virus Security tool

[Weenie]

oki takze takto:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\explorer.exe" is whitelisted
File move operation "C:\vymena\explorer.exe|C:\WINDOWS\explorer.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: file "c:\windows\system32\lsass.exe" is whitelisted
File move operation "C:\vymena\lsass.exe|c:\windows\system32\lsass.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: file "c:\windows\system32\services.exe" is whitelisted
File move operation "C:\vymena\services.exe|c:\windows\system32\services.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

File move operation "C:\vymena\spoolsv.exe|c:\windows\system32\spoolsv.exe" completed successfully.

Error: file "c:\windows\system32\winlogon.exe" is whitelisted
File move operation "C:\vymena\winlogon.exe|c:\windows\system32\winlogon.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: file "c:\windows\system32\svchost.exe" is whitelisted
File move operation "C:\vymena\svchost.exe|c:\windows\system32\svchost.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.

[stell]

nj,whitelist.
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
FCOPY::
C:\vymena\explorer.exe | C:\WINDOWS\explorer.exe
C:\vymena\lsass.exe | c:\windows\system32\lsass.exe
C:\vymena\services.exe | c:\windows\system32\services.exe
C:\vymena\spoolsv.exe | c:\windows\system32\spoolsv.exe
C:\vymena\winlogon.exe | c:\windows\system32\winlogon.exe
C:\vymena\svchost.exe | c:\windows\system32\svchost.exe

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[Weenie]

oki takze popisem co sa dialo:) ked som ten txt subor dal na combofix tak pocitac dvakrat zapipal (píp-píp) a vyhodilo mi to chybnu hlasku s nazvom chyba a v hlaske dalej nebolo nic napisane iba moznost ok...tak som to odklikol a pocitac sa hned restartoval....po restarte a spusteni windowsu opat pocitac dvakrat zapipal a nabehol combofix...dalej uz to prebehlo normalne...nevies co to bolo?? dufam ze ziadny vazny problem...lebo po spusteni mi este vybehla hlaska ze program deamon tools sa neda spustit lebo je potrebny najmenej windows 2000 a vypnutie ladenie jadra...tak nejak:

no nic log COMBOFIX:

ComboFix 10-08-24.02 - tam . 08. 2010 19:27:20.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.991.526 [GMT 2:00]
Running from: c:\documents and settings\tam\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\tam\Plocha\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\vymena\explorer.exe --> c:\windows\explorer.exe
c:\vymena\lsass.exe --> c:\windows\system32\lsass.exe
c:\vymena\services.exe --> c:\windows\system32\services.exe
c:\vymena\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\vymena\svchost.exe --> c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-24 17:10 . 2010-08-24 17:13 -------- d-----w- C:\vymena
2010-08-24 13:14 . 2010-08-24 13:14 -------- d-----w- C:\_OTM
2010-08-24 11:55 . 2010-08-24 16:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-24 11:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 11:30 . 2010-08-24 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 11:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-24 10:14 . 2010-08-24 12:40 -------- d-----w- c:\program files\trend micro
2010-08-24 10:07 . 2010-08-24 10:07 -------- d-----w- c:\windows\RegLooks
2010-08-24 10:03 . 2010-08-24 13:05 -------- d-----w- C:\rsit
2010-08-23 22:41 . 2010-08-23 22:41 -------- d-----w- c:\program files\Magic Bullet Suite 2.1
2010-08-23 22:40 . 2010-08-23 22:44 -------- d-----w- c:\program files\Magic Bullet Looks
2010-08-23 21:42 . 2004-10-03 15:41 167936 ----a-w- c:\windows\system32\Engine3D.dll
2010-08-23 21:34 . 2005-11-20 18:42 3272704 ----a-w- c:\windows\system32\sapphire_ae.dll
2010-08-23 12:16 . 2010-08-23 12:16 -------- d-----w- C:\NVIDIA
2010-08-23 11:50 . 2010-08-23 11:50 -------- d-----w- c:\program files\Magic Bullet Mojo Vegas
2010-08-23 11:47 . 2010-08-23 11:47 50400 ----a-w- c:\windows\system32\uepzunjvwporzc.exe
2010-08-22 07:47 . 2010-08-22 07:47 -------- d-----w- c:\program files\Audacity1.2.6
2010-08-22 07:05 . 2010-08-22 07:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-08-20 09:02 . 2010-08-20 09:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-19 19:52 . 2010-08-19 19:52 -------- d-----w- c:\program files\Cycore FX 1.0.1
2010-08-07 18:31 . 2010-08-07 18:31 -------- d-----w- c:\program files\Digieffects
2010-08-03 10:53 . 2010-08-03 10:53 36868 ----a-w- c:\program files\uninst-Particular.exe
2010-08-03 10:53 . 2010-08-03 10:53 -------- d-----w- C:\Presets
2010-08-03 10:51 . 2010-08-03 10:51 36868 ----a-w- c:\program files\uninst-Lux.exe
2010-08-03 10:50 . 2010-08-03 10:50 -------- d-----w- c:\program files\Trapcode Form
2010-08-03 10:47 . 2010-08-03 10:49 36868 ----a-w- c:\program files\uninst-Echospace.exe
2010-08-03 10:45 . 2010-08-03 10:56 -------- d-----w- c:\program files\Trapcode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 17:34 . 2008-05-24 13:25 -------- d-----w- c:\program files\Steam
2010-08-24 13:39 . 2001-10-25 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-08-23 22:41 . 2010-08-23 22:41 3932 ----a-w- c:\program files\mbsuite21.log
2010-08-23 12:08 . 2009-11-24 20:14 -------- d-----w- c:\program files\BitComet
2010-08-21 15:22 . 2010-01-27 11:35 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-08-16 12:18 . 2009-12-11 13:02 -------- d-----w- c:\program files\Absolute Poker
2010-08-15 07:54 . 2010-06-24 16:02 -------- d-----w- c:\program files\ICQ7.2
2010-08-03 10:56 . 2010-08-03 10:56 1999 ----a-w- c:\program files\trapcodeStarglow.log
2010-08-03 10:55 . 2010-08-03 10:55 1972 ----a-w- c:\program files\trapcodeShine.log
2010-08-03 10:50 . 2010-08-03 10:50 19549 ----a-w- c:\program files\trapcodeform.log
2010-08-03 10:45 . 2010-08-03 10:45 4556 ----a-w- c:\program files\trapcode3Dstroke.log
2010-07-22 16:58 . 2009-08-25 20:54 -------- d-----w- c:\program files\Boris FX, Inc
2010-07-22 16:57 . 2010-07-22 16:57 -------- d-----w- c:\program files\GenArts
2010-07-07 10:47 . 2009-12-20 13:30 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-07-06 16:51 . 2010-07-06 16:36 -------- d-----w- c:\program files\New Star Soccer 2
2010-07-06 16:36 . 2010-07-03 19:08 63473 ----a-w- c:\windows\system32\SpoonUninstall-New Star Soccer 2.dat
2010-07-06 16:36 . 2010-07-03 19:08 167936 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-06 16:27 . 2010-01-08 21:10 -------- d-----w- c:\program files\CamStudio
2010-07-05 21:21 . 2009-12-27 23:20 -------- d-----w- c:\program files\DivX
2010-07-02 20:16 . 2009-08-29 18:04 -------- d-----w- c:\program files\EslWire
2010-07-01 12:18 . 2010-07-01 12:14 -------- d-----w- c:\program files\LEGO Company
2010-06-17 09:25 . 2001-10-25 12:00 804456 ----a-w- c:\windows\system32\perfh005.dat
2010-06-17 09:25 . 2001-10-25 12:00 289656 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 11:56 . 2008-05-21 20:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-02 10:45 . 2010-01-02 10:34 91849619 ----a-w- c:\program files\rsk55ind.zip
2007-07-17 11:13 . 2007-07-12 09:51 61440 ----a-w- c:\program files\RGSGrowBounds.aex
2007-05-03 15:32 . 2007-05-03 15:32 434 ----a-w- c:\program files\setup_bs.exe
2005-06-13 11:46 . 2009-02-28 22:13 45 ----a-w- c:\program files\Setup.Ini
2001-09-25 20:05 . 2009-02-28 22:13 1707856 ----a-w- c:\program files\InstMsiA.Exe
2001-09-11 23:04 . 2009-02-28 22:13 1821008 ----a-w- c:\program files\InstMsiW.Exe
.

------- Sigcheck -------

[-] 2008-05-07 . F587B0981034E79FF9C447C16CB66380 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-24_14.18.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-24 17:34 . 2010-08-24 17:34 16384 c:\windows\temp\Perflib_Perfdata_50c.dat
+ 2008-04-14 06:52 . 2009-08-17 13:26 57856 c:\windows\system32\spoolsv.exe
+ 2008-04-14 06:52 . 2009-08-17 13:26 14336 c:\windows\system32\dllcache\svchost.exe
+ 2008-04-14 06:52 . 2009-08-17 13:26 13312 c:\windows\system32\dllcache\lsass.exe
+ 2008-04-14 06:52 . 2009-08-17 13:27 507904 c:\windows\system32\dllcache\winlogon.exe
+ 2008-04-14 06:52 . 2009-08-17 13:26 111104 c:\windows\system32\dllcache\services.exe
+ 2008-04-14 06:52 . 2009-08-17 13:26 1034240 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Octoshape Streaming Services"="c:\documents and settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Google Update"="c:\documents and settings\tam\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-26 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]
"nwiz"="nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hltv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\dedicated server\\hltv.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\lukesin15\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Documents and Settings\\tam\\Data aplikací\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\tam\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\dedicated server\\hlds.exe"=
"c:\\Documents and Settings\\tam\\Plocha\\NOVE MOVIE\\genArts sapphire plugins\\GENARTS_SAPPHIRE\\rlm.exe"=
"c:\\Program Files\\GenArts\\rlm\\rlm.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12817:TCP"= 12817:TCP:BitComet 12817 TCP
"12817:UDP"= 12817:UDP:BitComet 12817 UDP
"14457:TCP"= 14457:TCP:BitComet 14457 TCP
"14457:UDP"= 14457:UDP:BitComet 14457 UDP

R2 RLM-GenArts;RLM-GenArts;c:\program files\GenArts\rlm\rlm.exe [22. 7. 2010 19:00 1540096]
S2 gupdate1c99694d879faee;Služba Google Update (gupdate1c99694d879faee);c:\program files\Google\Update\GoogleUpdate.exe [24. 2. 2009 17:30 133104]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [25. 11. 2008 20:42 27904]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21. 5. 2008 22:04 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 19:00]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 15:30]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 15:30]

2010-08-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-764733703-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-08-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-764733703-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
DPF: {2827941E-F3B4-11D1-870D-00006E30EA7D} - hxxp://ebanka.tuke.sk/Ib/sk/objects/SigningProj.cab
DPF: {A4735C9C-6626-4386-9B93-2D9B79047AB8} - hxxp://televizia.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\documents and settings\tam\Data aplikací\Mozilla\Firefox\Profiles\p79xkhnr.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 19:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-764733703-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,4e,ec,71,67,9b,e6,a3,97,38,64,42,ea,66,3b,bb,27,7d,75,f5,12,32,38,
09,1d,e7,ce,e6,cf,f4,9c,f3,d3,87,c3,b7,3c,ec,71,9a,ca,c3,9e,35,36,37,b5,f9,\
"??"=hex:24,87,4a,ae,2e,96,d4,2c,9e,c5,0a,7e,0a,a2,54,3e

[HKEY_USERS\S-1-5-21-329068152-764733703-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:a8,54,bc,21,be,e4,ee,9c,b9,6e,d9,29,25,7a,20,c9,03,69,b0,e1,e0,
02,47,b9,00,b5,35,a8,40,7d,23,0d,d8,90,db,6f,04,42,40,66,84,04,3a,d5,3a,ad,\
"rkeysecu"=hex:c9,cf,ca,23,e6,27,fa,31,26,64,84,09,80,f6,2f,25
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-08-24 19:39:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-24 17:38
ComboFix2.txt 2010-08-24 15:29
ComboFix3.txt 2010-08-24 14:19

Pre-Run: Volných bajtů: 47 989 739 520
Post-Run: Volných bajtů: 47 971 311 616

- - End Of File - - B62EE97AD75E7B51BD872C15EC15EC4A

[stell]

to pipanie ,combofix vypinal DAEMON, aby nebranilo v oprave systemu, takze vsetko ok, teraz uz len cistenie, Takze sprav r toto
Stiahnite si prosím DeFogger na váš desktop.
http://www.jpshortstuff.247fixes.com/Defogger.exe
Dvojitým kliknutím DeFogger spustiť nástroj.
aplikácie sa objaví okno
kliknite na tlačidlo Zakázať zakázať vaše CD emulácia ovládače
Kliknutím na tlačidlo Áno, aby pokračovali
'Hotovo!' 'Finished!' zobrazí sa správa
Kliknite na tlačidlo OK
DeFogger môže požiadať vás o reštart, keď to robí - kliknite na tlačidlo OK.
Po restarte daj reenable, a Daemon bude funkcny,
odinstaluj combofix-klik-start-klik-spustit-skopiruj prikaz do okna combofix /uninstall
spust OTL-klik-cleanup-yes,yes,
spust OTM-klik-cleanup-yes,yes,
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
odskusaj pc, a napis ako sa chova.
treba ti nainstalovat Antivir a Firewall,

[Weenie]

tak vyzera to tak ze problem je vyrieseny ziadne okna security tool mi tu nenaskakuju aplikacie co som skusal idu v pohode...
akurat v ponuke start - programy mam este stale security tool

a na ploche nejake subory co som pouzil na odvirovanie napr rkill,hostsperm, reglooks...to mozem kludne vymazat? aj s C:/ tu zlozku vymena? predpokladam?:)

a antivir urcite akurat pred par dnami mi skoncila trial verzia nod32 a bol som nejaky lenivy zaobstarat novy antivir...tak ale po dnesnych skusenostiach uz ani minutu bez antiviru fakt

keby sa objavili nejake problemy tak viem na koho sa obratit:)

[Weenie]

no a musim ti nakoniec este velmi pekne podakovat nemal si to so mnou urcite lahke fakt v tom comu sa venujes si jednicka dik

[stell]

programy mam este stale security tool>>
>>pravy klik-odstarnit, a zbytok co pises mozes tiez zmazat,
nemas zaco,
edit, este mozes vycistit CCleanerom
Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,
defragmentuj pevny disk,
http://www.piriform.com/defraggler

[Weenie]

jo a este malwarebytes antimalware...to mozem tiez odinstalovat?

[stell]

tam som ti este dopisal, CCleaner a deffragler, takze sprav aj to, nie malwarebytes , nechaj a treba preventivne aj spustat, ale pred skenom, treba stale aktualizovat.

[Weenie]

oki a nebude sa to bit s nod32 ? idem teraz instalovat

[stell]

nie, malwarebytes nema realtime ochranu, treba aj firewall, nainstaluj tento, ale presne tak ako je napisane, bez spyware doctora.
http://www.viry.cz/forum/viewtopic.php? ... 36#p868836

[Weenie]

a nestaci firewall windowsu?

[stell]

nie, win firewall ziadny firewall.

[Weenie]

:D:D ok dam na teba:) ja len vies nechcem si zbytocne zasierat pc hlavne ramku aplikaciami ktore netreba ale tak toto evidentne treba po dnesku

jaaaj no co ti poviem si proste Pán dik este raz

[stell]

praveze ti tam davam minimum, co musis mat, v dnesnej dobe ist na internet bez Firewallu a Antiviru, je samovrazda pocitaca, ten tvoj uz bol na kolenach,
Nemas zaco.