VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

onlinegames.NNU (autorun.inf)

https://forum.viry.cz:443/viewtopic.php?t=97278

Stránka 1 z 3

onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 19:54
od aiRen
Dobrý deň,
mám tento istý problém.
Skúšal som na vašom fóre rôzne návody a nič.

USB Kľúč infikovaný vírusom Onlinegames.nnu !!!

Prikladám log s MWAV podla návodu :

05 2 2010 17:20:36 - ***** Testování složky J:\ *****
05 2 2010 17:20:36 - [Testování složky: J:\]
05 2 2010 17:20:37 - Testování souboru J:\autorun.inf [**XX**]
05 2 2010 17:20:37 - Testování souboru J:\f2kmj.exe (????)
05 2 2010 17:20:37 - ERROR(3)!!! ScanFile fails for J:\f2kmj.exe

05 2 2010 17:20:37 - [Testování složky: J:\RECYCLERS]
05 2 2010 17:20:37 - Testování souboru J:\RECYCLERS\Desktop.ini [**XX**]
05 2 2010 17:20:37 - Testování souboru J:\RECYCLERS\runmgr.exe (????)

Nedokáže to nič odstraniť, skúšal som aj CCleaner (nema to nič spoločne s registrami) aj všetko možné.
+ Prikladám log s ComboFix a Avanger

ComboFix 10-02-04.06 - Kristián . 02. 2010 15:06:20.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.3326.2512 [GMT 1:00]
Running from: i:\download\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp
c:\windows\system32\stacsv.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 14:12 . 2010-02-05 14:12 -------- d-----w- c:\users\Mario\AppData\Local\temp
2010-02-05 14:12 . 2010-02-05 14:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-05 14:03 . 2010-02-05 14:04 -------- d-----w- C:\32788R22FWJFW
2010-02-05 13:49 . 2010-02-05 13:49 -------- d-----w- c:\program files\Enigma Software Group
2010-02-05 13:33 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 13:33 . 2010-02-05 13:33 -------- d-----w- c:\programdata\Malwarebytes
2010-02-05 13:33 . 2010-02-05 13:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 13:33 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-04 20:04 . 2010-02-04 20:04 -------- d-----w- c:\programdata\FLEXnet
2010-02-02 20:10 . 2010-02-02 20:10 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-01-27 14:18 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 14:18 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-24 12:53 . 2010-01-24 12:53 -------- d-----w- c:\program files\Ultra Utility
2010-01-23 23:04 . 2010-01-23 23:04 -------- d-----w- c:\program files\GIMP-2.0
2010-01-22 14:16 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 01:33 . 2010-01-22 01:33 41872 ----a-w- c:\windows\system32\xfcodec.dll
2010-01-13 15:10 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 15:10 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-10 12:07 . 2010-01-10 12:07 -------- d-----w- c:\program files\AnvSoft
2010-01-09 11:40 . 2010-01-09 11:40 -------- d-----w- c:\program files\MagicDVDRipper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 14:05 . 2009-12-05 17:12 -------- d-----w- c:\programdata\NVIDIA
2010-02-05 11:47 . 2009-12-13 13:02 138384 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-05 11:46 . 2009-12-13 13:01 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-04 16:37 . 2009-12-13 13:24 -------- d-----w- c:\programdata\Xfire
2010-01-14 10:12 . 2009-12-05 16:47 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-06 10:25 . 2009-12-23 20:53 -------- d-----w- c:\users\Mario\AppData\Roaming\uTorrent
2010-01-03 15:45 . 2010-01-03 15:45 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-01-03 12:05 . 2010-01-03 12:05 -------- d-----w- c:\program files\TeamViewer
2010-01-03 11:59 . 2009-12-30 17:46 -------- d-----r- c:\program files\Skype
2010-01-03 11:58 . 2010-01-03 11:58 -------- d-----w- c:\program files\Common Files\Skype
2010-01-03 11:58 . 2009-12-30 17:46 -------- d-----w- c:\programdata\Skype
2010-01-03 11:51 . 2010-01-03 11:51 -------- d-----w- c:\program files\Teamspeak2_RC2
2010-01-03 01:58 . 2010-01-03 01:25 -------- d-----w- c:\program files\IDT
2010-01-03 01:29 . 2009-12-05 19:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-03 01:18 . 2010-01-03 01:18 -------- d-----w- c:\program files\Realtek
2010-01-03 01:01 . 2010-01-03 01:01 247296 ----a-w- c:\users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2010-01-03 01:01 . 2010-01-03 01:01 247296 ----a-w- c:\users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2010-01-03 01:01 . 2010-01-03 01:01 247296 ----a-w- c:\users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2010-01-03 01:01 . 2010-01-03 01:01 247296 ----a-w- c:\users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2010-01-03 01:01 . 2010-01-03 01:01 -------- d-----w- c:\users\Mario\AppData\Roaming\SystemRequirementsLab
2010-01-02 20:13 . 2010-01-02 20:13 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-02 20:01 . 2009-12-29 13:44 -------- d-----w- c:\program files\iPod
2010-01-02 20:01 . 2009-12-05 19:50 -------- d-----w- c:\program files\Bonjour
2010-01-02 20:00 . 2009-12-05 19:46 -------- d-----w- c:\program files\CCleaner
2010-01-02 20:00 . 2009-12-29 13:44 -------- d-----w- c:\program files\iTunes
2010-01-02 20:00 . 2009-12-10 16:08 -------- d-----w- c:\programdata\Apple Computer
2009-12-30 18:19 . 2009-12-30 18:19 -------- d-----w- c:\program files\Intel
2009-12-30 17:48 . 2009-12-30 17:48 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-29 13:45 . 2009-12-29 13:44 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 14:36 . 2009-12-05 20:03 81272 ----a-w- c:\users\Mario\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-25 11:29 . 2009-12-25 11:29 -------- d-----w- c:\program files\Canon
2009-12-24 12:33 . 2009-12-24 12:30 -------- d--h--w- c:\programdata\ArcSoft
2009-12-24 12:33 . 2009-12-24 12:29 -------- d-----w- c:\users\Mario\AppData\Roaming\ArcSoft
2009-12-24 12:33 . 2009-12-24 12:29 -------- d-----w- c:\program files\ArcSoft
2009-12-24 12:29 . 2009-12-24 12:29 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-24 12:29 . 2009-12-05 19:53 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-23 20:54 . 2009-12-22 22:24 -------- d-----w- c:\program files\uTorrent
2009-12-23 18:26 . 2009-12-23 18:26 -------- d-----w- c:\program files\Webteh
2009-12-22 19:48 . 2009-12-22 19:48 -------- d--h--w- c:\programdata\CanonBJ
2009-12-22 19:39 . 2009-12-22 19:39 -------- d--h--w- c:\programdata\CanonIJScan
2009-12-22 19:12 . 2009-12-13 13:01 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-21 11:43 . 2009-12-21 11:43 -------- d-----w- c:\program files\ASIO4ALL v2
2009-12-21 11:43 . 2009-12-21 11:42 -------- d-----w- c:\program files\VstPlugins
2009-12-21 11:42 . 2009-12-21 11:40 -------- d-----w- c:\program files\Image-Line
2009-12-21 11:42 . 2009-12-21 11:42 -------- d-----w- c:\program files\Outsim
2009-12-21 11:40 . 2009-12-13 09:14 -------- d-----w- c:\users\Mario\AppData\Roaming\DAEMON Tools Lite
2009-12-18 19:26 . 2009-12-18 19:26 -------- d-----w- c:\programdata\Codemasters
2009-12-18 19:12 . 2009-12-18 19:12 -------- d-----w- c:\program files\BRS
2009-12-18 19:12 . 2009-12-18 19:11 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-18 19:11 . 2009-12-18 19:11 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-18 19:11 . 2009-12-18 19:11 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-18 19:11 . 2009-12-18 19:11 -------- d-----w- c:\program files\OpenAL
2009-12-13 13:27 . 2009-12-13 13:27 -------- d-s---w- c:\program files\HLSW
2009-12-10 17:05 . 2009-12-10 17:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-10 17:05 . 2009-12-10 17:05 -------- d-----w- c:\program files\Java
2009-12-10 16:08 . 2009-12-10 16:08 -------- d-----w- c:\program files\QuickTime
2009-12-10 16:07 . 2009-12-10 16:07 -------- d-----w- c:\program files\Common Files\Apple
2009-12-10 16:07 . 2009-12-10 16:07 -------- d-----w- c:\programdata\Apple
2009-12-10 16:07 . 2009-12-10 16:07 -------- d-----w- c:\program files\Apple Software Update
2009-12-08 17:57 . 2009-12-08 17:57 -------- d-----w- c:\programdata\McAfee Security Scan
2009-12-07 17:27 . 2009-12-07 17:27 -------- d-----w- c:\program files\DiskInternals
2009-12-05 20:10 . 2009-12-05 20:10 0 ----a-w- c:\windows\nsreg.dat
2009-12-05 17:25 . 2009-12-05 17:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-20 19:33 . 2009-11-20 19:33 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-20 19:33 . 2009-11-20 19:33 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-11-20 19:33 . 2009-11-20 19:33 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-20 19:33 . 2009-11-20 19:33 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-20 19:33 . 2009-11-20 19:33 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-23 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-12-09 866200]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP5000 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE [2007-1-15 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [6. 2. 2009 14:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6. 2. 2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [6. 2. 2009 14:24 92800]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29. 10. 2009 12:27 1074568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [20. 11. 2009 19:17 240232]
R2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [17. 12. 2009 17:04 185640]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [5. 12. 2009 18:25 691696]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\System32\regedt32.exe [14. 7. 2009 0:15 9216]
.
.
------- Supplementary Scan -------
.
uStart Page = http://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Kristián\AppData\Roaming\Mozilla\Firefox\Profiles\kc1lgl2n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-05 15:14:54
ComboFix-quarantined-files.txt 2010-02-05 14:14

Pre-Run: 28 536 885 248 bytes free
Post-Run: 29 871 984 640 bytes free

- - End Of File - - 7568B7C203F9890443B5F78E8AC3929E




AVANGER



Platform: Windows 7

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "%Drive%:\autorun.inf"
Deletion of file "%Drive%:\autorun.inf" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "%Drive%:\f2kmj.exe"
Deletion of file "%Drive%:\f2kmj.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "%Drive%:\RECYCLERS\Desktop.ini"
Deletion of file "%Drive%:\RECYCLERS\Desktop.ini" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "%Drive%:\RECYCLERS\runmgr.exe"
Deletion of file "%Drive%:\RECYCLERS\runmgr.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.


RSIT !




Logfile of random's system information tool 1.06 (written by random/random)
Run by Kristián at 2010-02-05 17:30:09
Microsoft Windows 7 Ultimate
System drive C: has 28 GB (47%) free of 60 GB
Total RAM: 3326 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:11, on 5. 2. 2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\CNAC4RPK.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
I:\Programy\Xfire\Xfire.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
I:\Download\RSIT.exe
C:\Program Files\trend micro\Kristián.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 5.95.189.234 l2authd.lineage2.com
O1 - Hosts: 5.95.189.234 l2testauthd.lineage2.com
O1 - Hosts: 5.33.135.138 l2authd.lineage2.com
O1 - Hosts: 5.33.135.138 l2testauthd.lineage2.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Global Startup: Canon LBP5000 Status Window.lnk = C:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

--
End of file - 6592 bytes






======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-10 41760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-10 149280]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-10-10 203264]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-12 483422]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-12-23 289584]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Canon LBP5000 Status Window.lnk - C:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-02-05 17:29:42 ----D---- C:\Program Files\trend micro
2010-02-05 17:29:41 ----D---- C:\rsit
2010-02-05 17:15:14 ----AD---- C:\Windows\VDLL.DLL
2010-02-05 17:15:14 ----AD---- C:\Windows\system32\runouce.exe
2010-02-05 17:15:14 ----AD---- C:\Windows\rundll16.exe
2010-02-05 17:15:14 ----AD---- C:\Windows\RUNDL132.EXE
2010-02-05 17:15:14 ----AD---- C:\Windows\logo1_.exe
2010-02-05 17:15:14 ----AD---- C:\Windows\logo_1.exe
2010-02-05 17:01:46 ----A---- C:\Windows\system32\msvcr80.dll
2010-02-05 17:01:45 ----A---- C:\Windows\system32\msvcp80.dll
2010-02-05 17:01:44 ----A---- C:\Windows\system32\eEmpty.exe
2010-02-05 17:01:36 ----D---- C:\ProgramData\MicroWorld
2010-02-05 16:41:34 ----D---- C:\ProgramData\Panda Security
2010-02-05 16:41:22 ----D---- C:\Program Files\Panda USB Vaccine
2010-02-05 16:39:41 ----A---- C:\avenger.txt
2010-02-05 16:28:59 ----D---- C:\Avenger
2010-02-05 16:20:27 ----D---- C:\ComboFix
2010-02-05 15:14:57 ----SHD---- C:\$RECYCLE.BIN
2010-02-05 15:14:56 ----D---- C:\Windows\temp
2010-02-05 15:14:54 ----A---- C:\ComboFix.txt
2010-02-05 15:05:36 ----A---- C:\Windows\NIRCMD.exe
2010-02-05 15:05:36 ----A---- C:\Windows\MBR.exe
2010-02-05 15:05:34 ----A---- C:\Windows\zip.exe
2010-02-05 15:05:34 ----A---- C:\Windows\SWREG.exe
2010-02-05 15:05:34 ----A---- C:\Windows\PEV.exe
2010-02-05 15:05:33 ----A---- C:\Windows\SWSC.exe
2010-02-05 15:05:33 ----A---- C:\Windows\sed.exe
2010-02-05 15:05:33 ----A---- C:\Windows\grep.exe
2010-02-05 15:05:26 ----D---- C:\Windows\ERDNT
2010-02-05 15:04:01 ----D---- C:\Qoobox
2010-02-05 15:03:48 ----A---- C:\Windows\SWXCACLS.exe
2010-02-05 14:33:15 ----D---- C:\Users\Kristián\AppData\Roaming\Malwarebytes
2010-02-05 14:33:10 ----D---- C:\ProgramData\Malwarebytes
2010-02-05 14:27:31 ----D---- C:\Program Files\Online Games Trojan Removal Tool
2010-02-04 21:04:10 ----D---- C:\ProgramData\FLEXnet
2010-02-02 21:10:55 ----A---- C:\Windows\system32\pbsvc_bc2.exe
2010-01-27 15:18:40 ----A---- C:\Windows\explorer.exe
2010-01-27 15:18:39 ----A---- C:\Windows\system32\winlogon.exe
2010-01-24 14:24:13 ----D---- C:\Users\Kristián\AppData\Roaming\gtk-2.0
2010-01-24 13:53:01 ----D---- C:\Program Files\Ultra Utility
2010-01-24 00:04:06 ----D---- C:\Program Files\GIMP-2.0
2010-01-22 15:16:07 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 15:16:05 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 15:16:04 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 15:16:04 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 15:16:04 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 15:16:04 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 02:33:06 ----A---- C:\Windows\system32\xfcodec.dll
2010-01-13 16:10:26 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 16:10:26 ----A---- C:\Windows\system32\fontsub.dll
2010-01-10 13:07:23 ----D---- C:\Users\Kristián\AppData\Roaming\AnvSoft
2010-01-10 13:07:12 ----D---- C:\Program Files\AnvSoft
2010-01-09 16:24:35 ----D---- C:\Windows\Minidump
2010-01-09 12:40:09 ----D---- C:\Program Files\MagicDVDRipper

======List of files/folders modified in the last 1 months======

2010-02-05 17:29:42 ----RD---- C:\Program Files
2010-02-05 17:29:39 ----D---- C:\Users\Kristián\AppData\Roaming\uTorrent
2010-02-05 17:27:37 ----D---- C:\Windows\system32\config
2010-02-05 17:25:49 ----D---- C:\Users\Kristián\AppData\Roaming\Skype
2010-02-05 17:21:50 ----D---- C:\Windows\system32\drivers
2010-02-05 17:19:35 ----D---- C:\Windows
2010-02-05 17:15:14 ----D---- C:\Windows\System32
2010-02-05 17:01:36 ----D---- C:\ProgramData
2010-02-05 16:42:09 ----D---- C:\Program Files\Mozilla Firefox
2010-02-05 16:41:24 ----D---- C:\Windows\system32\Tasks
2010-02-05 16:39:55 ----D---- C:\ProgramData\NVIDIA
2010-02-05 16:16:08 ----D---- C:\Windows\debug
2010-02-05 16:06:05 ----D---- C:\Users\Kristián\AppData\Roaming\skypePM
2010-02-05 15:13:06 ----A---- C:\Windows\system.ini
2010-02-05 15:10:24 ----D---- C:\Windows\AppPatch
2010-02-05 15:10:23 ----D---- C:\Program Files\Common Files
2010-02-05 15:03:50 ----D---- C:\Windows\Prefetch
2010-02-05 14:54:03 ----D---- C:\Users\Kristián\AppData\Roaming\Xfire
2010-02-05 14:44:47 ----D---- C:\Windows\Logs
2010-02-05 14:06:51 ----D---- C:\Windows\inf
2010-02-05 14:06:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-05 12:46:58 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-02-05 09:44:02 ----SHD---- C:\System Volume Information
2010-02-04 21:45:32 ----D---- C:\Users\Kristián\AppData\Roaming\Adobe
2010-02-04 17:37:54 ----D---- C:\ProgramData\Xfire
2010-02-02 21:13:35 ----SHD---- C:\Windows\Installer
2010-02-02 21:12:30 ----RSD---- C:\Windows\assembly
2010-01-29 18:57:38 ----D---- C:\Windows\winsxs
2010-01-28 17:48:06 ----D---- C:\Program Files\Internet Explorer
2010-01-27 15:18:08 ----D---- C:\Windows\system32\catroot2
2010-01-27 15:18:08 ----D---- C:\Windows\system32\catroot
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-11 14:59:47 ----SD---- C:\Users\Kristián\AppData\Roaming\Microsoft



RSIT !

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 20:26
od motji
Dobrý večer :)
Koukám že jste použil kde co :roll: .
Už nic nezkoušejte, nejdřív Vás poprosím, odstrante logy z kurziva, špatně se to čte, podívám se na to :)

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 20:37
od aiRen
Ďakujem, je to dosť dôležité.

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 20:58
od motji
:arrow: Jednotka J je co? Používáte ještě nějaké flešky, externí disky a pod?

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 21:16
od aiRen
Jednotka J -> Flash Disk. Ten vírus nie je v PC ale na USBčku. Písal som to na začiatku.

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 21:30
od motji
:arrow: Zapojte do pc všechny usb klíče, flashky...co používáte


:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

File:: 
c:\Autorun.inf
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf
H:\Autorun.inf
I:\Autorun.inf
K:\Autorun.inf
L:\Autorun.inf

Folder::
C:\recycler
D:\recycler
e:\recycler
f:\recycler
g:\recycler
h:\recycler
I:\recycler
C:\resycled
D:\resycled
e:\resycled
f:\resycled
g:\resycled
h:\resycled
I:\resycled
J:\RECYCLERS
C:\RECYCLERS
F:\RECYCLERS

Driver::
.EsetTrialReset

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=-
Firefox::
FF - ProfilePath - c:\users\Kristián\AppData\Roaming\Mozilla\Firefox\Profiles\kc1lgl2n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

:arrow: Stahněte a použijte
http://go.microsoft.com/?linkid=9668866
(resethost)

:arrow: Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 21:54
od aiRen
ComboFix 10-02-04.06 - Kristián . 02. 2010 21:42:18.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.3326.2253 [GMT 1:00]
Running from: I:\Download\ComboFix.exe
Command switches used :: C:\Users\Kristián\Desktop\CFScript.txt
* Resident AV is active


FILE ::
"c:\Autorun.inf"
"D:\Autorun.inf"
"E:\Autorun.inf"
"F:\Autorun.inf"
"G:\Autorun.inf"
"H:\Autorun.inf"
"I:\Autorun.inf"
"K:\Autorun.inf"
"L:\Autorun.inf"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf . . . . failed to delete
J:\RECYCLERS . . . . failed to delete
J:\RECYCLERS\Desktop.ini . . . . failed to delete
J:\RECYCLERS\runmgr.exe . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_.EsetTrialReset


((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.

2010-02-05 20:48:02 . 2010-02-05 20:48:02 -------- d-----w- C:\Users\Public\AppData\Local\temp
2010-02-05 20:48:02 . 2010-02-05 20:48:02 -------- d-----w- C:\Users\Mario\AppData\Local\temp
2010-02-05 20:48:02 . 2010-02-05 20:48:02 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-02-05 20:31:52 . 2010-02-05 20:31:52 -------- d-----w- C:\Program Files\Altap Salamander 2.5
2010-02-05 19:32:52 . 2010-02-05 19:32:52 -------- d-----w- C:\Program Files\Unlocker
2010-02-05 19:29:14 . 2010-02-05 19:29:14 -------- d--h--w- C:\Windows\PIF
2010-02-05 19:10:37 . 2010-02-05 19:09:15 92672 ----a-w- C:\Windows\system32\KillBox.exe
2010-02-05 19:09:19 . 2010-02-05 19:09:19 -------- d-----w- C:\!KillBox
2010-02-05 16:29:42 . 2010-02-05 16:30:11 -------- d-----w- C:\Program Files\trend micro
2010-02-05 16:29:41 . 2010-02-05 16:29:41 -------- d-----w- C:\rsit
2010-02-05 16:21:50 . 2010-02-05 16:21:50 3189 ----a-r- C:\Windows\system32\drivers\vreadmem.sys
2010-02-05 16:18:49 . 2010-02-05 16:19:35 9066885 ----a-w- C:\Windows\REGBK00.ZIP
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\VDLL.DLL
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\system32\runouce.exe
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\rundll16.exe
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\RUNDL132.EXE
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\logo1_.exe
2010-02-05 16:15:14 . 2010-02-05 16:15:14 -------- d---a-w- C:\Windows\logo_1.exe
2010-02-05 16:01:46 . 2010-02-05 16:01:45 626688 ----a-w- C:\Windows\system32\msvcr80.dll
2010-02-05 16:01:45 . 2010-02-05 16:01:44 548864 ----a-w- C:\Windows\system32\msvcp80.dll
2010-02-05 16:01:44 . 2010-02-05 16:01:43 28672 ----a-w- C:\Windows\system32\eEmpty.exe
2010-02-05 16:01:36 . 2010-02-05 16:01:36 -------- d-----w- C:\ProgramData\MicroWorld
2010-02-05 15:41:34 . 2010-02-05 15:41:34 -------- d-----w- C:\ProgramData\Panda Security
2010-02-05 15:41:22 . 2010-02-05 15:41:23 -------- d-----w- C:\Program Files\Panda USB Vaccine
2010-02-05 13:33:10 . 2010-02-05 13:33:10 -------- d-----w- C:\ProgramData\Malwarebytes
2010-02-05 13:27:31 . 2010-02-05 16:00:25 -------- d-----w- C:\Program Files\Online Games Trojan Removal Tool
2010-02-04 20:04:10 . 2010-02-04 20:04:10 -------- d-----w- C:\ProgramData\FLEXnet
2010-02-02 20:10:55 . 2010-02-02 20:10:55 2434856 ----a-w- C:\Windows\system32\pbsvc_bc2.exe
2010-01-27 14:18:40 . 2009-10-31 05:45:39 2614272 ----a-w- C:\Windows\explorer.exe
2010-01-27 14:18:39 . 2009-10-28 06:17:59 285696 ----a-w- C:\Windows\system32\winlogon.exe
2010-01-24 12:53:01 . 2010-01-24 12:53:01 -------- d-----w- C:\Program Files\Ultra Utility
2010-01-23 23:04:06 . 2010-01-23 23:04:30 -------- d-----w- C:\Program Files\GIMP-2.0
2010-01-22 14:16:04 . 2009-12-19 09:02:55 977920 ----a-w- C:\Windows\system32\wininet.dll
2010-01-22 01:33:06 . 2010-01-22 01:33:06 41872 ----a-w- C:\Windows\system32\xfcodec.dll
2010-01-13 15:10:26 . 2009-10-19 14:10:20 108544 ----a-w- C:\Windows\system32\t2embed.dll
2010-01-13 15:10:26 . 2009-10-19 14:10:06 70656 ----a-w- C:\Windows\system32\fontsub.dll
2010-01-10 12:07:12 . 2010-01-10 12:07:12 -------- d-----w- C:\Program Files\AnvSoft
2010-01-09 11:40:09 . 2010-01-09 11:40:38 -------- d-----w- C:\Program Files\MagicDVDRipper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 20:49:20 . 2009-12-05 17:12:33 -------- d-----w- C:\ProgramData\NVIDIA
2010-02-05 16:47:09 . 2009-12-13 13:02:02 138384 ----a-w- C:\Windows\system32\drivers\PnkBstrK.sys
2010-02-05 16:44:29 . 2009-12-13 13:01:30 215128 ----a-w- C:\Windows\system32\PnkBstrB.exe
2010-02-04 16:37:54 . 2009-12-13 13:24:55 -------- d-----w- C:\ProgramData\Xfire
2010-01-14 10:12:06 . 2009-12-05 16:47:02 181120 ------w- C:\Windows\system32\MpSigStub.exe
2010-01-06 10:25:03 . 2009-12-23 20:53:40 -------- d-----w- C:\Users\Mario\AppData\Roaming\uTorrent
2010-01-03 15:45:40 . 2010-01-03 15:45:39 -------- d-----w- C:\Program Files\LogMeIn Hamachi
2010-01-03 12:05:51 . 2010-01-03 12:05:51 -------- d-----w- C:\Program Files\TeamViewer
2010-01-03 11:59:05 . 2009-12-30 17:46:27 -------- d-----r- C:\Program Files\Skype
2010-01-03 11:58:50 . 2010-01-03 11:58:50 -------- d-----w- C:\Program Files\Common Files\Skype
2010-01-03 11:58:45 . 2009-12-30 17:46:20 -------- d-----w- C:\ProgramData\Skype
2010-01-03 11:51:42 . 2010-01-03 11:51:30 -------- d-----w- C:\Program Files\Teamspeak2_RC2
2010-01-03 01:58:41 . 2010-01-03 01:25:16 -------- d-----w- C:\Program Files\IDT
2010-01-03 01:29:41 . 2009-12-05 19:53:12 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2010-01-03 01:18:38 . 2010-01-03 01:18:38 -------- d-----w- C:\Program Files\Realtek
2010-01-03 01:01:00 . 2010-01-03 01:01:00 247296 ----a-w- C:\Users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_d_ind.dll
2010-01-03 01:01:00 . 2010-01-03 01:01:00 247296 ----a-w- C:\Users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_c_ind.dll
2010-01-03 01:01:00 . 2010-01-03 01:01:00 247296 ----a-w- C:\Users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_b_ind.dll
2010-01-03 01:01:00 . 2010-01-03 01:01:00 247296 ----a-w- C:\Users\Mario\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_11_0_a_ind.dll
2010-01-03 01:01:00 . 2010-01-03 01:01:00 -------- d-----w- C:\Users\Mario\AppData\Roaming\SystemRequirementsLab
2010-01-02 20:13:38 . 2010-01-02 20:13:31 -------- d-----w- C:\Program Files\SystemRequirementsLab
2010-01-02 20:01:57 . 2009-12-29 13:44:52 -------- d-----w- C:\Program Files\iPod
2010-01-02 20:01:57 . 2009-12-05 19:50:57 -------- d-----w- C:\Program Files\Bonjour
2010-01-02 20:00:54 . 2009-12-05 19:46:23 -------- d-----w- C:\Program Files\CCleaner
2010-01-02 20:00:53 . 2009-12-29 13:44:51 -------- d-----w- C:\Program Files\iTunes
2010-01-02 20:00:41 . 2009-12-10 16:08:28 -------- d-----w- C:\ProgramData\Apple Computer
2009-12-30 18:19:14 . 2009-12-30 18:19:14 -------- d-----w- C:\Program Files\Intel
2009-12-30 17:48:24 . 2009-12-30 17:48:24 56 ---ha-w- C:\Windows\system32\ezsidmv.dat
2009-12-29 13:45:31 . 2009-12-29 13:44:51 -------- d-----w- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-26 14:36:17 . 2009-12-05 20:03:58 81272 ----a-w- C:\Users\Mario\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-25 11:29:28 . 2009-12-25 11:29:28 -------- d-----w- C:\Program Files\Canon
2009-12-24 12:33:58 . 2009-12-24 12:30:30 -------- d--h--w- C:\ProgramData\ArcSoft
2009-12-24 12:33:58 . 2009-12-24 12:29:20 -------- d-----w- C:\Users\Mario\AppData\Roaming\ArcSoft
2009-12-24 12:33:20 . 2009-12-24 12:29:43 -------- d-----w- C:\Program Files\ArcSoft
2009-12-24 12:29:45 . 2009-12-24 12:29:43 -------- d-----w- C:\Program Files\Common Files\ArcSoft
2009-12-24 12:29:17 . 2009-12-05 19:53:04 -------- d-----w- C:\Program Files\Common Files\InstallShield
2009-12-23 20:54:02 . 2009-12-22 22:24:22 -------- d-----w- C:\Program Files\uTorrent
2009-12-23 18:26:27 . 2009-12-23 18:26:27 -------- d-----w- C:\Program Files\Webteh
2009-12-22 19:48:40 . 2009-12-22 19:48:40 -------- d--h--w- C:\ProgramData\CanonBJ
2009-12-22 19:39:03 . 2009-12-22 19:39:03 -------- d--h--w- C:\ProgramData\CanonIJScan
2009-12-22 19:12:47 . 2009-12-13 13:01:29 75064 ----a-w- C:\Windows\system32\PnkBstrA.exe
2009-12-21 11:43:32 . 2009-12-21 11:43:32 -------- d-----w- C:\Program Files\ASIO4ALL v2
2009-12-21 11:43:00 . 2009-12-21 11:42:31 -------- d-----w- C:\Program Files\VstPlugins
2009-12-21 11:42:56 . 2009-12-21 11:40:42 -------- d-----w- C:\Program Files\Image-Line
2009-12-21 11:42:26 . 2009-12-21 11:42:26 -------- d-----w- C:\Program Files\Outsim
2009-12-21 11:40:08 . 2009-12-13 09:14:05 -------- d-----w- C:\Users\Mario\AppData\Roaming\DAEMON Tools Lite
2009-12-18 19:26:34 . 2009-12-18 19:26:34 -------- d-----w- C:\ProgramData\Codemasters
2009-12-18 19:12:09 . 2009-12-18 19:12:07 -------- d-----w- C:\Program Files\BRS
2009-12-18 19:12:02 . 2009-12-18 19:11:38 -------- d-----w- C:\Program Files\Microsoft Games for Windows - LIVE
2009-12-18 19:11:25 . 2009-12-18 19:11:25 445016 ----a-w- C:\Windows\system32\wrap_oal.dll
2009-12-18 19:11:25 . 2009-12-18 19:11:25 109144 ----a-w- C:\Windows\system32\OpenAL32.dll
2009-12-18 19:11:25 . 2009-12-18 19:11:25 -------- d-----w- C:\Program Files\OpenAL
2009-12-13 13:27:59 . 2009-12-13 13:27:50 -------- d-s---w- C:\Program Files\HLSW
2009-12-10 17:05:24 . 2009-12-10 17:05:31 411368 ----a-w- C:\Windows\system32\deploytk.dll
2009-12-10 17:05:23 . 2009-12-10 17:05:23 -------- d-----w- C:\Program Files\Java
2009-12-10 16:08:46 . 2009-12-10 16:08:28 -------- d-----w- C:\Program Files\QuickTime
2009-12-10 16:07:55 . 2009-12-10 16:07:55 -------- d-----w- C:\Program Files\Common Files\Apple
2009-12-10 16:07:47 . 2009-12-10 16:07:47 -------- d-----w- C:\ProgramData\Apple
2009-12-10 16:07:47 . 2009-12-10 16:07:47 -------- d-----w- C:\Program Files\Apple Software Update
2009-12-08 17:57:35 . 2009-12-08 17:57:35 -------- d-----w- C:\ProgramData\McAfee Security Scan
2009-12-05 20:10:32 . 2009-12-05 20:10:32 0 ----a-w- C:\Windows\nsreg.dat
2009-12-05 17:25:10 . 2009-12-05 17:25:10 691696 ----a-w- C:\Windows\system32\drivers\sptd.sys
2009-11-20 19:33:00 . 2009-11-20 19:33:00 812648 ----a-w- C:\Windows\system32\nvsvc.dll
2009-11-20 19:33:00 . 2009-11-20 19:33:00 66664 ----a-w- C:\Windows\system32\nvshext.dll
2009-11-20 19:33:00 . 2009-11-20 19:33:00 12685928 ----a-w- C:\Windows\system32\nvcpl.dll
2009-11-20 19:33:00 . 2009-11-20 19:33:00 122984 ----a-w- C:\Windows\system32\nvvsvc.exe
2009-11-20 19:33:00 . 2009-11-20 19:33:00 110184 ----a-w- C:\Windows\system32\nvmctray.dll
2009-06-10 21:26:35 . 2009-07-14 02:04:20 9633792 --sha-r- C:\Windows\Fonts\StaticCache.dat
2009-07-14 01:14:45 . 2009-07-13 23:42:17 396800 --sha-w- C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 11:57:08 369200]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49:26 153136]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-10-09 12:11:12 25623336]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2009-12-23 21:07:54 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 03:08:38 35696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 11:08:30 935288]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 13:23:12 2021400]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53:56 153136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-11-10 22:08:18 417792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-12-10 17:05:25 149280]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 12:32:18 203264]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2009-03-12 11:53:46 483422]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 04:15:46 15872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP5000 Status Window.lnk - C:\Windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE [2007-1-15 50848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

R1 ehdrv;ehdrv;C:\Windows\System32\drivers\ehdrv.sys [6. 2. 2009 14:23:18 106208]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [6. 2. 2009 14:23:36 727720]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [6. 2. 2009 14:24:26 92800]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [29. 10. 2009 12:27:54 1074568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [20. 11. 2009 19:17:00 240232]
R2 TeamViewer5;TeamViewer 5;C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [17. 12. 2009 17:04:18 185640]
S3 VReadMemDriver;VReadMemDriver;C:\Windows\System32\drivers\vreadmem.sys [5. 2. 2010 17:21:50 3189]
.
Contents of the 'Scheduled Tasks' folder

2010-02-05 C:\Windows\Tasks\At1.job
- C:\Windows\system32\KillBox.exe [2010-02-05 19:10:37 . 2010-02-05 19:09:15]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Users\Kristián\AppData\Roaming\Mozilla\Firefox\Profiles\kc1lgl2n.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
FF - plugin: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.


Problem pretrváva

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 21:57
od motji
Otestujte na http://www.virustotal.com
J:\RECYCLERS\runmgr.exe
F:\autorun.inf

F je také fleška?
Nemáte na flešce takovéto přepínátko, aby nešli přepsat data?

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 22:06
od aiRen
USB FIX


############################## | UsbFix V6.091 |

User : Kristián (Administrators) # KRISTIAN-W7
Update on 05/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 22:02:45 | 5. 2. 2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Microsoft Windows 7 Ultimate (6.1.7600 32-bit) #
Internet Explorer 8.0.7600.16385
Windows Firewall Status : Enabled

C:\ -> Local Fixed Disk # 58,62 Go (27,69 Go free) [Windows 7] # NTFS
D:\ -> Local Fixed Disk # 149,05 Go (38,79 Go free) [DATA] # NTFS
E:\ -> Local Fixed Disk # 127,69 Go (28,23 Go free) [DATA 4] # NTFS
F:\ -> CD-ROM Disc
G:\ -> CD-ROM Disc
H:\ -> CD-ROM Disc
I:\ -> Local Fixed Disk # 127,71 Go (18,44 Go free) [DATA3] # NTFS
J:\ -> Removable Disk # 7,53 Go (7,46 Go free) [KINGSTON] # NTFS

############################## | Active processes |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\CNAC4RPK.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Files # Infected Folders |

Deleted ! C:\Windows\rundl132.exe
Deleted ! C:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1001
Deleted ! D:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1001
Deleted ! D:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1003
Deleted ! D:\$Recycle.Bin\S-1-5-21-1981963126-443570842-4078585685-1000
Deleted ! E:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1001
Deleted ! E:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1003
Deleted ! E:\$Recycle.Bin\S-1-5-21-1775810596-2984963519-438130030-1001
Deleted ! E:\$Recycle.Bin\S-1-5-21-1981963126-443570842-4078585685-1000
Deleted ! E:\$Recycle.Bin\S-1-5-21-474565600-753870910-3064055718-1000
Deleted ! E:\$Recycle.Bin\S-1-5-21-727570869-2339739642-659876903-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-1559823183-4169632390-153768745-1003
Deleted ! I:\$Recycle.Bin\S-1-5-21-1775810596-2984963519-438130030-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-1916877620-3196986064-2655776565-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-1981963126-443570842-4078585685-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-2996111184-2994821919-2319667963-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-2996111184-2994821919-2319667963-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-3683509274-3025984792-349124537-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-474565600-753870910-3064055718-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-727570869-2339739642-659876903-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-805241571-2291657220-3893883006-1000
Deleted ! I:\$Recycle.Bin\S-1-5-21-805241571-2291657220-3893883006-1001
Deleted ! I:\$Recycle.Bin\S-1-5-21-947987404-497211132-3591982988-1000
Not deleted ! J:\f2kmj.exe
Not deleted ! J:\RECYCLERS\runmgr.exe
Not deleted ! J:\autorun.inf

################## | Registry |

Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Listing of the present files |

[05. 02. 2010 17:20|--a------|26] C:\23990098.$$$
[10. 06. 2009 22:42|---------|24] C:\autoexec.bat
[05. 02. 2010 16:39|--a------|2640] C:\avenger.txt
[10. 06. 2009 22:42|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[?|?|?] C:\pagefile.sys
[03. 01. 2010 02:56|--a------|1732] C:\RHDSetup.log
[05. 02. 2010 22:04|--a------|4983] C:\UsbFix.txt
[25. 12. 2009 11:54|--a------|853100] D:\DVD.psd
[13. 01. 2010 16:38|--a------|1778] D:\server.cfg
[24. 12. 2009 15:10|--a------|18132406] D:\Winodws 7 activators.zip
[12. 01. 2010 20:06|--a------|23040] D:\úradný list.doc
[29. 11. 2007 09:03|--a------|27825165] E:\Adobe Photoshop CS3 - Příručka užívatele.pdf
[05. 02. 2010 15:22|---------|8723974] E:\Online-Games-Trojan-Removal-Tool.exe
[28. 11. 2009 13:11|--ahs----|4225736704] E:\pagefile.sys
[02. 02. 2010 20:47|--a------|94937] I:\battlefield-bad-company-2.jpg
[14. 07. 2009 02:38|-rahs----|383562] I:\bootmgr
[06. 12. 2009 00:27|-rahs----|8192] I:\BOOTSECT.BAK
[05. 10. 2009 20:09|--a------|206831] I:\ENGgram.rtf
[02. 08. 2009 09:59|-rahs----|171136] I:\grldr
[09. 12. 2009 20:44|---------|55435] I:\kristianpatlevic1bOS.odt
[13. 07. 2009 11:03|--a------|889579] I:\localhost.sql.gz
[01. 12. 2006 23:37|--a------|904704] I:\msdia80.dll
[03. 02. 2010 15:03|--a------|1834317] I:\naifaster.zip
[05. 02. 2010 15:16|--a------|171232] I:\shot0069.jpg
[05. 02. 2010 15:16|--a------|153853] I:\shot0070.jpg
[05. 02. 2010 17:12|---h-----|55276] I:\treeinfo.wc
[04. 09. 2009 17:55|--a------|52940] I:\VirtualDJ Local Database v5.xml
[08. 01. 2010 16:00|---------|192] J:\autorun.inf
[08. 01. 2010 08:14|-r-hs----|121344] J:\f2kmj.exe

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix .
# D:\autorun.inf -> Folder created by UsbFix .
# E:\autorun.inf -> Folder created by UsbFix .
# I:\autorun.inf -> Folder created by UsbFix .

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_Kristian-W7.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .


Nie nie je na nej nič také (Fko bola mechanika, (prázdna))

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 22:09
od aiRen
motji píše:Otestujte na http://www.virustotal.com
J:\RECYCLERS\runmgr.exe
F:\autorun.inf

F je také fleška?
Nemáte na flešce takovéto přepínátko, aby nešli přepsat data?

Otestovať to nejde, pretože zložka RECYCLERS nie je viditeľná normálne (Teda cez TotalCMD je viditelna ako zobrazit skryte a systemove nastroje) Na USBčku nemám takéto vecičky. a runmgr je vírus

V zložke RECYCLERS/Desktop.ini

Som našiel toto : (Možno to pomôže)

[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}

A začiatok súboru runmgr.exe je takýto :

MZP ˙˙ ¸ @ ş ´ Í!¸LÍ!This program must be run under Win32
$7 48: Packed with botCrypter v2.0 by SWiM

Možno to pomôže neviem ale je to tam.

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 22:24
od motji
Jde Vám něco zapisovat na usb -čko?
Zformátovat ho můžete?

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 22:32
od aiRen
Nejde nič, kebyže sa da sformatovať tak sa vymaže ten vírus čo na ňom je. Ten vírus je na USBčku

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 22:34
od motji
Však Ano, pokud je jednotka J to usbčko, o kterém se tu bavíme, můžete ho zformátovat? Pouze to usb, ne celý OS. Po formátu ho znovu zkontrolujte USBfixem.

Nebo to zformátovat nejde?

Ještě Vás poprosím,tuto složku C:\UsbFix_Upload_Me_Kristian-W7.zip uploadněte zde http://chiquitine.changelog.fr/Sample/Upload.php.
Díky :)

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 22:38
od aiRen
1.) Vírus je na USBčku
2.) USBčko sa neda sformátovať
3.) USBčko sa neda liečiť žiadnym Antivírusovým programom
4.) Celý kľúč je chránení proti zapisovaniu
5.) Typy vírusov (infikovaný súbor):
- Win32/Injector.ACV (RECYCLERS\runmgr.exe)
- INF/Autorun (autorun.inf)
- Win32/PSW.OnLineGames.NNU (f2kmj.exe)

Re: onlinegames.NNU (autorun.inf)

Napsal: 05 úno 2010 22:44
od motji
Děkuji, ted je to srozumitelné. Poradím se s kolegy :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz