shvost.exe Problem !!

4

shvost.exe Problem !!

offline
  • Pridružio: 04 Mar 2009
  • Poruke: 54
  • Gde živiš: Vojvodina Serbia Selenca

Kasnije cu sad nemam wremena widimo se poz !

Dopuna: 07 Mar 2009 13:40

Upladovano !!!

Dopuna: 07 Mar 2009 14:09

Ne treba i shvost da upload?

Dopuna: 07 Mar 2009 16:12

??????????

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Malo strpljenja... Razmišljam.




Arrow Preuzmi Dr.Web CureIt (~12 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu


Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

offline
  • Pridružio: 04 Mar 2009
  • Poruke: 54
  • Gde živiš: Vojvodina Serbia Selenca

Jel treba da uradim po upustwu tom? Pa onda sa programom kad udem u pc?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Skineš program. Zatim restartuješ Windows u Safe Mode i onda uradiš skeniranje.

Na kraju sačuvaš log i onda restartuješ u Normal Mode i postaviš ovde taj log.

offline
  • Pridružio: 04 Mar 2009
  • Poruke: 54
  • Gde živiš: Vojvodina Serbia Selenca

sho2p[1].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S92BWX2F;BackDoor.IRC.Itan;Deleted.;
ComboFix.exe/data002\32788R22FWJFW\c.bat;C:\Documents and Settings\Ziska\Desktop\ComboFix.exe/data002;Probably BATCH.Virus;;
ComboFix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Ziska\Desktop\ComboFix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Ziska\Desktop;Archive contains infected objects;;
ComboFix.exe;C:\Documents and Settings\Ziska\Desktop;Container contains infected objects;Moved.;
bcqr00001.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00002.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00003.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00004.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00005.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00006.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00007.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00008.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00009.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00010.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00011.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00012.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00013.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00014.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00015.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00016.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00017.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00018.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00019.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00020.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00021.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00022.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00023.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00024.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
bcqr00025.dta;C:\Documents and Settings\Ziska\Desktop\avz4\avz4\Quarantine\2009-03-06;BackDoor.IRC.Itan;Deleted.;
msile.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system;BackDoor.IRC.Itan;Deleted.;
svhost.exe.vir\data001;C:\Qoobox\Quarantine\C\WINDOWS\system\svhost.exe.vir;Tool.TcpZ;;
svhost.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system;Container contains infected objects;Moved.;
00.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
02.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
03.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
05.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
06.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
07.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
10.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
13.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
14.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
16.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
17.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
20.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
21.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
23.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
24.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
25.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
26.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
28.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
30.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
32.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
33.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
34.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
36.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
37.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
38.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
40.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
41.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
42.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
43.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
44.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
45.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
46.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
47.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
48.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
50.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
51.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
53.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
54.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
64.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
67.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
68.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
71.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
72.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
75.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
76.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
80.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
81.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
82.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
84.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
85.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
86.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
87.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
88.scr.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.IRC.Itan;Deleted.;
sysdrv32.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Tool.TcpZ;Incurable.Moved.;
A0022704.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP102;BackDoor.IRC.Itan;Deleted.;
A0022984.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP106;Probably BATCH.Virus;Incurable.Moved.;
A0022998.EXE;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP106;Program.PsExec.170;Incurable.Moved.;
A0023057.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP106;Probably BATCH.Virus;Incurable.Moved.;
A0023110.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP106;Probably BATCH.Virus;Incurable.Moved.;
A0023197.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP106;Probably BATCH.Virus;Incurable.Moved.;
A0023220.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP106\A0023220.exe/data002;Probably BATCH.Virus;;
A0023220.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP106\A0023220.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP106;Archive contains infected objects;;
A0023220.exe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP106;Container contains infected objects;Moved.;
A0023283.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;Probably BATCH.Virus;Incurable.Moved.;
A0023355.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;Probably BATCH.Virus;Incurable.Moved.;
A0023371.EXE;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;Program.PsExec.170;Incurable.Moved.;
A0023453.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;BackDoor.IRC.Itan;Deleted.;
A0023454.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;BackDoor.IRC.Itan;Deleted.;
A0023455.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;BackDoor.IRC.Itan;Deleted.;
A0023456.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;BackDoor.IRC.Itan;Deleted.;
A0023457.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;BackDoor.IRC.Itan;Deleted.;
A0023458.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;BackDoor.IRC.Itan;Deleted.;
A0023459.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;BackDoor.IRC.Itan;Deleted.;
A0023460.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;BackDoor.IRC.Itan;Deleted.;
A0023461.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107\A0023461.exe/data002;Probably BATCH.Virus;;
A0023461.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107\A0023461.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;Archive contains infected objects;;
A0023461.exe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;Container contains infected objects;Moved.;
A0023469.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP107;Probably BATCH.Virus;Incurable.Moved.;
A0023532.exe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023533.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023534.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023535.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023536.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023537.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023538.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023539.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023540.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023541.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023542.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023543.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023544.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023545.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023546.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023547.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023548.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023549.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023550.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023551.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023552.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023553.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023554.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023555.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023556.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023557.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023558.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023559.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023560.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023561.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023562.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023563.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023564.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023565.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023566.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023584.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;Probably BATCH.Virus;Incurable.Moved.;
A0023586.exe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023600.EXE;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;Program.PsExec.170;Incurable.Moved.;
A0023680.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP108;BackDoor.IRC.Itan;Deleted.;
A0023694.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;BackDoor.IRC.Itan;Deleted.;
A0023695.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;BackDoor.IRC.Itan;Deleted.;
A0023696.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;BackDoor.IRC.Itan;Deleted.;
A0023697.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;BackDoor.IRC.Itan;Deleted.;
A0023698.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;BackDoor.IRC.Itan;Deleted.;
A0023699.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;BackDoor.IRC.Itan;Deleted.;
A0023700.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;BackDoor.IRC.Itan;Deleted.;
A0023701.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;BackDoor.IRC.Itan;Deleted.;
A0023702.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;BackDoor.IRC.Itan;Deleted.;
A0023703.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;BackDoor.IRC.Itan;Deleted.;
A0023709.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;Probably BATCH.Virus;Incurable.Moved.;
A0023771.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;BackDoor.IRC.Itan;Deleted.;
A0023823.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP109;Probably BATCH.Virus;Incurable.Moved.;
A0023854.exe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP110;BackDoor.IRC.Itan;Deleted.;
A0023855.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP110;BackDoor.IRC.Itan;Deleted.;
A0023856.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP110;BackDoor.IRC.Itan;Deleted.;
A0023857.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP110;BackDoor.IRC.Itan;Deleted.;
A0023858.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP110;BackDoor.IRC.Itan;Deleted.;
A0023859.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP110;BackDoor.IRC.Itan;Deleted.;
A0023860.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP110;Tool.TcpZ;Incurable.Moved.;
A0023878.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP110;Probably BATCH.Virus;Incurable.Moved.;
A0023892.EXE;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP110;Program.PsExec.170;Incurable.Moved.;
A0023933.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP110;BackDoor.IRC.Itan;Deleted.;
A0023948.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023949.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023950.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023951.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023952.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023953.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023954.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023955.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023956.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023957.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023958.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023959.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023960.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023961.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023962.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023963.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0023969.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;Probably BATCH.Virus;Incurable.Moved.;
A0024026.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;Tool.TcpZ;Incurable.Moved.;
A0024029.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP111;BackDoor.IRC.Itan;Deleted.;
A0024396.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;Tool.TcpZ;Incurable.Moved.;
A0024397.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024398.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024402.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;Tool.TcpZ;Incurable.Moved.;
A0024412.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;Tool.TcpZ;Incurable.Moved.;
A0024417.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024418.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024419.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024420.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024421.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024422.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024423.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024424.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024425.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024426.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024427.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024428.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024429.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024430.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024431.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024432.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024433.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024434.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024435.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024436.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024437.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024438.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024439.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024440.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;BackDoor.IRC.Itan;Deleted.;
A0024441.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP117;Tool.TcpZ;Incurable.Moved.;
A0024448.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP119;Tool.TcpZ;Incurable.Moved.;
A0024449.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP119\A0024449.scr;Tool.TcpZ;;
A0024449.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP119;Container contains infected objects;Moved.;
A0024450.exe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP119;BackDoor.IRC.Itan;Deleted.;
A0024452.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP119\A0024452.scr;Tool.TcpZ;;
A0024452.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP119;Container contains infected objects;Moved.;
A0024458.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP119;BackDoor.IRC.Itan;Deleted.;
A0024459.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP119;Tool.TcpZ;Incurable.Moved.;
A0024464.exe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP119;BackDoor.IRC.Itan;Deleted.;
A0024475.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP121;Tool.TcpZ;Incurable.Moved.;
A0024484.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP122\A0024484.scr;Tool.TcpZ;;
A0024484.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP122;Container contains infected objects;Moved.;
A0024500.exe\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP122\A0024500.exe;Tool.TcpZ;;
A0024500.exe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP122;Container contains infected objects;Moved.;
A0024501.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP122;Tool.TcpZ;Incurable.Moved.;
A0024517.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP122;Probably BATCH.Virus;Incurable.Moved.;
A0024531.EXE;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP122;Program.PsExec.170;Incurable.Moved.;
A0024680.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP123;Tool.TcpZ;Incurable.Moved.;
A0024755.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Tool.TcpZ;Incurable.Moved.;
A0024785.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Tool.TcpZ;Incurable.Moved.;
A0024791.exe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;BackDoor.IRC.Itan;Deleted.;
A0024792.sys;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Tool.TcpZ;Incurable.Moved.;
A0024793.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;BackDoor.IRC.Itan;Deleted.;
A0024794.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024794.scr;Tool.TcpZ;;
A0024794.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
A0024795.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024795.scr;Tool.TcpZ;;
A0024795.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
A0024796.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024796.scr;Tool.TcpZ;;
A0024796.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
A0024797.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024797.scr;Tool.TcpZ;;
A0024797.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
A0024798.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;BackDoor.IRC.Itan;Deleted.;
A0024799.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024799.scr;Tool.TcpZ;;
A0024799.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
A0024800.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024800.scr;Tool.TcpZ;;
A0024800.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
A0024801.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024801.scr;Tool.TcpZ;;
A0024801.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
A0024802.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024802.scr;Tool.TcpZ;;
A0024802.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
A0024803.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024803.scr;Tool.TcpZ;;
A0024803.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
A0024804.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024804.scr;Tool.TcpZ;;
A0024804.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
A0024805.scr\data001;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024805.scr;Tool.TcpZ;;
A0024805.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
A0024806.scr;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;BackDoor.IRC.Itan;Deleted.;
A0024836.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024836.exe/data002;Probably BATCH.Virus;;
A0024836.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125\A0024836.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Archive contains infected objects;;
A0024836.exe;C:\System Volume Information\_restore{09F3CC90-2355-4F35-8F7B-E623ABE1665C}\RP125;Container contains infected objects;Moved.;
65.scr\data001;C:\WINDOWS\system32\65.scr;Tool.TcpZ;;
65.scr;C:\WINDOWS\system32;Container contains infected objects;Moved.;
74.scr\data001;C:\WINDOWS\system32\74.scr;Tool.TcpZ;;
74.scr;C:\WINDOWS\system32;Container contains infected objects;Moved.;

Dopuna: 07 Mar 2009 20:58

Nisam mogao pre bio sam zauzet u PM a 1h mi samo scan :S

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Desni klik na sred forme programa. Pojaviće se menij u kojem je potrebno otići na Options i tu štiklirati opciju Only non MS files
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao fajl file3.txt


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde fajl koji smo malopre snimili.


-------------------------------------------------------------------------------------



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 04 Mar 2009
  • Poruke: 54
  • Gde živiš: Vojvodina Serbia Selenca

mycity.rs/must-login.png

Dopuna: 07 Mar 2009 22:25

Jel treba da iskeniram u ComboFix?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Da, postavi i svež ComboFix log.

offline
  • Pridružio: 04 Mar 2009
  • Poruke: 54
  • Gde živiš: Vojvodina Serbia Selenca

Sta bi ovo nema mi ComboFix? Obrisao se

Dopuna: 07 Mar 2009 22:45

ComboFix 09-03-06.02 - Ziska 2009-03-07 22:31:50.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.92 [GMT 1:00]
Running from: c:\documents and settings\Ziska\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32


((((((((((((((((((((((((( Files Created from 2009-02-07 to 2009-03-07 )))))))))))))))))))))))))))))))
.

2009-03-07 17:16 . 2009-03-07 17:16 <DIR> d-------- c:\documents and settings\Ziska\DoctorWeb
2009-03-07 14:01 . 2009-03-07 14:01 1,791 --a------ c:\windows\system32\autoexec.nt
2009-03-07 00:13 . 2009-03-07 00:13 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-06 10:19 . 2009-03-06 18:37 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-06 00:43 . 2009-03-06 00:44 <DIR> d-------- c:\program files\Croatian Mini-Dictionary
2009-03-05 19:30 . 2009-03-07 22:18 250 --a------ c:\windows\gmer.ini
2009-03-05 12:35 . 2009-03-05 12:35 63 --a------ c:\windows\wininit.ini
2009-03-04 21:52 . 2009-03-04 21:52 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 19:34 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Stardock
2009-03-04 19:34 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Common Files\Stardock
2009-03-04 19:17 . 2009-03-04 19:17 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-03-03 20:47 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 20:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 20:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-01 14:22 . 2009-03-01 14:22 <DIR> d---s---- c:\documents and settings\Ziska\UserData
2009-03-01 13:23 . 2009-03-07 14:10 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-01 12:40 . 2009-03-07 09:47 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-01 12:40 . 2009-03-01 14:22 <DIR> d-------- c:\documents and settings\Ziska\Application Data\AVGTOOLBAR
2009-03-01 12:40 . 2009-03-01 12:40 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-01 12:40 . 2009-03-01 12:40 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-01 12:40 . 2009-03-01 12:40 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-01 12:39 . 2009-03-01 12:39 <DIR> d-------- c:\program files\AVG
2009-03-01 12:39 . 2009-03-01 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-01 02:24 . 2009-03-01 23:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-27 20:56 . 2009-03-01 01:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware(2)
2009-02-26 22:02 . 2009-02-26 22:02 <DIR> d-------- c:\documents and settings\Ziska\Application Data\Malwarebytes
2009-02-26 22:02 . 2009-02-26 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-14 18:46 . 2009-03-03 17:37 238 --a------ c:\windows\mafosav.INI
2009-02-14 15:55 . 2009-02-14 15:55 <DIR> d-------- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 19:38 --------- d-----w c:\program files\FlashGet
2009-03-07 00:08 --------- d-----w c:\program files\Windows Live
2009-03-06 23:54 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-02-07 15:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 12:02 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-25 18:12 --------- d-----w c:\program files\Common Files\Real
2009-01-24 11:34 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-23 21:31 --------- d-----w c:\documents and settings\Ziska\Application Data\HLSW
2009-01-16 22:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-01-12 19:58 --------- d-----w c:\documents and settings\Ziska\Application Data\NetSupport
2009-01-12 19:53 --------- d-----w c:\program files\NetSupport
2009-01-12 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\NetSupport
2009-01-11 21:19 --------- d-----w c:\program files\MessengerDiscovery
2008-12-28 12:05 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-12-28 12:05 111,110 ----a-w c:\windows\BricoPackUninst.cmd
.

------- Sigcheck -------

2008-04-14 04:42 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\wininet.dll
2008-04-14 04:42 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\dllcache\wininet.dll

2008-04-14 04:42 975872 561a50497324f378e30f55d09b4e1258 c:\windows\explorer.exe
2008-04-14 04:42 975872 088a0cd3d4cd3b584f3a4150d6cf941e c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-04_23.24.58.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-05 18:30:17 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
- 2008-12-28 15:07:56 29,926 ----a-r c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2009-03-05 23:42:33 29,926 ----a-r c:\windows\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
+ 2009-03-05 22:14:17 58,945 ----a-r c:\windows\Installer\{7739A0FE-2D25-4298-9414-1EC8A410CD53}\wlmail.exe
- 2009-01-16 22:32:13 29,926 ----a-r c:\windows\Installer\{C550F6FC-6C3C-4CB4-BC13-3960B17959DD}\MsblIco.Exe
+ 2009-03-06 23:56:48 29,926 ----a-r c:\windows\Installer\{C550F6FC-6C3C-4CB4-BC13-3960B17959DD}\MsblIco.Exe
- 2008-04-14 03:42:02 337,408 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:34:24 337,408 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2009-03-05 18:30:17 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-04-14 03:42:02 337,408 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:34:24 337,408 ----a-w c:\windows\system32\netapi32.dll
- 2007-11-30 04:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-01 1601304]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Gigabyte Wireless Utility.lnk - c:\program files\GIGABYTE\Common\GNConfig.exe [12/26/2008 10:59:24 AM 753664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-01 12:40 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSNETDED]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\client32.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\PCICTLUI.EXE"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\pcideply.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\PCISA.EXE"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\pciscrui.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\runscrip.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/1/2009 12:40:10 PM 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/1/2009 12:40:18 PM 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/1/2009 12:39:44 PM 298264]
S2 MSNETDED;Network Monitor service;"c:\windows\system\svhost.exe" --> c:\windows\system\svhost.exe [?]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [12/26/2008 11:23:14 AM 670592]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {BCE8778D-1AE7-46C0-98F0-93CB5E6CF7BC} = 195.252.122.154
FF - ProfilePath - c:\documents and settings\Ziska\Application Data\Mozilla\Firefox\Profiles\nhsg24iv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.abakusbp.net/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-07 22:37:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Nf815c75f]
@Denied: (4) (Everyone)
@Denied: (4) (Administrators)
@Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem)
"a"="M"
"InternetCode"="U52LDJMC37ONPGW35EG4SPJX45LFAJ6ESRKK7IY8"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'csrss.exe'(532)
c:\program files\NetSupport\NetSupport Manager\pcihooks.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\NetSupport\NetSupport Manager\client32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-07 22:39:28 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-07 21:39:24
ComboFix2.txt 2009-03-06 17:59:55
ComboFix3.txt 2009-03-05 21:25:57
ComboFix4.txt 2009-03-05 20:16:42
ComboFix5.txt 2009-03-07 21:30:58

Pre-Run: 5,778,788,352 bytes free
Post-Run: 5,841,977,344 bytes free

190

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
MSNETDED

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSNETDED]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 1333 korisnika na forumu :: 37 registrovanih, 10 sakrivenih i 1286 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ajo baba, amaterSRB, Andrija357, Areal84, Asparagus, bladesu, BORUTUS, debeli, Dimitrise93, Dorcolac, DPera, draganl, dushan, Georgius, hyla, jackreacher011011, Karla, kihot, kovinacc, kuntalo, Lieutenant, mgolub, Mi lao shu, MikeHammer, milenko crazy north, MilosKop, nemkea71, nextyamb, procesor, royst33, shone34, srbijaiznadsvega, Stanlio, Trpe Grozni, vasa.93, vathra, W123