prosím o pomoc asi isee.exe

[miso23]

Zdravím mám problém doniesol som si do PC na kľúči vírus na USB je vytvorený autorun.inf a nejde ho zmazať to iste aj na diskoch (na C: aj D:). niečo som našiel tu na fore tak prikladam ako radili výpis z HijackThis. Najhorsie je ze sa mi rozsiril na Mp3 aj ďaľší kľúč.
Vďaka za pomoc.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:34, on 1.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Opera\Opera.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.70\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.70\MediaManager\grab.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

//přesunuto

//mmm

--
End of file - 8957 bytes

[Reklama]

[fredik]

Pokud používáš firewall v ESET Smart Security, tak Kerio Personal Firewall odinstaluj.

Stáhni ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[miso23]

Tak tu je výpis z ComboFixu:


ComboFix 08-05-29.1 - Michal 2008-06-01 13:05:09.6 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.667 [GMT 2:00]
Running from: C:\Documents and Settings\Michal\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 38
pv: No matching processes found
The syntax of the command is incorrect.


((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-06-01 11:26 . 2008-06-01 11:26 <DIR> d-------- C:\Program Files\Java
2008-06-01 11:26 . 2008-06-01 11:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-01 11:26 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-30 17:07 . 2008-05-30 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios
2008-05-25 11:18 . 2008-05-25 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 11:17 . 2008-05-25 11:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-25 11:17 . 2008-05-25 11:17 <DIR> d-------- C:\Documents and Settings\Michal\Application Data\SUPERAntiSpyware.com
2008-05-24 13:52 . 2008-05-24 13:52 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-24 11:05 . 2008-05-25 10:13 <DIR> d-------- C:\Documents and Settings\Michal\Application Data\Command & Conquer 3 Tiberium Wars
2008-05-23 09:58 . 2008-05-23 09:58 <DIR> d-------- C:\Program Files\ESET
2008-05-18 16:02 . 2008-05-18 16:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-18 16:02 . 2008-05-18 16:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-05-18 12:57 . 2004-08-04 13:00 146,432 --a------ C:\WINDOWS\R.COM
2008-05-18 12:57 . 2004-08-04 13:00 135,680 --a------ C:\WINDOWS\system32\T.COM
2008-05-18 12:57 . 2008-05-18 12:59 50 --a------ C:\WINDOWS\Lic.xxx
2008-05-17 13:10 . 2008-05-17 13:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-17 13:10 . 2008-05-18 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-17 13:05 . 2008-05-17 13:05 <DIR> d-------- C:\Program Files\Seznam
2008-05-17 11:20 . 2008-05-17 11:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 10:53 . 2008-05-17 10:53 241 --a------ C:\Documents and Settings\Michal\SR.vbs
2008-05-16 15:29 . 2008-05-30 14:12 173 --a------ C:\ASWL2K.ini
2008-05-16 15:21 . 2008-05-16 15:21 <DIR> d-------- C:\Program Files\ASUS
2008-05-16 15:21 . 2006-07-25 21:20 537,600 --a------ C:\WINDOWS\system32\ASWL2K.exe
2008-05-16 15:21 . 2004-05-06 12:21 496,640 --a------ C:\WINDOWS\system32\ASWLSVC.exe
2008-05-16 15:21 . 2006-06-08 10:49 344,064 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-05-16 15:21 . 2005-10-17 19:50 245,376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-05-16 15:21 . 2004-05-07 18:57 159,827 --a------ C:\WINDOWS\system32\RemSvc.exe
2008-05-16 15:21 . 2003-10-09 19:38 141,824 --a------ C:\WINDOWS\system32\ClientCpl.cpl
2008-05-16 15:21 . 2002-09-09 21:01 61,440 --a------ C:\WINDOWS\system32\ASUSW32N50.dll
2008-05-16 15:21 . 2008-05-16 15:21 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-16 15:21 . 2002-09-09 19:54 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys
2008-05-16 15:21 . 2001-04-16 05:48 15,577 --a------ C:\WINDOWS\system32\ASNDIS3.vxd
2008-05-11 14:57 . 2008-05-11 14:57 29 --a------ C:\WINDOWS\DEBUGSM.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 13:49 --------- d-----w C:\Program Files\eMule
2008-05-25 09:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 08:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-25 08:41 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-05-24 08:09 --------- d-----w C:\Program Files\EAGLE-4.11
2008-05-17 11:03 --------- d-----w C:\Program Files\ICQToolbar
2008-05-11 12:57 --------- d-----w C:\Documents and Settings\Michal\Application Data\EPSON
2008-05-04 12:26 --------- d-----w C:\Program Files\ACAD2000
2008-05-04 09:27 --------- d-----w C:\Documents and Settings\Michal\Application Data\Nokia Multimedia Player
2008-04-30 18:35 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0
2008-04-17 17:58 --------- d-----w C:\Program Files\ICQ6
2008-04-17 14:55 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-17 14:55 --------- d-----w C:\Program Files\AutoCAD 2004
2008-04-17 14:55 --------- d-----w C:\Program Files\AnswerWorks 4.0
2008-03-26 16:36 364,544 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe
2008-03-22 09:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-07 16:14 87,608 ----a-w C:\Documents and Settings\Michal\Application Data\ezpinst.exe
2008-02-07 16:14 47,360 ----a-w C:\Documents and Settings\Michal\Application Data\pcouffin.sys
.

------- Sigcheck -------

2006-08-06 00:32 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot_2008-06-01_11.09.29,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 08:44:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 09:24:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-17 18:08 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 14:20 227328]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-02-06 18:47 1036640]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-08-15 15:48 1696256]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-15 17:45:48 113664]
Bluetooth.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2005-03-29 16:37:28 569405]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"EPSON Stylus CX3200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Hry\\stronlegend\\StrongholdLegends.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2008-01-17 18:03]
R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files\HWiNFO32\HWiNFO32.SYS [2006-08-13 10:58]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 13:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-07 18:16]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 15:36:16 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 13:10:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-01 13:11:38
ComboFix-quarantined-files.txt 2008-06-01 11:11:32
ComboFix2.txt 2008-06-01 09:10:19
ComboFix3.txt 2008-05-21 14:50:27
ComboFix4.txt 2008-05-21 14:42:29

Pre-Run: 16,826,073,088 bytes free
Post-Run: 16,813,305,856 bytes free

167

[fredik]

Připoj k Pc flešku/USB klíčenku/Mp3 přehrávač. Postup s Flash Disinfectorem proveď na všech zařízeních.

Stáhni tento program: Flash Disinfector (by sUBs)
- Spusť Flash Disinfector a počkej až tě program bude informovat o ukončení své činnosti.
- po té můžeš výměnné zařízení odpojit.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Pak si otevři Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

[miso23]

Urobil som vsetko co si kazal tu je výpis z
ComboFix

ComboFix 08-05-29.1 - Michal 2008-06-01 16:13:36.7 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.679 [GMT 2:00]
Running from: C:\Documents and Settings\Michal\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michal\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 38
pv: No matching processes found
The syntax of the command is incorrect.


((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))
.

2008-06-01 11:26 . 2008-06-01 11:26 <DIR> d-------- C:\Program Files\Java
2008-06-01 11:26 . 2008-06-01 11:26 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-01 11:26 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-30 17:07 . 2008-05-30 17:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios
2008-05-25 11:18 . 2008-05-25 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 11:17 . 2008-05-25 11:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-25 11:17 . 2008-05-25 11:17 <DIR> d-------- C:\Documents and Settings\Michal\Application Data\SUPERAntiSpyware.com
2008-05-24 13:52 . 2008-05-24 13:52 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-05-24 11:05 . 2008-05-25 10:13 <DIR> d-------- C:\Documents and Settings\Michal\Application Data\Command & Conquer 3 Tiberium Wars
2008-05-23 09:58 . 2008-05-23 09:58 <DIR> d-------- C:\Program Files\ESET
2008-05-18 16:02 . 2008-05-18 16:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-18 16:02 . 2008-05-18 16:02 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-05-18 12:59 . 2008-05-18 12:59 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-05-18 12:57 . 2004-08-04 13:00 146,432 --a------ C:\WINDOWS\R.COM
2008-05-18 12:57 . 2004-08-04 13:00 135,680 --a------ C:\WINDOWS\system32\T.COM
2008-05-18 12:57 . 2008-05-18 12:59 50 --a------ C:\WINDOWS\Lic.xxx
2008-05-17 13:10 . 2008-05-17 13:10 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-17 13:10 . 2008-05-18 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-17 13:05 . 2008-05-17 13:05 <DIR> d-------- C:\Program Files\Seznam
2008-05-17 11:20 . 2008-05-17 11:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-17 10:53 . 2008-05-17 10:53 241 --a------ C:\Documents and Settings\Michal\SR.vbs
2008-05-16 15:29 . 2008-05-30 14:12 173 --a------ C:\ASWL2K.ini
2008-05-16 15:21 . 2008-05-16 15:21 <DIR> d-------- C:\Program Files\ASUS
2008-05-16 15:21 . 2006-07-25 21:20 537,600 --a------ C:\WINDOWS\system32\ASWL2K.exe
2008-05-16 15:21 . 2004-05-06 12:21 496,640 --a------ C:\WINDOWS\system32\ASWLSVC.exe
2008-05-16 15:21 . 2006-06-08 10:49 344,064 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-05-16 15:21 . 2005-10-17 19:50 245,376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-05-16 15:21 . 2004-05-07 18:57 159,827 --a------ C:\WINDOWS\system32\RemSvc.exe
2008-05-16 15:21 . 2003-10-09 19:38 141,824 --a------ C:\WINDOWS\system32\ClientCpl.cpl
2008-05-16 15:21 . 2002-09-09 21:01 61,440 --a------ C:\WINDOWS\system32\ASUSW32N50.dll
2008-05-16 15:21 . 2008-05-16 15:21 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-16 15:21 . 2002-09-09 19:54 16,269 --a------ C:\WINDOWS\system32\ASNDIS5.sys
2008-05-16 15:21 . 2001-04-16 05:48 15,577 --a------ C:\WINDOWS\system32\ASNDIS3.vxd
2008-05-11 14:57 . 2008-05-11 14:57 29 --a------ C:\WINDOWS\DEBUGSM.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-30 15:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-25 13:49 --------- d-----w C:\Program Files\eMule
2008-05-25 09:17 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 08:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-25 08:41 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-05-24 08:09 --------- d-----w C:\Program Files\EAGLE-4.11
2008-05-17 11:03 --------- d-----w C:\Program Files\ICQToolbar
2008-05-11 12:57 --------- d-----w C:\Documents and Settings\Michal\Application Data\EPSON
2008-05-04 12:26 --------- d-----w C:\Program Files\ACAD2000
2008-05-04 09:27 --------- d-----w C:\Documents and Settings\Michal\Application Data\Nokia Multimedia Player
2008-04-30 18:35 --------- d-----w C:\Program Files\ABBYY PDF Transformer 2.0
2008-04-17 17:58 --------- d-----w C:\Program Files\ICQ6
2008-04-17 14:55 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-04-17 14:55 --------- d-----w C:\Program Files\AutoCAD 2004
2008-04-17 14:55 --------- d-----w C:\Program Files\AnswerWorks 4.0
2008-03-26 16:36 364,544 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe
2008-03-22 09:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-02-07 16:14 87,608 ----a-w C:\Documents and Settings\Michal\Application Data\ezpinst.exe
2008-02-07 16:14 47,360 ----a-w C:\Documents and Settings\Michal\Application Data\pcouffin.sys
.

------- Sigcheck -------

2006-08-06 00:32 359040 c81d6a930a7805f6daa0c7902b99037e C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot_2008-06-01_11.09.29,57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-01 08:44:29 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-01 09:24:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-22 00:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-24 23:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 00:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-24 23:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 01:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 00:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2006-08-05 14:32:10 486,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPF880AL.DLL
+ 2006-08-05 14:32:10 1,853,952 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPFIMG50.DLL
+ 2006-08-05 14:32:22 87,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPFUD50.DLL
+ 2006-08-05 14:32:10 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPFUI50.DLL
+ 2006-08-05 14:32:24 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2006-08-05 14:32:24 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2006-08-05 14:32:26 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2008-04-17 18:08 172280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 14:20 227328]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-02-06 18:47 1036640]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-08-15 15:48 1696256]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-03-13 16:48 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 16:58 1744896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-02-15 17:45:48 113664]
Bluetooth.lnk - C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe [2005-03-29 16:37:28 569405]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"EPSON Stylus CX3200"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"D:\\Hry\\stronlegend\\StrongholdLegends.exe"=

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2008-01-17 18:03]
R2 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files\HWiNFO32\HWiNFO32.SYS [2006-08-13 10:58]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 13:00]
R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 19:54]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 13:00]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-07 18:16]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 15:36:16 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 16:17:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-01 16:19:09
ComboFix-quarantined-files.txt 2008-06-01 14:19:04
ComboFix2.txt 2008-06-01 11:11:41
ComboFix3.txt 2008-06-01 09:10:19
ComboFix4.txt 2008-05-21 14:50:27
ComboFix5.txt 2008-05-21 14:42:29

Pre-Run: 16,796,901,376 bytes free
Post-Run: 16,785,395,712 bytes free

173


A HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:21:46, on 1.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSI\BToes Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_DPPE03.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.70\AMVConverter\grab.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.70\MediaManager\grab.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~1\PCTRAN~1\webie.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8557 bytes

A este sa chcem spytat ked som to spravil aj tak mi ostali na disku tie subory autorun.inf je to vporiadku?

[fredik]

Jdi přes Start -> Spustit... a napiš do okna tento příkaz označený modře ComboFix /u a dej Ok.
- mezi comobofix a /u musí být mezera
- počkej až proběhne, bude tě o tom informovat.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Spusť znovu HijackThis a zaškrtni v něm okénko před řádkem:
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
po zaškrtnutí klikni na tlačítko Fix Checked

Jestli myslíš ty, co se po aplikaci Flash Disinfectoru vytvořily na discích (skrytá složka/adresář autorun.inf), tak ty FD vytváří jako prevenci proti dalšímu nakažení.

Máš ještě problémy?

[miso23]

Dik za pomoc nemohol som skor odpisat nemal som pristup k pc. Tak na HDD je to v poriadku je to len ten subor co si ono vytvorilo ale na USB ostal este subor RECYCLER aj s virusom ma takyto nazov S-1-5-21-1482476501-1644491937-682003330-1013 a nejde to vyhodit.

[fredik]

Jestli jsem to dobře pochopil, tak na USB ti zůstal adresář RECYCLER\-1-5-21-1482476501-1644491937-682003330-1013. Ta složka sama o sobě by neměla být až takový problém, je v ní něco umístěno? (soubory)

Zkus připojit to USB k PC a udělej toto:
Pak proveď kontrolu a vlož sem log z Kaspersky Online Scanner! (potřeba spustit v IE)
- klikni na tlačítko Accept
- budeš vyzván k nainstalovaní ActiveX komponenty od Kasperského, tak to povol
- program si stáhne potřebnou databázi
- po stažení klikni na volbu:
Po té klikni na tlačítko: Scan Settings
- dostaneš se do okna Scan settings a tam zvol následující možnosti vyber následující:

Pod položkou: Scan using the following antivirus database:

standard - detect viruses, worms, Trojans, rootkits

Pod položkou: Scan Options: - nech zvolené obě možnosti:

Scan Archives - scan files inside archives
Scan Mail Bases - scan e-mails/attachments inside mail base files

Pak klikni na tlačítko OK

Nyní pak pod položkou Please select a target to scan zvol možnost:

- spustí se kontrola systému
- po jejím proběhnutí se ti zobrazí seznam co našel
Klikni na tlačítko Save Report As...
- ulož si ho třeba na plochu a zvol tyto parametry:
- Název souboru: zde napiš: Kavlog
- Uložit jako typ: tak tam vyber: Text file (*.txt)
Vlož sem pak jeho log

Pak řekni pod jakým písmenem se ti mapuje to USB (co je to přesně za zařízení, mp3 přehrávač, fleška ...) v systému. (E, F, G, ...)

[miso23]

Nie v tej zlozke nic nie je. Dal som to kontrolovat cez kaspersky online. Po skonceni vyhodim ten log
Velmi pekne dakujem za ochotu

[miso23]

Tak konecne to skoncilo F: je flash disk 1GB, a G: je MP3 player Apacer 1GB ktory som pouzival ako flash disk.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, June 06, 2008 5:43:00 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/06/2008
Kaspersky Anti-Virus database records: 741169
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 88741
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 02:07:45

Infected Object Name / Virus Name / Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Charon\CACHE.NDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\epfwlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\virlog.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ESET\ESET Smart Security\Logs\warnlog.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michal\Application Data\Search Settings\kb126\temp\ws-14036.log Object is locked skipped
C:\Documents and Settings\Michal\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michal\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michal\Local Settings\History\History.IE5\MSHist012008060620080607\index.dat Object is locked skipped
C:\Documents and Settings\Michal\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michal\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michal\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080606-153014.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{00BD86C4-38CE-4026-8FC8-3A009383C2D5}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
G:\NOD\infected\J1E5OUCA.NQF Infected: Worm.Win32.AutoRun.aul skipped
G:\Qoobox\Quarantine\G\autorun.inf.vir Object is locked skipped
G:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe Object is locked skipped

Scan process completed.

[fredik]

Promiň za delší prodlevu v reakci na poslední příspěvek.

Připoj to zařízení co se ti mapuje jako disk G a použij toto:

Stáhni si program OTMoveIt2 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste List Of Files/Folders to Move) zkopíruj tyto cesty:

Kód: Vybrat vše

[kill explorer]
G:\NOD\infected\J1E5OUCA.NQF
G:\Qoobox\Quarantine\G\autorun.inf.vir
G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe
G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013
EmptyTemp
[start explorer]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď

[miso23]

Vdaka za pomoc spravil som co si kazal, vyzera to byt na dobrej ceste na diskoch nic nie je a to G: bude hadam dobre

VELKA VDAKA

Explorer killed successfully
G:\NOD\infected\J1E5OUCA.NQF moved successfully.
File/Folder G:\Qoobox\Quarantine\G\autorun.inf.vir not found.
File/Folder G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isee.exe not found.
G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 moved successfully.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully