 . 2009-12-13 13:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-21 11:43 . 2009-12-21 11:43 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-21 11:43 . 2009-12-21 11:42 -------- d-----w- c:\program files\VstPlugins
2009-12-21 11:42 . 2009-12-21 11:40 -------- d-----w- c:\program files\Image-Line
2009-12-21 11:42 . 2009-12-21 11:42 -------- d-----w- c:\program files\Outsim
2009-12-21 11:40 . 2009-12-13 09:14 -------- d-----w- c:\users\Mario\AppData\Roaming\DAEMON Tools Lite
2009-12-18 19:26 . 2009-12-18 19:26 -------- d-----w- c:\programdata\Codemasters
2009-12-18 19:12 . 2009-12-18 19:12 -------- d-----w- c:\program files\BRS
2009-12-18 19:12 . 2009-12-18 19:11 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-18 19:11 . 2009-12-18 19:11 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-18 19:11 . 2009-12-18 19:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-18 19:11 . 2009-12-18 19:11 -------- d-----w- c:\program files\OpenAL
2009-12-13 13:27 . 2009-12-13 13:27 -------- d-s---w- c:\program files\HLSW
2009-12-10 17:05 . 2009-12-10 17:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-10 17:05 . 2009-12-10 17:05 -------- d-----w- c:\program files\Java
2009-12-10 16:08 . 2009-12-10 16:08 -------- d-----w- c:\program files\QuickTime
2009-12-10 16:07 . 2009-12-10 16:07 -------- d-----w- c:\program files\Common Files\Apple
2009-12-10 16:07 . 2009-12-10 16:07 -------- d-----w- c:\programdata\Apple
2009-12-10 16:07 . 2009-12-10 16:07 -------- d-----w- c:\program files\Apple Software Update
2009-12-08 17:57 . 2009-12-08 17:57 -------- d-----w- c:\programdata\McAfee Security Scan
2009-12-07 17:27 . 2009-12-07 17:27 -------- d-----w- c:\program files\DiskInternals
2009-12-05 20:10 . 2009-12-05 20:10 0 ----a-w- c:\windows\nsreg.dat
2009-12-05 17:25 . 2009-12-05 17:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-20 19:33 . 2009-11-20 19:33 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33 . 2009-11-20 19:33 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-11-20 19:33 . 2009-11-20 19:33 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33 . 2009-11-20 19:33 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33 . 2009-11-20 19:33 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-23 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-12-09 866200]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP5000 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE [2007-1-15 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6. 2. 2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6. 2. 2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6. 2. 2009 14:24 92800]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29. 10. 2009 12:27 1074568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [20. 11. 2009 19:17 240232]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [17. 12. 2009 17:04 185640]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [5. 12. 2009 18:25 691696]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\System32\regedt32.exe [14. 7. 2009 0:15 9216]
.
.
------- Supplementary Scan -------
.
uStart Page = http://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kristián\AppData\Roaming\Mozilla\Firefox\Profiles\kc1lgl2n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-05 15:14:54
ComboFix-quarantined-files.txt 2010-02-05 14:14

Pre-Run: 28 536 885 248 bytes free
Post-Run: 29 871 984 640 bytes free

- - End Of File - - 7568B7C203F9890443B5F78E8AC3929E




AVANGER



Platform: Windows 7

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "%Drive%:\autorun.inf"
Deletion of file "%Drive%:\autorun.inf" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "%Drive%:\f2kmj.exe"
Deletion of file "%Drive%:\f2kmj.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "%Drive%:\RECYCLERS\Desktop.ini"
Deletion of file "%Drive%:\RECYCLERS\Desktop.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "%Drive%:\RECYCLERS\runmgr.exe"
Deletion of file "%Drive%:\RECYCLERS\runmgr.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.


RSIT !




Logfile of random's system information tool 1.06 (written by random/random)
Run by Kristián at 2010-02-05 17:30:09
Microsoft Windows 7 Ultimate
System drive C: has 28 GB (47%) free of 60 GB
Total RAM: 3326 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:11, on 5. 2. 2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\CNAC4RPK.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
I:\Programy\Xfire\Xfire.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
I:\Download\RSIT.exe
C:\Program Files\trend micro\Kristián.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 5.95.189.234 l2authd.lineage2.com
O1 - Hosts: 5.95.189.234 l2testauthd.lineage2.com
O1 - Hosts: 5.33.135.138 l2authd.lineage2.com
O1 - Hosts: 5.33.135.138 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: Canon LBP5000 Status Window.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 6592 bytes






======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-10 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-10 149280]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-12 483422]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-12-23 289584]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Canon LBP5000 Status Window.lnk - C:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-02-05 17:29:42 ----D---- C:\Program Files\trend micro
2010-02-05 17:29:41 ----D---- C:\rsit
2010-02-05 17:15:14 ----AD---- C:\Windows\VDLL.DLL
2010-02-05 17:15:14 ----AD---- C:\Windows\system32\runouce.exe
2010-02-05 17:15:14 ----AD---- C:\Windows\rundll16.exe
2010-02-05 17:15:14 ----AD---- C:\Windows\RUNDL132.EXE
2010-02-05 17:15:14 ----AD---- C:\Windows\logo1_.exe
2010-02-05 17:15:14 ----AD---- C:\Windows\logo_1.exe
2010-02-05 17:01:46 ----A---- C:\Windows\system32\msvcr80.dll
2010-02-05 17:01:45 ----A---- C:\Windows\system32\msvcp80.dll
2010-02-05 17:01:44 ----A---- C:\Windows\system32\eEmpty.exe
2010-02-05 17:01:36 ----D---- C:\ProgramData\MicroWorld
2010-02-05 16:41:34 ----D---- C:\ProgramData\Panda Security
2010-02-05 16:41:22 ----D---- C:\Program Files\Panda USB Vaccine
2010-02-05 16:39:41 ----A---- C:\avenger.txt
2010-02-05 16:28:59 ----D---- C:\Avenger
2010-02-05 16:20:27 ----D---- C:\ComboFix
2010-02-05 15:14:57 ----SHD---- C:\$RECYCLE.BIN
2010-02-05 15:14:56 ----D---- C:\Windows\temp
2010-02-05 15:14:54 ----A---- C:\ComboFix.txt
2010-02-05 15:05:36 ----A---- C:\Windows\NIRCMD.exe
2010-02-05 15:05:36 ----A---- C:\Windows\MBR.exe
2010-02-05 15:05:34 ----A---- C:\Windows\zip.exe
2010-02-05 15:05:34 ----A---- C:\Windows\SWREG.exe
2010-02-05 15:05:34 ----A---- C:\Windows\PEV.exe
2010-02-05 15:05:33 ----A---- C:\Windows\SWSC.exe
2010-02-05 15:05:33 ----A---- C:\Windows\sed.exe
2010-02-05 15:05:33 ----A---- C:\Windows\grep.exe
2010-02-05 15:05:26 ----D---- C:\Windows\ERDNT
2010-02-05 15:04:01 ----D---- C:\Qoobox
2010-02-05 15:03:48 ----A---- C:\Windows\SWXCACLS.exe
2010-02-05 14:33:15 ----D---- C:\Users\Kristián\AppData\Roaming\Malwarebytes
2010-02-05 14:33:10 ----D---- C:\ProgramData\Malwarebytes
2010-02-05 14:27:31 ----D---- C:\Program Files\Online Games Trojan Removal Tool
2010-02-04 21:04:10 ----D---- C:\ProgramData\FLEXnet
2010-02-02 21:10:55 ----A---- C:\Windows\system32\pbsvc_bc2.exe
2010-01-27 15:18:40 ----A---- C:\Windows\explorer.exe
2010-01-27 15:18:39 ----A---- C:\Windows\system32\winlogon.exe
2010-01-24 14:24:13 ----D---- C:\Users\Kristián\AppData\Roaming\gtk-2.0
2010-01-24 13:53:01 ----D---- C:\Program Files\Ultra Utility
2010-01-24 00:04:06 ----D---- C:\Program Files\GIMP-2.0
2010-01-22 15:16:07 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 15:16:05 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 15:16:04 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 15:16:04 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 15:16:04 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 15:16:04 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 02:33:06 ----A---- C:\Windows\system32\xfcodec.dll
2010-01-13 16:10:26 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 16:10:26 ----A---- C:\Windows\system32\fontsub.dll
2010-01-10 13:07:23 ----D---- C:\Users\Kristián\AppData\Roaming\AnvSoft
2010-01-10 13:07:12 ----D---- C:\Program Files\AnvSoft
2010-01-09 16:24:35 ----D---- C:\Windows\Minidump
2010-01-09 12:40:09 ----D---- C:\Program Files\MagicDVDRipper

======List of files/folders modified in the last 1 months======

2010-02-05 17:29:42 ----RD---- C:\Program Files
2010-02-05 17:29:39 ----D---- C:\Users\Kristián\AppData\Roaming\uTorrent
2010-02-05 17:27:37 ----D---- C:\Windows\system32\config
2010-02-05 17:25:49 ----D---- C:\Users\Kristián\AppData\Roaming\Skype
2010-02-05 17:21:50 ----D---- C:\Windows\system32\drivers
2010-02-05 17:19:35 ----D---- C:\Windows
2010-02-05 17:15:14 ----D---- C:\Windows\System32
2010-02-05 17:01:36 ----D---- C:\ProgramData
2010-02-05 16:42:09 ----D---- C:\Program Files\Mozilla Firefox
2010-02-05 16:41:24 ----D---- C:\Windows\system32\Tasks
2010-02-05 16:39:55 ----D---- C:\ProgramData\NVIDIA
2010-02-05 16:16:08 ----D---- C:\Windows\debug
2010-02-05 16:06:05 ----D---- C:\Users\Kristián\AppData\Roaming\skypePM
2010-02-05 15:13:06 ----A---- C:\Windows\system.ini
2010-02-05 15:10:24 ----D---- C:\Windows\AppPatch
2010-02-05 15:10:23 ----D---- C:\Program Files\Common Files
2010-02-05 15:03:50 ----D---- C:\Windows\Prefetch
2010-02-05 14:54:03 ----D---- C:\Users\Kristián\AppData\Roaming\Xfire
2010-02-05 14:44:47 ----D---- C:\Windows\Logs
2010-02-05 14:06:51 ----D---- C:\Windows\inf
2010-02-05 14:06:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-05 12:46:58 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-02-05 09:44:02 ----SHD---- C:\System Volume Information
2010-02-04 21:45:32 ----D---- C:\Users\Kristián\AppData\Roaming\Adobe
2010-02-04 17:37:54 ----D---- C:\ProgramData\Xfire
2010-02-02 21:13:35 ----SHD---- C:\Windows\Installer
2010-02-02 21:12:30 ----RSD---- C:\Windows\assembly
2010-01-29 18:57:38 ----D---- C:\Windows\winsxs
2010-01-28 17:48:06 ----D---- C:\Program Files\Internet Explorer
2010-01-27 15:18:08 ----D---- C:\Windows\system32\catroot2
2010-01-27 15:18:08 ----D---- C:\Windows\system32\catroot
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-11 14:59:47 ----SD---- C:\Users\Kristián\AppData\Roaming\Microsoft



RSIT !
Naposledy upravil(a) aiRen dne 05 úno 2010 20:36, celkem upraveno 1 x.
CCleaner
Pomáham iba v prípade, že sa nejedná o vírus (Systemová chyba)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: onlinegames.NNU (autorun.inf)

#2 Příspěvek od motji »

Dobrý večer :)
Koukám že jste použil kde co :roll: .
Už nic nezkoušejte, nejdřív Vás poprosím, odstrante logy z kurziva, špatně se to čte, podívám se na to :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
aiRen
Návštěvník
Návštěvník
Příspěvky: 38
Registrován: 05 úno 2010 17:21
Bydliště: Poprad
Kontaktovat uživatele:
Kontaktovat uživatele aiRen

Re: onlinegames.NNU (autorun.inf)

#3 Příspěvek od aiRen »

Ďakujem, je to dosť dôležité.
CCleaner
Pomáham iba v prípade, že sa nejedná o vírus (Systemová chyba)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: onlinegames.NNU (autorun.inf)

#4 Příspěvek od motji »

:arrow: Jednotka J je co? Používáte ještě nějaké flešky, externí disky a pod?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
aiRen
Návštěvník
Návštěvník
Příspěvky: 38
Registrován: 05 úno 2010 17:21
Bydliště: Poprad
Kontaktovat uživatele:
Kontaktovat uživatele aiRen

Re: onlinegames.NNU (autorun.inf)

#5 Příspěvek od aiRen »

Jednotka J -> Flash Disk. Ten vírus nie je v PC ale na USBčku. Písal som to na začiatku.
CCleaner
Pomáham iba v prípade, že sa nejedná o vírus (Systemová chyba)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: onlinegames.NNU (autorun.inf)

#6 Příspěvek od motji »

:arrow: Zapojte do pc všechny usb klíče, flashky...co používáte


:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File:: 
c:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
H:\Autorun.inf
I:\Autorun.inf
K:\Autorun.inf
L:\Autorun.inf

Folder::
C:\recycler
D:\recycler
e:\recycler
f:\recycler
g:\recycler
h:\recycler
I:\recycler
C:\resycled
D:\resycled
e:\resycled
f:\resycled
g:\resycled
h:\resycled
I:\resycled
J:\RECYCLERS
C:\RECYCLERS
F:\RECYCLERS

Driver::
.EsetTrialReset

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
Firefox::
FF - ProfilePath - c:\users\Kristián\AppData\Roaming\Mozilla\Firefox\Profiles\kc1lgl2n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

:arrow: Stahněte a použijte
http://go.microsoft.com/?linkid=9668866
(resethost)

:arrow: Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
aiRen
Návštěvník
Návštěvník
Příspěvky: 38
Registrován: 05 úno 2010 17:21
Bydliště: Poprad
Kontaktovat uživatele:
Kontaktovat uživatele aiRen

Re: onlinegames.NNU (autorun.inf)

#7 Příspěvek od aiRen »

ComboFix 10-02-04.06 - Kristián . 02. 2010 21:42:18.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.3326.2253 [GMT 1:00]
Running from: I:\Download\ComboFix.exe
Command switches used :: C:\Users\Kristián\Desktop\CFScript.txt
* Resident AV is active


FILE ::
"c:\Autorun.inf"
"D:\Autorun.inf"
"E:\Autorun.inf"
"F:\Autorun.inf"
"G:\Autorun.inf"
"H:\Autorun.inf"
"I:\Autorun.inf"
"K:\Autorun.inf"
"L:\Autorun.inf"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf . . . . failed to delete
J:\RECYCLERS . . . . failed to delete
J:\RECYCLERS\Desktop.ini . . . . failed to delete
J:\RECYCLERS\runmgr.exe . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_.EsetTrialReset


((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 20:48:02 . 2010-02-05 20:48:02 -------- d-----w- C:\Users\Public\AppData\Local\temp
2010-02-05 20:48:02 . 2010-02-05 20:48:02 -------- d-----w- C:\Users\Mario\AppData\Local\temp
2010-02-05 20:48:02 . 2010-02-05 20:48:02 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-02-05 20:31:52 . 2010-02-05 20:31:52 -------- d-----w- C:\Program Files\Altap Salamander 2.5
2010-02-05 19:32:52 . 2010-02-05 19:32:52 -------- d-----w- C:\Program Files\Unlocker
2010-02-05 19:29:14 . 2010-02-05 19:29:14 -------- d--h--w- C:\Windows\PIF
2010-02-05 19:10:37 . 2010-02-05 19:09:15 92672 ----a-w- C:\Windows\system32\KillBox.exe
2010-02-05 19:09:19 . 2010-02-05 19:09:19 -------- d-----w- C:\!KillBox
2010-02-05 16:29:42 . 2010-02-05 16:30:11 -------- d-----w- C:\Program Files\trend micro
2010-02-05 16:29:41 . 2010-02-05 16:29:41 -------- d-----w- C:\rsit
2010-02-05 16:21:50 . 2010-02-05 16:21:50 3189 ----a-r- C:\Windows\system32\drivers\vreadmem.sys
2010-02-05 16:18:49 . 2010-02-05 16:19:35 9066885 ----a-w- C:\Windows\REGBK00.ZIP
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\VDLL.DLL
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\system32\runouce.exe
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\rundll16.exe
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\RUNDL132.EXE
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\logo1_.exe
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\logo_1.exe
2010-02-05 16:01:46 . 2010-02-05 16:01:45 626688 ----a-w- C:\Windows\system32\msvcr80.dll
2010-02-05 16:01:45 . 2010-02-05 16:01:44 548864 ----a-w- C:\Windows\system32\msvcp80.dll
2010-02-05 16:01:44 . 2010-02-05 16:01:43 28672 ----a-w- C:\Windows\system32\eEmpty.exe
2010-02-05 16:01:36 . 2010-02-05 16:01:36 -------- d-----w- C:\ProgramData\MicroWorld
2010-02-05 15:41:34 . 2010-02-05 15:41:34 -------- d-----w- C:\ProgramData\Panda Security
2010-02-05 15:41:22 . 2010-02-05 15:41:23 -------- d-----w- C:\Program Files\Panda USB Vaccine
2010-02-05 13:33:10 . 2010-02-05 13:33:10 -------- d-----w- C:\ProgramData\Malwarebytes
2010-02-05 13:27:31 . 2010-02-05 16:00:25 -------- d-----w- C:\Program Files\Online Games Trojan Removal Tool
2010-02-04 20:04:10 . 2010-02-04 20:04:10 -------- d-----w- C:\ProgramData\FLEXnet
2010-02-02 20:10:55 . 2010-02-02 20:10:55 2434856 ----a-w- C:\Windows\system32\pbsvc_bc2.exe
2010-01-27 14:18:40 . 2009-10-31 05:45:39 2614272 ----a-w- C:\Windows\explorer.exe
2010-01-27 14:18:39 . 2009-10-28 06:17:59 285696 ----a-w- C:\Windows\system32\winlogon.exe
2010-01-24 12:53:01 . 2010-01-24 12:53:01 -------- d-----w- C:\Program Files\Ultra Utility
2010-01-23 23:04:06 . 2010-01-23 23:04:30 -------- d-----w- C:\Program Files\GIMP-2.0
2010-01-22 14:16:04 . 2009-12-19 09:02:55 977920 ----a-w- C:\Windows\system32\wininet.dll
2010-01-22 01:33:06 . 2010-01-22 01:33:06 41872 ----a-w- C:\Windows\system32\xfcodec.dll
2010-01-13 15:10:26 . 2009-10-19 14:10:20 108544 ----a-w- C:\Windows\system32\t2embed.dll
2010-01-13 15:10:26 . 2009-10-19 14:10:06 70656 ----a-w- C:\Windows\system32\fontsub.dll
2010-01-10 12:07:12 . 2010-01-10 12:07:12 -------- d-----w- C:\Program Files\AnvSoft
2010-01-09 11:40:09 . 2010-01-09 11:40:38 -------- d-----w- C:\Program Files\MagicDVDRipper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 20:49:20 . 2009-12-05 17:12:33 -------- d-----w- C:\ProgramData\NVIDIA
2010-02-05 16:47:09 . 2009-12-13 13:02:02 138384 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys
2010-02-05 16:44:29 . 2009-12-13 13:01:30 215128 ----a-w- C:\Windows\system32\PnkBstrB.exe
2010-02-04 16:37:54 . 2009-12-13 13:24:55 -------- d-----w- C:\ProgramData\Xfire
2010-01-14 10:12:06 . 2009-12-05 16:47:02 181120 ------w- C:\Windows\system32\MpSigStub.exe
2010-01-06 10:25:03 . 2009-12-23 20:53:40 -------- d-----w- C:\Users\Mario\AppData\Roaming\uTorrent
2010-01-03 15:45:40 . 2010-01-03 15:45:39 -------- d-----w- C:\Program Files\LogMeIn Hamachi
2010-01-03 12:05:51 . 2010-01-03 12:05:51 -------- d-----w- C:\Program Files\TeamViewer
2010-01-03 11:59:05 . 2009-12-30 17:46:27 -------- d-----r- C:\Program Files\Skype
2010-01-03 11:58:50 . 2010-01-03 11:58:50 -------- d-----w- C:\Program Files\Common Files\Skype
2010-01-03 11:58:45 . 2009-12-30 17:46:20 -------- d-----w- C:\ProgramData\Skype
2010-01-03 11:51:42 . 2010-01-03 11:51:30 -------- d-----w- C:\Program Files\Teamspeak2_RC2
2010-01-03 01:58:41 . 2010-01-03 01:25:16 -------- d-----w- C:\Program Files\IDT
2010-01-03 01:29:41 . 2009-12-05 19:53:12 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-01-03 01:18:38 . 2010-01-03 01:18:38 -------- d-----w- C:\Program Files\Realtek
2010-01-03 01:01:00 . 2010-01-03 01:01:00 247296 ----a-w- C:\Users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2010-01-03 01:01:00 . 2010-01-03 01:01:00 247296 ----a-w- C:\Users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2010-01-03 01:01:00 . 2010-01-03 01:01:00 247296 ----a-w- C:\Users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2010-01-03 01:01:00 . 2010-01-03 01:01:00 247296 ----a-w- C:\Users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2010-01-03 01:01:00 . 2010-01-03 01:01:00 -------- d-----w- C:\Users\Mario\AppData\Roaming\SystemRequirementsLab
2010-01-02 20:13:38 . 2010-01-02 20:13:31 -------- d-----w- C:\Program Files\SystemRequirementsLab
2010-01-02 20:01:57 . 2009-12-29 13:44:52 -------- d-----w- C:\Program Files\iPod
2010-01-02 20:01:57 . 2009-12-05 19:50:57 -------- d-----w- C:\Program Files\Bonjour
2010-01-02 20:00:54 . 2009-12-05 19:46:23 -------- d-----w- C:\Program Files\CCleaner
2010-01-02 20:00:53 . 2009-12-29 13:44:51 -------- d-----w- C:\Program Files\iTunes
2010-01-02 20:00:41 . 2009-12-10 16:08:28 -------- d-----w- C:\ProgramData\Apple Computer
2009-12-30 18:19:14 . 2009-12-30 18:19:14 -------- d-----w- C:\Program Files\Intel
2009-12-30 17:48:24 . 2009-12-30 17:48:24 56 ---ha-w- C:\Windows\system32\ezsidmv.dat
2009-12-29 13:45:31 . 2009-12-29 13:44:51 -------- d-----w- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 14:36:17 . 2009-12-05 20:03:58 81272 ----a-w- C:\Users\Mario\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-25 11:29:28 . 2009-12-25 11:29:28 -------- d-----w- C:\Program Files\Canon
2009-12-24 12:33:58 . 2009-12-24 12:30:30 -------- d--h--w- C:\ProgramData\ArcSoft
2009-12-24 12:33:58 . 2009-12-24 12:29:20 -------- d-----w- C:\Users\Mario\AppData\Roaming\ArcSoft
2009-12-24 12:33:20 . 2009-12-24 12:29:43 -------- d-----w- C:\Program Files\ArcSoft
2009-12-24 12:29:45 . 2009-12-24 12:29:43 -------- d-----w- C:\Program Files\Common Files\ArcSoft
2009-12-24 12:29:17 . 2009-12-05 19:53:04 -------- d-----w- C:\Program Files\Common Files\InstallShield
2009-12-23 20:54:02 . 2009-12-22 22:24:22 -------- d-----w- C:\Program Files\uTorrent
2009-12-23 18:26:27 . 2009-12-23 18:26:27 -------- d-----w- C:\Program Files\Webteh
2009-12-22 19:48:40 . 2009-12-22 19:48:40 -------- d--h--w- C:\ProgramData\CanonBJ
2009-12-22 19:39:03 . 2009-12-22 19:39:03 -------- d--h--w- C:\ProgramData\CanonIJScan
2009-12-22 19:12:47 . 2009-12-13 13:01:29 75064 ----a-w- C:\Windows\system32\PnkBstrA.exe
2009-12-21 11:43:32 . 2009-12-21 11:43:32 -------- d-----w- C:\Program Files\ASIO4ALL v2
2009-12-21 11:43:00 . 2009-12-21 11:42:31 -------- d-----w- C:\Program Files\VstPlugins
2009-12-21 11:42:56 . 2009-12-21 11:40:42 -------- d-----w- C:\Program Files\Image-Line
2009-12-21 11:42:26 . 2009-12-21 11:42:26 -------- d-----w- C:\Program Files\Outsim
2009-12-21 11:40:08 . 2009-12-13 09:14:05 -------- d-----w- C:\Users\Mario\AppData\Roaming\DAEMON Tools Lite
2009-12-18 19:26:34 . 2009-12-18 19:26:34 -------- d-----w- C:\ProgramData\Codemasters
2009-12-18 19:12:09 . 2009-12-18 19:12:07 -------- d-----w- C:\Program Files\BRS
2009-12-18 19:12:02 . 2009-12-18 19:11:38 -------- d-----w- C:\Program Files\Microsoft Games for Windows - LIVE
2009-12-18 19:11:25 . 2009-12-18 19:11:25 445016 ----a-w- C:\Windows\system32\wrap_oal.dll
2009-12-18 19:11:25 . 2009-12-18 19:11:25 109144 ----a-w- C:\Windows\system32\OpenAL32.dll
2009-12-18 19:11:25 . 2009-12-18 19:11:25 -------- d-----w- C:\Program Files\OpenAL
2009-12-13 13:27:59 . 2009-12-13 13:27:50 -------- d-s---w- C:\Program Files\HLSW
2009-12-10 17:05:24 . 2009-12-10 17:05:31 411368 ----a-w- C:\Windows\system32\deploytk.dll
2009-12-10 17:05:23 . 2009-12-10 17:05:23 -------- d-----w- C:\Program Files\Java
2009-12-10 16:08:46 . 2009-12-10 16:08:28 -------- d-----w- C:\Program Files\QuickTime
2009-12-10 16:07:55 . 2009-12-10 16:07:55 -------- d-----w- C:\Program Files\Common Files\Apple
2009-12-10 16:07:47 . 2009-12-10 16:07:47 -------- d-----w- C:\ProgramData\Apple
2009-12-10 16:07:47 . 2009-12-10 16:07:47 -------- d-----w- C:\Program Files\Apple Software Update
2009-12-08 17:57:35 . 2009-12-08 17:57:35 -------- d-----w- C:\ProgramData\McAfee Security Scan
2009-12-05 20:10:32 . 2009-12-05 20:10:32 0 ----a-w- C:\Windows\nsreg.dat
2009-12-05 17:25:10 . 2009-12-05 17:25:10 691696 ----a-w- C:\Windows\system32\drivers\sptd.sys
2009-11-20 19:33:00 . 2009-11-20 19:33:00 812648 ----a-w- C:\Windows\system32\nvsvc.dll
2009-11-20 19:33:00 . 2009-11-20 19:33:00 66664 ----a-w- C:\Windows\system32\nvshext.dll
2009-11-20 19:33:00 . 2009-11-20 19:33:00 12685928 ----a-w- C:\Windows\system32\nvcpl.dll
2009-11-20 19:33:00 . 2009-11-20 19:33:00 122984 ----a-w- C:\Windows\system32\nvvsvc.exe
2009-11-20 19:33:00 . 2009-11-20 19:33:00 110184 ----a-w- C:\Windows\system32\nvmctray.dll
2009-06-10 21:26:35 . 2009-07-14 02:04:20 9633792 --sha-r- C:\Windows\Fonts\StaticCache.dat
2009-07-14 01:14:45 . 2009-07-13 23:42:17 396800 --sha-w- C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 11:57:08 369200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49:26 153136]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-10-09 12:11:12 25623336]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2009-12-23 21:07:54 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 03:08:38 35696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 11:08:30 935288]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 13:23:12 2021400]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53:56 153136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-11-10 22:08:18 417792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-12-10 17:05:25 149280]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 12:32:18 203264]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2009-03-12 11:53:46 483422]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 04:15:46 15872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP5000 Status Window.lnk - C:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE [2007-1-15 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

R1 ehdrv;ehdrv;C:\Windows\System32\drivers\ehdrv.sys [6. 2. 2009 14:23:18 106208]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [6. 2. 2009 14:23:36 727720]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [6. 2. 2009 14:24:26 92800]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [29. 10. 2009 12:27:54 1074568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [20. 11. 2009 19:17:00 240232]
R2 TeamViewer5;TeamViewer 5;C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [17. 12. 2009 17:04:18 185640]
S3 VReadMemDriver;VReadMemDriver;C:\Windows\System32\drivers\vreadmem.sys [5. 2. 2010 17:21:50 3189]
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 C:\Windows\Tasks\At1.job
- C:\Windows\system32\KillBox.exe [2010-02-05 19:10:37 . 2010-02-05 19:09:15]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Users\Kristián\AppData\Roaming\Mozilla\Firefox\Profiles\kc1lgl2n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - plugin: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.


Problem pretrváva
CCleaner
Pomáham iba v prípade, že sa nejedná o vírus (Systemová chyba)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: onlinegames.NNU (autorun.inf)

#8 Příspěvek od motji »

Otestujte na http://www.virustotal.com
J:\RECYCLERS\runmgr.exe
F:\autorun.inf

F je také fleška?
Nemáte na flešce takovéto přepínátko, aby nešli přepsat data?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
aiRen
Návštěvník
Návštěvník
Příspěvky: 38
Registrován: 05 úno 2010 17:21
Bydliště: Poprad
Kontaktovat uživatele:
Kontaktovat uživatele aiRen

Re: onlinegames.NNU (autorun.inf)

#9 Příspěvek od aiRen »

USB FIX


############################## | UsbFix V6.091 |

User : Kristián (Administrators) # KRISTIAN-W7
Update on 05/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 22:02:45 | 5. 2. 2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Microsoft Windows 7 Ultimate (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

C:\ -> Local Fixed Disk # 58,62 Go (27,69 Go free) [Windows 7] # NTFS
D:\ -> Local Fixed Disk # 149,05 Go (38,79 Go free) [DATA] # NTFS
E:\ -> Local Fixed Disk # 127,69 Go (28,23 Go free) [DATA 4] # NTFS
F:\ -> CD-ROM Disc
G:\ -> CD-ROM Disc
H:\ -> CD-ROM Disc
I:\ -> Local Fixed Disk # 127,71 Go (18,44 Go free) [DATA3] # NTFS
J:\ -> Removable Disk # 7,53 Go (7,46 Go free) [KINGSTON] # NTFS

############################## | Active processes |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\CNAC4RPK.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Files # Infected Folders |

Deleted ! C:\Windows\rundl132.exe
Deleted ! C:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1001
Deleted ! D:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1001
Deleted ! D:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1003
Deleted ! D:\$Recycle.Bin\S-1-5-21-1981963126-443570842-4078585685-1000
Deleted ! E:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1001
Deleted ! E:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1003
Deleted ! E:\$Recycle.Bin\S-1-5-21-1775810596-2984963519-438130030-1001
Deleted ! E:\$Recycle.Bin\S-1-5-21-1981963126-443570842-4078585685-1000
Deleted ! E:\$Recycle.Bin\S-1-5-21-474565600-753870910-3064055718-1000
Deleted ! E:\$Recycle.Bin\S-1-5-21-727570869-2339739642-659876903-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1003
Deleted ! I:\$Recycle.Bin\S-1-5-21-1775810596-2984963519-438130030-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-1916877620-3196986064-2655776565-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-1981963126-443570842-4078585685-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-2996111184-2994821919-2319667963-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-2996111184-2994821919-2319667963-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-3683509274-3025984792-349124537-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-474565600-753870910-3064055718-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-727570869-2339739642-659876903-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-805241571-2291657220-3893883006-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-805241571-2291657220-3893883006-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-947987404-497211132-3591982988-1000
Not deleted ! J:\f2kmj.exe
Not deleted ! J:\RECYCLERS\runmgr.exe
Not deleted ! J:\autorun.inf

################## | Registry |

Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Listing of the present files |

[05. 02. 2010 17:20|--a------|26] C:\23990098.$$$
[10. 06. 2009 22:42|---------|24] C:\autoexec.bat
[05. 02. 2010 16:39|--a------|2640] C:\avenger.txt
[10. 06. 2009 22:42|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[?|?|?] C:\pagefile.sys
[03. 01. 2010 02:56|--a------|1732] C:\RHDSetup.log
[05. 02. 2010 22:04|--a------|4983] C:\UsbFix.txt
[25. 12. 2009 11:54|--a------|853100] D:\DVD.psd
[13. 01. 2010 16:38|--a------|1778] D:\server.cfg
[24. 12. 2009 15:10|--a------|18132406] D:\Winodws 7 activators.zip
[12. 01. 2010 20:06|--a------|23040] D:\úradný list.doc
[29. 11. 2007 09:03|--a------|27825165] E:\Adobe Photoshop CS3 - Příručka užívatele.pdf
[05. 02. 2010 15:22|---------|8723974] E:\Online-Games-Trojan-Removal-Tool.exe
[28. 11. 2009 13:11|--ahs----|4225736704] E:\pagefile.sys
[02. 02. 2010 20:47|--a------|94937] I:\battlefield-bad-company-2.jpg
[14. 07. 2009 02:38|-rahs----|383562] I:\bootmgr
[06. 12. 2009 00:27|-rahs----|8192] I:\BOOTSECT.BAK
[05. 10. 2009 20:09|--a------|206831] I:\ENGgram.rtf
[02. 08. 2009 09:59|-rahs----|171136] I:\grldr
[09. 12. 2009 20:44|---------|55435] I:\kristianpatlevic1bOS.odt
[13. 07. 2009 11:03|--a------|889579] I:\localhost.sql.gz
[01. 12. 2006 23:37|--a------|904704] I:\msdia80.dll
[03. 02. 2010 15:03|--a------|1834317] I:\naifaster.zip
[05. 02. 2010 15:16|--a------|171232] I:\shot0069.jpg
[05. 02. 2010 15:16|--a------|153853] I:\shot0070.jpg
[05. 02. 2010 17:12|---h-----|55276] I:\treeinfo.wc
[04. 09. 2009 17:55|--a------|52940] I:\VirtualDJ Local Database v5.xml
[08. 01. 2010 16:00|---------|192] J:\autorun.inf
[08. 01. 2010 08:14|-r-hs----|121344] J:\f2kmj.exe

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix .
# D:\autorun.inf -> Folder created by UsbFix .
# E:\autorun.inf -> Folder created by UsbFix .
# I:\autorun.inf -> Folder created by UsbFix .

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_Kristian-W7.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .


Nie nie je na nej nič také (Fko bola mechanika, (prázdna))
CCleaner
Pomáham iba v prípade, že sa nejedná o vírus (Systemová chyba)
Nahoru
aiRen
Návštěvník
Návštěvník
Příspěvky: 38
Registrován: 05 úno 2010 17:21
Bydliště: Poprad
Kontaktovat uživatele:
Kontaktovat uživatele aiRen

Re: onlinegames.NNU (autorun.inf)

#10 Příspěvek od aiRen »

motji píše:Otestujte na http://www.virustotal.com
J:\RECYCLERS\runmgr.exe
F:\autorun.inf

F je také fleška?
Nemáte na flešce takovéto přepínátko, aby nešli přepsat data?

Otestovať to nejde, pretože zložka RECYCLERS nie je viditeľná normálne (Teda cez TotalCMD je viditelna ako zobrazit skryte a systemove nastroje) Na USBčku nemám takéto vecičky. a runmgr je vírus

V zložke RECYCLERS/Desktop.ini

Som našiel toto : (Možno to pomôže)

[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}

A začiatok súboru runmgr.exe je takýto :

MZP ˙˙ ¸ @ ş ´ Í!¸LÍ!This program must be run under Win32
$7 48: Packed with botCrypter v2.0 by SWiM

Možno to pomôže neviem ale je to tam.
CCleaner
Pomáham iba v prípade, že sa nejedná o vírus (Systemová chyba)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: onlinegames.NNU (autorun.inf)

#11 Příspěvek od motji »

Jde Vám něco zapisovat na usb -čko?
Zformátovat ho můžete?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
aiRen
Návštěvník
Návštěvník
Příspěvky: 38
Registrován: 05 úno 2010 17:21
Bydliště: Poprad
Kontaktovat uživatele:
Kontaktovat uživatele aiRen

Re: onlinegames.NNU (autorun.inf)

#12 Příspěvek od aiRen »

Nejde nič, kebyže sa da sformatovať tak sa vymaže ten vírus čo na ňom je. Ten vírus je na USBčku
CCleaner
Pomáham iba v prípade, že sa nejedná o vírus (Systemová chyba)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: onlinegames.NNU (autorun.inf)

#13 Příspěvek od motji »

Však Ano, pokud je jednotka J to usbčko, o kterém se tu bavíme, můžete ho zformátovat? Pouze to usb, ne celý OS. Po formátu ho znovu zkontrolujte USBfixem.

Nebo to zformátovat nejde?

Ještě Vás poprosím,tuto složku C:\UsbFix_Upload_Me_Kristian-W7.zip uploadněte zde http://chiquitine.changelog.fr/Sample/Upload.php.
Díky :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
aiRen
Návštěvník
Návštěvník
Příspěvky: 38
Registrován: 05 úno 2010 17:21
Bydliště: Poprad
Kontaktovat uživatele:
Kontaktovat uživatele aiRen

Re: onlinegames.NNU (autorun.inf)

#14 Příspěvek od aiRen »

1.) Vírus je na USBčku
2.) USBčko sa neda sformátovať
3.) USBčko sa neda liečiť žiadnym Antivírusovým programom
4.) Celý kľúč je chránení proti zapisovaniu
5.) Typy vírusov (infikovaný súbor):
- Win32/Injector.ACV (RECYCLERS\runmgr.exe)
- INF/Autorun (autorun.inf)
- Win32/PSW.OnLineGames.NNU (f2kmj.exe)
CCleaner
Pomáham iba v prípade, že sa nejedná o vírus (Systemová chyba)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: onlinegames.NNU (autorun.inf)

#15 Příspěvek od motji »

Děkuji, ted je to srozumitelné. Poradím se s kolegy :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“