NOD nasiel Win32/PSW.OnLineGames.OTM

Zpráva

rajaz · #1 Příspěvek od **rajaz** » 22 úno 2010 13:23

Stale vybieha okno o najdeni infiltracie.Win32/PSW.OnLineGames.OTM a uklada do karanteny.
Poprosim o kontrolu logu.
Dakujem

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-02-22 12:04:40
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 34 GB (86%) free of 39 GB
Total RAM: 247 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:21, on 22.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\r_server.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.2:3128
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\winlogon86.exe
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A141E7B-79B4-4611-89C5-EFE62CC04C3C}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A141E7B-79B4-4611-89C5-EFE62CC04C3C}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A141E7B-79B4-4611-89C5-EFE62CC04C3C}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe

--
End of file - 3924 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-02-10 155648]
"PRONoMgr.exe"=c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2002-10-23 86016]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-07-29 949376]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2003-05-14 188416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"cdoosoft"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe [2010-02-20 96768]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00ddec6e-3dcd-11dc-b638-806d6172696f}]
shell\AutoRun\command - tgt.exe
shell\open\command - tgt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c81399e-7ff8-11de-9802-0007e9b4d66f}]
shell\AutoRun\command - E:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2010-02-22 12:04:46 ----D---- C:\Program Files\trend micro
2010-02-22 12:04:40 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2010-02-22 12:04:46 ----RD---- C:\Program Files
2010-02-22 12:04:11 ----D---- C:\WINDOWS\Prefetch
2010-02-22 11:38:30 ----D---- C:\WINDOWS\Temp
2010-02-22 11:36:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-11 12:13:06 ----D---- C:\WINDOWS\system32
2010-02-10 07:13:09 ----D---- C:\WINDOWS
2010-02-09 11:31:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-26 15:16:21 ----A---- C:\WINDOWS\wincmd.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2007-07-29 15424]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2007-07-29 512096]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2002-08-11 179664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-23 17664]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2007-07-29 552064]
R2 r_server;Remote Administrator Service; C:\WINDOWS\system32\r_server.exe [2001-07-24 241664]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]

#2 Příspěvek od **stell** » 22 úno 2010 13:31

Zdravim
Pripoj USB-kluce

Stiahni na plochu UsbFix
-spust>>zvol Jazyk E-[enter]
-stlac 2-[enter]>po skane log vloz sem

http://download.bleepingcomputer.com/ma ... -setup.exe
Stiahnes>>Malwarebytes' Anti-Malware
sprav komplet skan,,log vloz sem,

rajaz · #3 Příspěvek od **rajaz** » 23 úno 2010 09:01

############################## | UsbFix V6.097 |

User : Administrator (Administrators) # KONIKO
Update on 20/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 8:18:29 | 23.2.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Celeron(R) CPU 1.70GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : Eset NOD32 Antivirus 2.70 2.70 [ Enabled | Updated ]

A:\ -> 3,5 palcová disketová mechanika
C:\ -> Lokálny pevný disk # 38,28 Go (33,02 Go free) # NTFS
D:\ -> Disk CD-ROM
E:\ -> Vymeniteľný disk # 3,76 Go (3,43 Go free) [A-DATA UFD] # FAT32

############################## | Active processes |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe

################## | Files # Infected Folders |

Deleted ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cvasds0.dll
Deleted ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe
C:\autorun.inf -> Called file : "C:\tgt.exe" ( Not Found ! )
Deleted ! C:\autorun.inf
Deleted ! C:\Recycler\S-1-5-21-1957994488-2147078659-839522115-500
E:\autorun.inf -> Called file : "E:\tgt.exe" ( Not Found ! )
Deleted ! E:\autorun.inf
Deleted ! E:\p.exe

################## | Registry |

Deleted ! [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"
Deleted ! [HKLM\SOFTWARE\Classes\CLSID\MADOWN]

################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\{6c81399e-7ff8-11de-9802-0007e9b4d66f}\Shell\AutoRun\Command

################## | Listing of the present files |

[29.07.2007 11:50|--a------|0] C:\AUTOEXEC.BAT
[13.01.2010 15:34|---hs----|211] C:\boot.ini
[29.07.2007 11:50|--a------|0] C:\CONFIG.SYS
[17.02.2010 10:09|--a------|695619] C:\hpfr3320.log
[17.02.2010 10:09|--a------|532] C:\hpfr3320.xml
[29.07.2007 11:50|-rahs----|0] C:\IO.SYS
[29.07.2007 11:50|-rahs----|0] C:\MSDOS.SYS
[03.08.2004 21:38|-rahs----|47564] C:\NTDETECT.COM
[03.08.2004 21:59|-rahs----|250032] C:\ntldr
[14.02.2008 07:25|--a------|179] C:\Odkaz na 3,5 palca (A).lnk
[?|?|?] C:\pagefile.sys
[23.02.2010 08:25|--a------|2757] C:\UsbFix.txt
[21.01.2010 11:34|--a------|71680] E:\KATASTER
[19.02.2010 14:31|--a------|73216] E:\kŁpna zmluva
[07.03.2001 04:27|--a------|552448] E:\fotografie
[07.03.2001 01:04|--a------|156160] E:\HILL CHris
[17.02.2010 11:47|--a------|40960] E:\kontrola techn. zariadenˇ
[16.04.2009 09:58|--a------|298496] E:\DOS Query
[13.09.2009 15:19|--a------|1638] E:\BOOTEX.LOG
[13.02.2009 14:56|--a------|28160] E:\Dialkov‚ poch..xls
[06.12.2008 18:18|--a------|657] E:\Evidencia Łź ok.xls.lnk
[30.09.2009 12:14|--a------|32256] E:\preh–ad MKSD.xls
[07.03.2001 12:52|--a------|191488] E:\20 B FONE
[07.03.2001 03:08|--a------|1158144] E:\Farba zber.doc
[08.03.2001 10:14|--a------|61440] E:\41 B fone
[08.03.2001 09:55|--a------|261120] E:\C1ffoniź
[07.03.2001 05:54|--a------|69632] E:\FONE 2
[10.02.2010 11:40|--a------|73216] E:\10 02 Prev dzkov smer. 1-10 1.doc
[07.03.2001 00:25|--a------|350208] E:\foto 19.3.10
[07.03.2001 20:31|--a------|237056] E:\angl. panovnˇci
[07.03.2001 03:40|--a------|168448] E:\FONE 4
[16.02.2010 16:17|--a------|54272] E:\kontrola datab za 2009
[01.06.2009 10:31|--a------|63488] E:\z pisnice 2009
[07.03.2001 02:09|--a------|128512] E:\304 B
[07.03.2001 13:44|--a------|103936] E:\55 B NC 09fone
[07.03.2001 07:36|--a------|385536] E:\HOTOVO 310 B
[07.03.2001 01:40|--a------|570880] E:\308 B
[09.03.2001 11:10|--a------|61440] E:\SSD pod–a roźnˇkov
[16.02.2010 15:21|--a------|24576] E:\tenis 2010
[09.03.2001 11:33|--a------|17408] E:\SSD celkom
[01.01.1980 01:25|--a------|60868] E:\Dr§itelia nadstavbověch odznakov VOPT.htm
[07.03.2001 01:15|--a------|2919424] E:\¬B .zber.doc
[07.03.2001 13:32|--a------|143872] E:\33 B OKFO
[17.10.2009 19:20|--a------|25600] E:\OSOBNµ KARTA TURISTU.xls
[07.03.2001 01:17|--a------|293888] E:\Florestano Pepe.doc308 obnoven‚.doc
[07.03.2001 03:56|---h-----|302080] E:\~WRL1647.tmp
[19.02.2009 08:43|--a------|29696] E:\Paloć1.xls
[09.03.2001 21:59|--a------|142848] E:\veźer
[25.12.2009 15:39|--a------|2324480] E:\karin
[28.12.2009 08:33|--a------|10752] E:\KocŁrkovo krˇza
[09.03.2001 05:02|--a------|38400] E:\Menovky

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# E:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_KONIKO.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.097 ! |

rajaz · #4 Příspěvek od **rajaz** » 23 úno 2010 10:01

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3779
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

23.2.2010 10:08:35
mbam-log-2010-02-23 (10-08-26).txt

Typ kontroly: Úplná (C:\|E:\|)
Objektov kontrolovaných: 137572
Uplynutý cas: 48 minute(s), 20 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 1
Infikovaných registracných klúcov: 1
Infikovaných registracných hodnôt: 1
Infikovaných registracných údajov položiek: 7
Infikovaných priecinkov: 0
Infikovaných súborov: 5

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
C:\WINDOWS\system32\admdll.dll (PUP.RemoteAdmin) -> No action taken.

Infikovaných registracných klúcov:
HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> No action taken.

Infikovaných registracných hodnôt:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.

Infikovaných registracných údajov položiek:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
C:\WINDOWS\system32\admdll.dll (PUP.RemoteAdmin) -> No action taken.
C:\Program Files\Radmin\AdmDll.dll (PUP.RemoteAdmin) -> No action taken.
C:\Program Files\Radmin\raddrv.dll (PUP.RemoteAdmin) -> No action taken.
C:\WINDOWS\system32\raddrv.dll (PUP.RemoteAdmin) -> No action taken.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> No action taken.

#5 Příspěvek od **stell** » 23 úno 2010 11:36

zmaz vsetko co Malwarebytes nasiel

PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Suhlasit instalacio Konzoly pre zotavenie (Recovery console)

- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

rajaz · #6 Příspěvek od **rajaz** » 23 úno 2010 13:10

Vsetko sa zda OK

Dakujem velmi pekne za rychlu a ucinnu pomoc

#7 Příspěvek od **stell** » 23 úno 2010 13:26

nuz ako chces
nemas zaco.

VIRY.CZ

NOD nasiel Win32/PSW.OnLineGames.OTM

NOD nasiel Win32/PSW.OnLineGames.OTM

Re: NOD nasiel Win32/PSW.OnLineGames.OTM

Re: NOD nasiel Win32/PSW.OnLineGames.OTM

Re: NOD nasiel Win32/PSW.OnLineGames.OTM

Re: NOD nasiel Win32/PSW.OnLineGames.OTM

Re: NOD nasiel Win32/PSW.OnLineGames.OTM

Re: NOD nasiel Win32/PSW.OnLineGames.OTM