VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

virus Security tool

https://forum.viry.cz:443/viewtopic.php?t=104008

Stránka 4 z 5

Re: virus Security tool

Napsal: 24 srp 2010 18:15
od Weenie
oki takze takto:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\explorer.exe" is whitelisted
File move operation "C:\vymena\explorer.exe|C:\WINDOWS\explorer.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: file "c:\windows\system32\lsass.exe" is whitelisted
File move operation "C:\vymena\lsass.exe|c:\windows\system32\lsass.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: file "c:\windows\system32\services.exe" is whitelisted
File move operation "C:\vymena\services.exe|c:\windows\system32\services.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

File move operation "C:\vymena\spoolsv.exe|c:\windows\system32\spoolsv.exe" completed successfully.

Error: file "c:\windows\system32\winlogon.exe" is whitelisted
File move operation "C:\vymena\winlogon.exe|c:\windows\system32\winlogon.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Error: file "c:\windows\system32\svchost.exe" is whitelisted
File move operation "C:\vymena\svchost.exe|c:\windows\system32\svchost.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.

Re: virus Security tool

Napsal: 24 srp 2010 18:17
od stell
nj,whitelist.
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
FCOPY::
C:\vymena\explorer.exe | C:\WINDOWS\explorer.exe
C:\vymena\lsass.exe | c:\windows\system32\lsass.exe
C:\vymena\services.exe | c:\windows\system32\services.exe
C:\vymena\spoolsv.exe | c:\windows\system32\spoolsv.exe
C:\vymena\winlogon.exe | c:\windows\system32\winlogon.exe
C:\vymena\svchost.exe | c:\windows\system32\svchost.exe
Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

Re: virus Security tool

Napsal: 24 srp 2010 18:43
od Weenie
oki takze popisem co sa dialo:) ked som ten txt subor dal na combofix tak pocitac dvakrat zapipal (píp-píp) :) a vyhodilo mi to chybnu hlasku s nazvom chyba a v hlaske dalej nebolo nic napisane iba moznost ok...tak som to odklikol a pocitac sa hned restartoval....po restarte a spusteni windowsu opat pocitac dvakrat zapipal a nabehol combofix...dalej uz to prebehlo normalne...nevies co to bolo?? :D dufam ze ziadny vazny problem...lebo po spusteni mi este vybehla hlaska ze program deamon tools sa neda spustit lebo je potrebny najmenej windows 2000 a vypnutie ladenie jadra...tak nejak:

no nic log COMBOFIX:

ComboFix 10-08-24.02 - tam . 08. 2010 19:27:20.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.991.526 [GMT 2:00]
Running from: c:\documents and settings\tam\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\tam\Plocha\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\vymena\explorer.exe --> c:\windows\explorer.exe
c:\vymena\lsass.exe --> c:\windows\system32\lsass.exe
c:\vymena\services.exe --> c:\windows\system32\services.exe
c:\vymena\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\vymena\svchost.exe --> c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-24 to 2010-08-24 )))))))))))))))))))))))))))))))
.

2010-08-24 17:10 . 2010-08-24 17:13 -------- d-----w- C:\vymena
2010-08-24 13:14 . 2010-08-24 13:14 -------- d-----w- C:\_OTM
2010-08-24 11:55 . 2010-08-24 16:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-24 11:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-24 11:30 . 2010-08-24 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-24 11:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-24 10:14 . 2010-08-24 12:40 -------- d-----w- c:\program files\trend micro
2010-08-24 10:07 . 2010-08-24 10:07 -------- d-----w- c:\windows\RegLooks
2010-08-24 10:03 . 2010-08-24 13:05 -------- d-----w- C:\rsit
2010-08-23 22:41 . 2010-08-23 22:41 -------- d-----w- c:\program files\Magic Bullet Suite 2.1
2010-08-23 22:40 . 2010-08-23 22:44 -------- d-----w- c:\program files\Magic Bullet Looks
2010-08-23 21:42 . 2004-10-03 15:41 167936 ----a-w- c:\windows\system32\Engine3D.dll
2010-08-23 21:34 . 2005-11-20 18:42 3272704 ----a-w- c:\windows\system32\sapphire_ae.dll
2010-08-23 12:16 . 2010-08-23 12:16 -------- d-----w- C:\NVIDIA
2010-08-23 11:50 . 2010-08-23 11:50 -------- d-----w- c:\program files\Magic Bullet Mojo Vegas
2010-08-23 11:47 . 2010-08-23 11:47 50400 ----a-w- c:\windows\system32\uepzunjvwporzc.exe
2010-08-22 07:47 . 2010-08-22 07:47 -------- d-----w- c:\program files\Audacity1.2.6
2010-08-22 07:05 . 2010-08-22 07:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-08-20 09:02 . 2010-08-20 09:02 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-19 19:52 . 2010-08-19 19:52 -------- d-----w- c:\program files\Cycore FX 1.0.1
2010-08-07 18:31 . 2010-08-07 18:31 -------- d-----w- c:\program files\Digieffects
2010-08-03 10:53 . 2010-08-03 10:53 36868 ----a-w- c:\program files\uninst-Particular.exe
2010-08-03 10:53 . 2010-08-03 10:53 -------- d-----w- C:\Presets
2010-08-03 10:51 . 2010-08-03 10:51 36868 ----a-w- c:\program files\uninst-Lux.exe
2010-08-03 10:50 . 2010-08-03 10:50 -------- d-----w- c:\program files\Trapcode Form
2010-08-03 10:47 . 2010-08-03 10:49 36868 ----a-w- c:\program files\uninst-Echospace.exe
2010-08-03 10:45 . 2010-08-03 10:56 -------- d-----w- c:\program files\Trapcode

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 17:34 . 2008-05-24 13:25 -------- d-----w- c:\program files\Steam
2010-08-24 13:39 . 2001-10-25 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-08-23 22:41 . 2010-08-23 22:41 3932 ----a-w- c:\program files\mbsuite21.log
2010-08-23 12:08 . 2009-11-24 20:14 -------- d-----w- c:\program files\BitComet
2010-08-21 15:22 . 2010-01-27 11:35 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-08-16 12:18 . 2009-12-11 13:02 -------- d-----w- c:\program files\Absolute Poker
2010-08-15 07:54 . 2010-06-24 16:02 -------- d-----w- c:\program files\ICQ7.2
2010-08-03 10:56 . 2010-08-03 10:56 1999 ----a-w- c:\program files\trapcodeStarglow.log
2010-08-03 10:55 . 2010-08-03 10:55 1972 ----a-w- c:\program files\trapcodeShine.log
2010-08-03 10:50 . 2010-08-03 10:50 19549 ----a-w- c:\program files\trapcodeform.log
2010-08-03 10:45 . 2010-08-03 10:45 4556 ----a-w- c:\program files\trapcode3Dstroke.log
2010-07-22 16:58 . 2009-08-25 20:54 -------- d-----w- c:\program files\Boris FX, Inc
2010-07-22 16:57 . 2010-07-22 16:57 -------- d-----w- c:\program files\GenArts
2010-07-07 10:47 . 2009-12-20 13:30 -------- d-----w- c:\program files\Czech Soccer Manager 2002 FE
2010-07-06 16:51 . 2010-07-06 16:36 -------- d-----w- c:\program files\New Star Soccer 2
2010-07-06 16:36 . 2010-07-03 19:08 63473 ----a-w- c:\windows\system32\SpoonUninstall-New Star Soccer 2.dat
2010-07-06 16:36 . 2010-07-03 19:08 167936 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-06 16:27 . 2010-01-08 21:10 -------- d-----w- c:\program files\CamStudio
2010-07-05 21:21 . 2009-12-27 23:20 -------- d-----w- c:\program files\DivX
2010-07-02 20:16 . 2009-08-29 18:04 -------- d-----w- c:\program files\EslWire
2010-07-01 12:18 . 2010-07-01 12:14 -------- d-----w- c:\program files\LEGO Company
2010-06-17 09:25 . 2001-10-25 12:00 804456 ----a-w- c:\windows\system32\perfh005.dat
2010-06-17 09:25 . 2001-10-25 12:00 289656 ----a-w- c:\windows\system32\perfc005.dat
2010-06-16 11:56 . 2008-05-21 20:04 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-02 10:45 . 2010-01-02 10:34 91849619 ----a-w- c:\program files\rsk55ind.zip
2007-07-17 11:13 . 2007-07-12 09:51 61440 ----a-w- c:\program files\RGSGrowBounds.aex
2007-05-03 15:32 . 2007-05-03 15:32 434 ----a-w- c:\program files\setup_bs.exe
2005-06-13 11:46 . 2009-02-28 22:13 45 ----a-w- c:\program files\Setup.Ini
2001-09-25 20:05 . 2009-02-28 22:13 1707856 ----a-w- c:\program files\InstMsiA.Exe
2001-09-11 23:04 . 2009-02-28 22:13 1821008 ----a-w- c:\program files\InstMsiW.Exe
.

------- Sigcheck -------

[-] 2008-05-07 . F587B0981034E79FF9C447C16CB66380 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-08-24_14.18.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-24 17:34 . 2010-08-24 17:34 16384 c:\windows\temp\Perflib_Perfdata_50c.dat
+ 2008-04-14 06:52 . 2009-08-17 13:26 57856 c:\windows\system32\spoolsv.exe
+ 2008-04-14 06:52 . 2009-08-17 13:26 14336 c:\windows\system32\dllcache\svchost.exe
+ 2008-04-14 06:52 . 2009-08-17 13:26 13312 c:\windows\system32\dllcache\lsass.exe
+ 2008-04-14 06:52 . 2009-08-17 13:27 507904 c:\windows\system32\dllcache\winlogon.exe
+ 2008-04-14 06:52 . 2009-08-17 13:26 111104 c:\windows\system32\dllcache\services.exe
+ 2008-04-14 06:52 . 2009-08-17 13:26 1034240 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2010-08-24 1242448]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Octoshape Streaming Services"="c:\documents and settings\tam\Data aplikací\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Google Update"="c:\documents and settings\tam\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-26 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]
"nwiz"="nwiz.exe" [2009-07-08 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hltv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\dedicated server\\hltv.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\EslWire\\wire.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\lukesin15\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Documents and Settings\\tam\\Data aplikací\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\tam\\Local Settings\\Data aplikací\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\dedicated server\\hlds.exe"=
"c:\\Documents and Settings\\tam\\Plocha\\NOVE MOVIE\\genArts sapphire plugins\\GENARTS_SAPPHIRE\\rlm.exe"=
"c:\\Program Files\\GenArts\\rlm\\rlm.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Steam\\steamapps\\phioneer\\counter-strike\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12817:TCP"= 12817:TCP:BitComet 12817 TCP
"12817:UDP"= 12817:UDP:BitComet 12817 UDP
"14457:TCP"= 14457:TCP:BitComet 14457 TCP
"14457:UDP"= 14457:UDP:BitComet 14457 UDP

R2 RLM-GenArts;RLM-GenArts;c:\program files\GenArts\rlm\rlm.exe [22. 7. 2010 19:00 1540096]
S2 gupdate1c99694d879faee;Služba Google Update (gupdate1c99694d879faee);c:\program files\Google\Update\GoogleUpdate.exe [24. 2. 2009 17:30 133104]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [25. 11. 2008 20:42 27904]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21. 5. 2008 22:04 691696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-14 19:00]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 15:30]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 15:30]

2010-08-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-329068152-764733703-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]

2010-08-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-764733703-1177238915-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stáhnout odkaz s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Stáhnout všechna videa s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Stáhnout všechny odkazy s použitím BitCometu - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
DPF: {2827941E-F3B4-11D1-870D-00006E30EA7D} - hxxp://ebanka.tuke.sk/Ib/sk/objects/SigningProj.cab
DPF: {A4735C9C-6626-4386-9B93-2D9B79047AB8} - hxxp://televizia.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
DPF: {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} - hxxp://t.live.cctv.com/ieocx/CCTVUpdateInstall.dll
FF - ProfilePath - c:\documents and settings\tam\Data aplikací\Mozilla\Firefox\Profiles\p79xkhnr.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\TV JOJ Media Player\npplugin_netscape.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-24 19:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-329068152-764733703-1177238915-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6d,4e,ec,71,67,9b,e6,a3,97,38,64,42,ea,66,3b,bb,27,7d,75,f5,12,32,38,
09,1d,e7,ce,e6,cf,f4,9c,f3,d3,87,c3,b7,3c,ec,71,9a,ca,c3,9e,35,36,37,b5,f9,\
"??"=hex:24,87,4a,ae,2e,96,d4,2c,9e,c5,0a,7e,0a,a2,54,3e

[HKEY_USERS\S-1-5-21-329068152-764733703-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:a8,54,bc,21,be,e4,ee,9c,b9,6e,d9,29,25,7a,20,c9,03,69,b0,e1,e0,
02,47,b9,00,b5,35,a8,40,7d,23,0d,d8,90,db,6f,04,42,40,66,84,04,3a,d5,3a,ad,\
"rkeysecu"=hex:c9,cf,ca,23,e6,27,fa,31,26,64,84,09,80,f6,2f,25
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2010-08-24 19:39:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-24 17:38
ComboFix2.txt 2010-08-24 15:29
ComboFix3.txt 2010-08-24 14:19

Pre-Run: Volných bajtů: 47 989 739 520
Post-Run: Volných bajtů: 47 971 311 616

- - End Of File - - B62EE97AD75E7B51BD872C15EC15EC4A

Re: virus Security tool

Napsal: 24 srp 2010 18:52
od stell
to pipanie ,combofix vypinal DAEMON, aby nebranilo v oprave systemu, takze vsetko ok, teraz uz len cistenie, Takze sprav r toto
:arrow: Stiahnite si prosím DeFogger na váš desktop.
http://www.jpshortstuff.247fixes.com/Defogger.exe
Dvojitým kliknutím DeFogger spustiť nástroj.
aplikácie sa objaví okno
kliknite na tlačidlo Zakázať zakázať vaše CD emulácia ovládače
Kliknutím na tlačidlo Áno, aby pokračovali
'Hotovo!' 'Finished!' zobrazí sa správa
Kliknite na tlačidlo OK
DeFogger môže požiadať vás o reštart, keď to robí - kliknite na tlačidlo OK.
Po restarte daj reenable, a Daemon bude funkcny,
:arrow: odinstaluj combofix-klik-start-klik-spustit-skopiruj prikaz do okna combofix /uninstall
:arrow: spust OTL-klik-cleanup-yes,yes,
:arrow: spust OTM-klik-cleanup-yes,yes,
:arrow: Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
:arrow: odskusaj pc, a napis ako sa chova.
:arrow: treba ti nainstalovat Antivir a Firewall,

Re: virus Security tool

Napsal: 24 srp 2010 19:20
od Weenie
tak vyzera to tak ze problem je vyrieseny :) ziadne okna security tool mi tu nenaskakuju aplikacie co som skusal idu v pohode...
akurat v ponuke start - programy mam este stale security tool

a na ploche nejake subory co som pouzil na odvirovanie napr rkill,hostsperm, reglooks...to mozem kludne vymazat? aj s C:/ tu zlozku vymena? predpokladam?:)

a antivir urcite :) akurat pred par dnami mi skoncila trial verzia nod32 a bol som nejaky lenivy zaobstarat novy antivir...tak ale po dnesnych skusenostiach uz ani minutu bez antiviru fakt :D

keby sa objavili nejake problemy tak viem na koho sa obratit:)

Re: virus Security tool

Napsal: 24 srp 2010 19:22
od Weenie
no a musim ti nakoniec este velmi pekne podakovat :) nemal si to so mnou urcite lahke :D fakt v tom comu sa venujes si jednicka :) dik

Re: virus Security tool

Napsal: 24 srp 2010 19:23
od stell
programy mam este stale security tool>>
>>pravy klik-odstarnit, a zbytok co pises mozes tiez zmazat,
:) nemas zaco,
edit, este mozes vycistit CCleanerom
Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,
:arrow: defragmentuj pevny disk,
http://www.piriform.com/defraggler

Re: virus Security tool

Napsal: 24 srp 2010 19:26
od Weenie
jo a este malwarebytes antimalware...to mozem tiez odinstalovat?

Re: virus Security tool

Napsal: 24 srp 2010 19:29
od stell
tam som ti este dopisal, CCleaner a deffragler, takze sprav aj to, nie malwarebytes , nechaj a treba preventivne aj spustat, ale pred skenom, treba stale aktualizovat. :D

Re: virus Security tool

Napsal: 24 srp 2010 19:31
od Weenie
oki a nebude sa to bit s nod32 ? idem teraz instalovat :)

Re: virus Security tool

Napsal: 24 srp 2010 19:34
od stell
nie, malwarebytes nema realtime ochranu, treba aj firewall, nainstaluj tento, ale presne tak ako je napisane, bez spyware doctora.
http://www.viry.cz/forum/viewtopic.php? ... 36#p868836

Re: virus Security tool

Napsal: 24 srp 2010 19:38
od Weenie
a nestaci firewall windowsu? :)

Re: virus Security tool

Napsal: 24 srp 2010 19:41
od stell
nie, win firewall ziadny firewall. :)

Re: virus Security tool

Napsal: 24 srp 2010 19:43
od Weenie
:D:D:D ok dam na teba:) ja len vies nechcem si zbytocne zasierat pc hlavne ramku aplikaciami ktore netreba :) ale tak toto evidentne treba po dnesku :D

jaaaj no co ti poviem si proste Pán :D dik este raz

Re: virus Security tool

Napsal: 24 srp 2010 19:46
od stell
praveze ti tam davam minimum, co musis mat, v dnesnej dobe ist na internet bez Firewallu a Antiviru, je samovrazda pocitaca, ten tvoj uz bol na kolenach, :D
Nemas zaco. :wink:
Všechny časy jsou v UTC+01:00
Stránka 4 z 5

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz