System sa zblaznil, pomoc!

[kroenen2]

Preskenoval som to Avirou, nenaslo virus okrem 2 warnings, nevim ci pomoze toto:



Avira AntiVir Personal
Report file date: 4. júna 2010 11:12

Scanning for 2186174 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (plain) [6.1.7600]
Boot mode : Save mode with network
Username : kroenenAMD
Computer name : KROENENAMD

Version information:
BUILD.DAT : 9.0.0.422 21701 Bytes 9. 3. 2010 10:29:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13. 10. 2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27. 2. 2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20. 2. 2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27. 2. 2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6. 11. 2009 06:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19. 11. 2009 23:57:02
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20. 1. 2010 10:34:04
VBASE003.VDF : 7.10.3.75 996864 Bytes 26. 1. 2010 10:21:00
VBASE004.VDF : 7.10.4.203 1579008 Bytes 5. 3. 2010 20:04:41
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15. 4. 2010 19:26:33
VBASE006.VDF : 7.10.7.218 2294784 Bytes 2. 6. 2010 11:59:52
VBASE007.VDF : 7.10.7.219 2048 Bytes 2. 6. 2010 11:59:52
VBASE008.VDF : 7.10.7.220 2048 Bytes 2. 6. 2010 11:59:53
VBASE009.VDF : 7.10.7.221 2048 Bytes 2. 6. 2010 11:59:53
VBASE010.VDF : 7.10.7.222 2048 Bytes 2. 6. 2010 11:59:53
VBASE011.VDF : 7.10.7.223 2048 Bytes 2. 6. 2010 11:59:53
VBASE012.VDF : 7.10.7.224 2048 Bytes 2. 6. 2010 11:59:53
VBASE013.VDF : 7.10.7.225 2048 Bytes 2. 6. 2010 11:59:53
VBASE014.VDF : 7.10.7.226 2048 Bytes 2. 6. 2010 11:59:53
VBASE015.VDF : 7.10.7.227 2048 Bytes 2. 6. 2010 11:59:53
VBASE016.VDF : 7.10.7.228 2048 Bytes 2. 6. 2010 11:59:53
VBASE017.VDF : 7.10.7.229 2048 Bytes 2. 6. 2010 11:59:53
VBASE018.VDF : 7.10.7.230 2048 Bytes 2. 6. 2010 11:59:53
VBASE019.VDF : 7.10.7.231 2048 Bytes 2. 6. 2010 11:59:54
VBASE020.VDF : 7.10.7.232 2048 Bytes 2. 6. 2010 11:59:55
VBASE021.VDF : 7.10.7.233 2048 Bytes 2. 6. 2010 11:59:55
VBASE022.VDF : 7.10.7.234 2048 Bytes 2. 6. 2010 11:59:55
VBASE023.VDF : 7.10.7.235 2048 Bytes 2. 6. 2010 11:59:56
VBASE024.VDF : 7.10.7.236 2048 Bytes 2. 6. 2010 11:59:57
VBASE025.VDF : 7.10.7.237 2048 Bytes 2. 6. 2010 11:59:57
VBASE026.VDF : 7.10.7.238 2048 Bytes 2. 6. 2010 11:59:57
VBASE027.VDF : 7.10.7.239 2048 Bytes 2. 6. 2010 11:59:58
VBASE028.VDF : 7.10.7.240 2048 Bytes 2. 6. 2010 11:59:58
VBASE029.VDF : 7.10.7.241 2048 Bytes 2. 6. 2010 11:59:58
VBASE030.VDF : 7.10.7.242 2048 Bytes 2. 6. 2010 11:59:58
VBASE031.VDF : 7.10.7.245 20992 Bytes 2. 6. 2010 11:59:59
Engineversion : 8.2.2.4
AEVDF.DLL : 8.1.2.0 106868 Bytes 23. 4. 2010 19:16:08
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 2. 6. 2010 11:58:02
AESCN.DLL : 8.1.6.1 127347 Bytes 12. 5. 2010 19:16:31
AESBX.DLL : 8.1.3.1 254324 Bytes 23. 4. 2010 19:16:09
AERDL.DLL : 8.1.4.6 541043 Bytes 15. 4. 2010 19:27:21
AEPACK.DLL : 8.2.1.1 426358 Bytes 19. 3. 2010 19:34:19
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 12. 5. 2010 19:16:30
AEHEUR.DLL : 8.1.1.32 2720118 Bytes 2. 6. 2010 11:58:00
AEHELP.DLL : 8.1.11.5 242038 Bytes 2. 6. 2010 11:57:54
AEGEN.DLL : 8.1.3.10 377205 Bytes 2. 6. 2010 11:57:53
AEEMU.DLL : 8.1.2.0 393588 Bytes 23. 4. 2010 19:16:04
AECORE.DLL : 8.1.15.3 192886 Bytes 12. 5. 2010 19:16:30
AEBB.DLL : 8.1.1.0 53618 Bytes 23. 4. 2010 19:16:02
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12. 12. 2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26. 8. 2009 14:14:02
AVREP.DLL : 8.0.0.7 159784 Bytes 18. 2. 2010 11:49:06
AVREG.DLL : 9.0.0.0 36609 Bytes 5. 12. 2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24. 3. 2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30. 1. 2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28. 1. 2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2. 2. 2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5. 12. 2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15. 5. 2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13. 10. 2009 11:25:47

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 4. júna 2010 11:12

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'MpCmdRun.exe' - '0' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'ctfmon.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
2 processes with 2 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '28' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Users\kroenenAMD\Desktop\paradigm.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
Begin scan in 'D:\'
Begin scan in 'E:\'
E:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
E:\KROENENAMD\Backup Set 2010-03-11 180433\Backup Files 2010-03-11 180433\Backup files 2.zip
[0] Archive type: ZIP
--> C/Users/kroenenAMD/Desktop/paradigm.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
E:\KROENENAMD\Backup Set 2010-04-04 190001\Backup Files 2010-04-04 190001\Backup files 2.zip
[0] Archive type: ZIP
--> C/Users/kroenenAMD/Desktop/paradigm.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
E:\KROENENAMD\Backup Set 2010-05-09 190001\Backup Files 2010-05-09 190001\Backup files 2.zip
[0] Archive type: ZIP
--> C/Users/kroenenAMD/Desktop/paradigm.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
E:\MY SOFTWARE\MEDIA\CRACKY-PATCHE-PREKLADY\Tomb raider\Underworld\Tombraider Underworld Trainer.exe
[DETECTION] Is the TR/Buzus.cmtp Trojan
E:\MY SOFTWARE\MEDIA\CRACKY-PATCHE-PREKLADY\Tomb raider\Underworld\underthetombofcraft11-ch.zip
[0] Archive type: ZIP
--> Tombraider Underworld Trainer.exe
[DETECTION] Is the TR/Buzus.cmtp Trojan
E:\Paradigm multihack\paradigm.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan

Beginning disinfection:
C:\Users\kroenenAMD\Desktop\paradigm.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '4c7ad6d2.qua'!
E:\KROENENAMD\Backup Set 2010-03-11 180433\Backup Files 2010-03-11 180433\Backup files 2.zip
[NOTE] The file was moved to '4c6bd6d2.qua'!
E:\KROENENAMD\Backup Set 2010-04-04 190001\Backup Files 2010-04-04 190001\Backup files 2.zip
[NOTE] The file was moved to '4c6bd6d4.qua'!
E:\KROENENAMD\Backup Set 2010-05-09 190001\Backup Files 2010-05-09 190001\Backup files 2.zip
[NOTE] The file was moved to '4c6bd6d8.qua'!
E:\MY SOFTWARE\MEDIA\CRACKY-PATCHE-PREKLADY\Tomb raider\Underworld\Tombraider Underworld Trainer.exe
[DETECTION] Is the TR/Buzus.cmtp Trojan
[NOTE] The file was moved to '4c75d6ea.qua'!
E:\MY SOFTWARE\MEDIA\CRACKY-PATCHE-PREKLADY\Tomb raider\Underworld\underthetombofcraft11-ch.zip
[NOTE] The file was moved to '4c6cd6e9.qua'!
E:\Paradigm multihack\paradigm.exe
[DETECTION] Is the TR/Hijacker.Gen Trojan
[NOTE] The file was moved to '4c7ad6dc.qua'!


End of the scan: 4. júna 2010 12:33
Used time: 43:20 Minute(s)

The scan has been done completely.

31285 Scanned directories
545268 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
545259 Files not concerned
2797 Archives were scanned
2 Warnings
9 Notes

[JaRon]

OKi, prescanuj PC este s MBAM, ale vypada to dobre

[kroenen2]

Preskenovane s MBAM, naslo 19 infikovanych

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4168

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

4. 6. 2010 13:06:18
mbam-log-2010-06-04 (13-06-18).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 132860
Uplynulý čas: 2 min, 50 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 3
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 16

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\Users\kroenenAMD\AppData\Local\Temp\0.4693641391906562.exe (Trojan.Dropper) -> No action taken.
C:\Users\kroenenAMD\AppData\Local\Temp\4_pinnew.exe (Trojan.Agent) -> No action taken.
C:\Users\kroenenAMD\AppData\Local\Temp\6_ldry3no.exe (Trojan.Zbot) -> No action taken.
C:\Users\kroenenAMD\AppData\Local\Temp\avto.exe (Trojan.Agent) -> No action taken.
C:\Users\kroenenAMD\AppData\Local\Temp\miragge.exe (Trojan.Agent) -> No action taken.
C:\Users\kroenenAMD\AppData\Local\Temp\opeDCB0.exe (Trojan.Agent) -> No action taken.
C:\Users\kroenenAMD\AppData\Local\Temp\q1.exe (Trojan.Agent) -> No action taken.
C:\Users\kroenenAMD\AppData\Local\Temp\svchosty.exe (Trojan.VirTool) -> No action taken.
C:\Windows\lsass.exe (Trojan.Agent) -> No action taken.
C:\Windows\svc.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\sshnas21.dll (Trojan.FakeAlert) -> No action taken.
C:\Users\kroenenAMD\AppData\Local\Temp\2_load.exe (Trojan.Agent) -> No action taken.
C:\Users\kroenenAMD\AppData\Local\Temp\60325cahp25ca0.exe (Trojan.Agent) -> No action taken.
C:\Users\kroenenAMD\AppData\Local\Temp\60325cahp25ca2.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.


-----------------------------
Mozem vsetky odstranit?

[JaRon]

ANO, vsetko nechaj odstranit, restart do normal rezimu a zopakuj MBAM

[kroenen2]

Hotovo, bez chyby. Vyzera vsetko v poriadku, takze dakujem Vam.

Asi mi neviete povedat ako sa to stalo, ze? mal som vtedy len mozillu otvorenu, ale ziadna stranka sa mi nenacitavala... a v pozadi sa mi robil kompletny Avira scan - asi tak 50% bolo, ked sa to stalo. Ale to s tym asi nema nic spolocne.

[JaRon]

hlavne, ze to bezi - nemas zac
moznosti vidim dve - bud z cracku, alebo z nejakej stranky