VBS: Malware-gen - prosím o pomoc Vyřešeno

[Golfy]

Dobrej, cca každou minutu na mě vyskakuje okno avastu: Nalezen virus.
Jméno souboru: C:/autorun.inf
Jméno vzorku: VBS:Malware-gen
Typ malware: virus/červ

Chtěl bych se zeptat, jak ho dostat pryč - celkem mě to štve

Log z HiJackThis
----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:41, on 24.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\tempo-53F.tmp
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EZEHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9058826000
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C5D39AD-F821-4B1C-8EE4-3972C904D0F4}: NameServer = 85.255.112.89;85.255.112.97
O17 - HKLM\System\CCS\Services\Tcpip\..\{D58A361E-9145-4096-8B13-DE147D5CBF82}: NameServer = 85.255.112.89;85.255.112.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C5D39AD-F821-4B1C-8EE4-3972C904D0F4}: NameServer = 85.255.112.89;85.255.112.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 15010 bytes

DÍKY

[Reklama]

[Golfy]

a obsah toho autorun.inf je:

[autorun]
shellexecute="resycled\boot.com c:"
shell\Open\command="resycled\boot.com c:"
shell=Open

[jaro3]

Vítej na fóru PC-HELP!
Stáhni si SDFix
http://downloads.andymanchesta.com/Remo ... /SDFix.exe
- Spusť ho a rozbalí se ti na disk kde je nainstalovaný Windows (typicky to je C:\SDfix)
- Pak restartuj PC do nouzového režimu (zvol možnost: Stav nouze, ne Stav nouze s práci v síti)
- Otevři adresář kde je vybalený SDFix a spusť soubor RunThis.bat tím spustíš program.
* Pak stiskni klávesu Y a pak Enter pro zahájení čistícího procesu.
* Pro dokončení kontroly budeš vyzván ke stisknutí libovolné klávesy a počítač se restartuje.
* Při nabíhání operačního systému se program spustí znovu a dokončí čistící proces. Až se objeví Finish, budeš muset po vyzvání stisknout libovolnou klávesu, tim se ukončí program a zobrazí se ti ikony na ploše
- Když se skončí načítání ikon na ploše, otevře se ti na obrazovce log z SDFix a zároveň ho uloží do adresáře kde je rozbalený SDFix jako soubor Report.txt
Pak sem zkopíruj jeho obsah + mrkni se jestli ti pod Startem nechybí nějaké ikony, zobrazují se ti disky pod Tento počítač....

[Golfy]

Díky za uvítání

díky za radu ohledně SDFixu, našel jsem ho již v jiném tématu a proto jsem ten test provedl již asi před 2 hodinami.

Když mi pak nabíhal systém, naběhla konzola SDFixu, jak řikáš dokončuje se čistící proces - v záhlaví Malware, ovšem na konci mi to vypisovalo něco ve smyslu: Nelze otevřít C:/SDFix/a nějakej soubor .txt

Po delší době to tam vypsalo asi 50x a tak jsem to vypnul. Systém naběhl v pohodě a v report.txt bylo, že mi to nalezlo trojan ve složce C:/Windows/sytem32/kdddi.exe a ještě v jednom souboru myslim že system32/temp/kdddi.exe

Nynější log z HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:37, on 25.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EZEHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9058826000
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C5D39AD-F821-4B1C-8EE4-3972C904D0F4}: NameServer = 85.255.112.89;85.255.112.97
O17 - HKLM\System\CCS\Services\Tcpip\..\{D58A361E-9145-4096-8B13-DE147D5CBF82}: NameServer = 85.255.112.89;85.255.112.97
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C5D39AD-F821-4B1C-8EE4-3972C904D0F4}: NameServer = 85.255.112.89;85.255.112.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\httpd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Apache2Triad SlimFTPd Server (SlimFTPd) - Unknown owner - C:\apache2triad\ftp\SlimFTPd.exe
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 14568 bytes


Malware se již neprojevuje / tedy alespoň nereaguje na spouštěče jako předtím - stačilo něco uložit a spustil se proces generování autorun.inf. Autorun.inf se již neobjevuje. Ale asi jsem ti to ztížil tím, že jsem report.txt omylem smazal :( Musim projíždět PC po druhé?

//EDIT: myslim že název byl DNS Trojan

[jaro3]

Ne , v poho.
Najdi a smaž celou složku: C:\SDfix
▪ Stáhni Fixwareout z některého z odkazů a uložíme ho na plochu:

http://downloads.subratam.org/Fixwareout.exe

http://download.bleepingcomputer.com/lo ... areout.exe


▪ Restartuj počítač do Nouzového režimu, toto není nutný krok, lze jej spustit i v standardním režimu, je však doporučený .
▪ Spustíme Fixwareout, klikneme na Next, dále na Install, ujistíme se, že je zvolena možnost Run fixit a klikneme na Finish
▪ Započne čistící proces, postupujeme dle instrukcí
▪ V případě odolnějších variant bude vyžadován restart počítače, restartujeme ho
▪ Počítač může trochu déle nabíhat, po vstupu do Windows by mělo vyběhnout okno s logem z Fixwareoutu, tento log vložíme sem. Jestliže se výpis neobjeví, je možné ho najít v cestě C:\fixwareout\report.txt

[Golfy]

Celkem v klidu a rychle to proběhlo - max. 4 minuty


Username "golfy" - 25.10.2008 11:02:20 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdddi.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0C5D39AD-F821-4B1C-8EE4-3972C904D0F4}
"nameserver"="85.255.112.89;85.255.112.97" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D58A361E-9145-4096-8B13-DE147D5CBF82}
"nameserver"="85.255.112.89;85.255.112.97" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0C5D39AD-F821-4B1C-8EE4-3972C904D0F4}
"DhcpNameServer"="85.255.112.89;85.255.112.97" <Value cleared.

Mezipaměť překládání DNS byla úspěšně vyprázdněna.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"JMB36X IDE Setup"="C:\\WINDOWS\\JM\\JMInsIDE.exe"
"36X Raid Configurer"="C:\\WINDOWS\\system32\\JMRaidSetup.exe boot"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Nero\\Lib\\NeroCheck.exe"
"NBKeyScan"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"Adobe_ID0EZEHM"="C:\\PROGRA~1\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"LGODDFU"="\"C:\\Program Files\\lg_fwupdate\\fwupdate.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"Samsung PanelMgr"="C:\\WINDOWS\\Samsung\\PanelMgr\\SSMMgr.exe /autorun"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DAEMON Tools Lite"="\"C:\\Program Files\\DAEMON Tools Lite\\daemon.exe\" -autorun"
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020"
"LaunchList"="C:\\Program Files\\Pinnacle\\Studio 11\\LaunchList2.exe"
"LightScribe Control Panel"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

[jaro3]

Zkus nyní stáhnout ten SDFix.
Pokud to nepůjde udělej toto:
Vypni rez. ochranu u Avastu.
Stáhni si ComboFix (by sUBs)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[Golfy]

No, už jsem myslel, že mi přestal jít net, ale pomohl restart.. uff

Tady je log z ComboFixu: (možná vypadá nadějně :), nebo snad ne?)

ComboFix 08-10-24.02 - golfy 2008-10-25 15:29:22.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.2952 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\golfy\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\LPVideoPlugin
C:\resycled
C:\WINDOWS\system32\nvsvc32.exe
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-09-25 do 2008-10-25 )))))))))))))))))))))))))))))))
.

2008-10-25 11:02 . 2008-10-25 11:06 <DIR> d-------- C:\fixwareout
2008-10-25 09:20 . 2008-10-25 09:20 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-25 09:14 . 2008-10-25 09:14 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-24 23:41 . 2008-10-24 23:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-24 23:19 . 2008-10-24 23:19 27,904 --a------ C:\WINDOWS\system32\drivers\ndisprot.sys
2008-10-24 13:58 . 2008-10-24 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2008-10-21 20:01 . 2008-10-21 20:01 98,632 --a------ C:\Documents and Settings\golfy\Data aplikací\GDIPFONTCACHEV1.DAT
2008-10-19 18:38 . 2008-10-19 18:38 <DIR> d-------- C:\Program Files\Bagger-Simulator 2008
2008-10-19 18:38 . 2000-08-19 20:29 268,048 --a------ C:\WINDOWS\system32\dxtmeta2.dll
2008-10-19 12:03 . 2008-10-19 12:03 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-10-19 12:03 . 2008-10-19 12:03 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-10-19 12:00 . 2008-10-19 12:00 <DIR> d-------- C:\Program Files\Playlogic
2008-10-19 10:49 . 2008-10-19 10:49 <DIR> d-------- C:\Program Files\linguatec
2008-10-11 09:37 . 2008-10-11 09:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\PopCap
2008-10-11 09:36 . 2008-10-11 09:36 <DIR> d-------- C:\Program Files\PopCap Games
2008-10-09 18:32 . 2008-10-09 18:33 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-06 21:11 . 2008-10-25 00:03 <DIR> d-------- C:\Program Files\FlashGet
2008-10-05 18:58 . 2008-10-05 18:58 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-10-05 14:52 . 2008-10-05 14:52 <DIR> d-------- C:\Documents and Settings\golfy\Data aplikací\Lionhead Studios
2008-10-05 14:03 . 2008-10-05 14:03 <DIR> d-------- C:\Program Files\Lionhead Studios Ltd
2008-10-05 14:03 . 2008-10-05 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lionhead Studios
2008-10-03 23:33 . 2008-10-03 23:33 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-03 23:29 . 2008-10-03 23:29 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-10-03 23:29 . 2008-10-05 18:22 <DIR> d-------- C:\Program Files\Cinema Tycoon 2 Movie Mania
2008-10-03 23:23 . 2008-10-03 23:29 <DIR> d-------- C:\Program Files\Retro64 Games
2008-10-02 16:38 . 2008-10-02 16:38 <DIR> d-------- C:\Documents and Settings\golfy\Data aplikací\Thinstall
2008-09-29 21:20 . 2008-04-13 20:46 51,200 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2008-09-29 21:20 . 2008-04-13 20:46 51,200 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-09-29 21:20 . 2008-04-13 20:46 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-09-29 21:20 . 2008-04-13 20:46 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-09-29 21:20 . 2008-04-13 20:46 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-09-29 21:20 . 2008-04-13 20:46 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2008-09-28 22:04 . 2008-09-28 22:04 <DIR> d-------- C:\Program Files\Software602
2008-09-28 22:04 . 2008-09-28 22:04 <DIR> d-------- C:\Program Files\Common Files\soft602
2008-09-28 22:04 . 2008-06-23 10:56 3,756,032 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-09-28 22:04 . 2007-07-30 14:36 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-09-28 22:04 . 2003-05-12 12:04 402 --a------ C:\WINDOWS\system32\msxml4.inf
2008-09-25 17:45 . 2008-09-25 17:45 <DIR> d-------- C:\WINDOWS\Samsung
2008-09-25 17:45 . 2008-03-11 04:17 479,232 --a------ C:\WINDOWS\ssndii.exe
2008-09-25 17:45 . 2008-01-10 15:39 21,776 --a------ C:\WINDOWS\system32\msxml2a.dll
2008-09-25 17:45 . 2008-01-10 03:33 11,502 --------- C:\WINDOWS\Dr. Printer Icon.ico
2008-09-25 17:43 . 2008-09-25 17:43 <DIR> d-------- C:\WINDOWS\system32\drivers\Samsung
2008-09-25 17:43 . 2008-09-25 17:43 <DIR> d-------- C:\Program Files\Samsung
2008-09-25 17:43 . 2008-01-10 14:15 151,552 --a------ C:\WINDOWS\system32\ssp2mci.exe
2008-09-25 17:43 . 2008-01-10 14:15 65,536 --a------ C:\WINDOWS\system32\ssp2mci.dll
2008-09-25 17:43 . 2008-01-10 03:34 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS
2008-09-25 17:43 . 2008-01-10 14:17 22,723 --a------ C:\WINDOWS\system32\ssp2ml3.dll
2008-09-25 17:43 . 2008-01-10 14:17 361 --a------ C:\WINDOWS\system32\ssp2ml3.smt

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 13:33 --------- d-----w C:\Program Files\lg_fwupdate
2008-10-25 13:33 --------- d-----w C:\Documents and Settings\golfy\Data aplikací\Free Download Manager
2008-10-25 13:19 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-25 11:51 183,120 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-25 11:51 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-25 11:49 --------- d-----w C:\Documents and Settings\golfy\Data aplikací\OpenOffice.org2
2008-10-24 22:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-19 08:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-16 16:37 --------- d-----w C:\Program Files\Opera
2008-10-11 07:27 --------- d-----w C:\Program Files\Centauri
2008-09-23 17:11 --------- d-----w C:\Program Files\ICQ6
2008-09-22 17:36 --------- d-----w C:\Program Files\Java
2008-09-22 17:35 --------- d-----w C:\Program Files\Common Files\Java
2008-09-19 20:08 --------- d-----w C:\Program Files\Common Files\DirectX
2008-09-15 19:28 --------- d-----w C:\Program Files\rajce
2008-09-14 18:43 --------- d-----w C:\Program Files\Take Covers
2008-09-14 11:16 --------- d-----w C:\Program Files\LightScribe Diagnostic Utility
2008-09-14 10:58 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\LightScribe
2008-09-14 10:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-14 09:18 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-09-10 18:01 --------- d-----w C:\Documents and Settings\golfy\Data aplikací\Zoner
2008-09-10 17:57 --------- d-----w C:\Program Files\Zoner
2008-09-09 19:38 --------- d-----w C:\Documents and Settings\golfy\Data aplikací\GARMIN
2008-09-09 19:37 --------- d-----w C:\Program Files\Garmin GPS Plugin
2008-09-08 19:13 --------- d-----w C:\Documents and Settings\golfy\Data aplikací\IBP
2008-09-08 18:54 --------- d-----w C:\Program Files\IBP 10
2008-09-03 17:35 --------- d-----w C:\Program Files\Testy Autoškola
2008-08-18 18:57 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-18 16:35 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-18 13:42 22,328 ----a-w C:\Documents and Settings\golfy\Data aplikací\PnkBstrK.sys
2008-08-18 11:06 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-11 13520896]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-11 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Adobe_ID0EZEHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-04-27 1884160]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576]
"nwiz"="nwiz.exe" [2008-03-11 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\golfy\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\golfy\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\golfy\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2008-08-18 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickTV6.lnk - C:\Program Files\AVerTV 6.0\AVerQT.exe [2006-04-19 516096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"vidc.mjpx"= Pvmjpg30.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\IBP 10\\IBP.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-21 520192]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [ ]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;C:\apache2triad\bin\httpd.exe [2008-08-18 17408]
S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-10-24 27904]
S3 PgSql;Apache2Triad PostgreSQL Service;C:\apache2triad\pgsql\bin\pg_ctl.exe runservice -N PgSql -D C:\apache2triad\pgsql\data\ [ ]
S3 SlimFTPd;Apache2Triad SlimFTPd Server;C:\apache2triad\ftp\SlimFTPd.exe [2008-08-18 54272]
S3 XMail;Apache2Triad Xmail Service;C:\apache2triad\mail\bin\XMail.exe [2008-08-18 339968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - D:\resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - E:\resycled\boot.com e:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - F:\resycled\boot.com f:

*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PNKBSTRK
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)


.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Documents and Settings\golfy\Data aplikací\Mozilla\Firefox\Profiles\rqtxd84g.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nppopcaploader.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 15:33:36
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
Celkový čas: 2008-10-25 15:36:48
ComboFix-quarantined-files.txt 2008-10-25 13:35:46

Před spuštěním: 7,885,123,584
Po spuštění: Volných bajtů: 11,726,098,432

235 --- E O F --- 2008-08-23 07:41:13

[jaro3]

Tak ten SDFix nešel?
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .

Toto nech otestovat na virustotal:
C:\WINDOWS\system32\ssp2mci.exe
C:\WINDOWS\system32\ssp2mci.dll
C:\WINDOWS\system32\ssp2ml3.dll
C:\WINDOWS\system32\ssp2ml3.smt

http://www.virustotal.com/
návod:
viewtopic.php?f=70&t=5121
Vlož sem pak výsledky všech otestovaných souborů.

[Golfy]

No, toho, že to mám znovu zkusit SDFixem jsem si nevšim.

Log z ComboFixu:

ComboFix 08-10-24.02 - golfy 2008-10-25 16:46:54.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1029.18.3050 [GMT 2:00]
Spuštěný z: C:\Documents and Settings\golfy\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\golfy\Plocha\CFScript.txt
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-09-25 do 2008-10-25 )))))))))))))))))))))))))))))))
.

2008-10-25 11:02 . 2008-10-25 11:06 <DIR> d-------- C:\fixwareout
2008-10-25 09:20 . 2008-10-25 09:20 578,560 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-10-25 09:14 . 2008-10-25 09:14 <DIR> d-------- C:\WINDOWS\ERUNT
2008-10-24 23:41 . 2008-10-24 23:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-24 23:19 . 2008-10-24 23:19 27,904 --a------ C:\WINDOWS\system32\drivers\ndisprot.sys
2008-10-24 13:58 . 2008-10-24 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Adobe Systems
2008-10-21 20:01 . 2008-10-21 20:01 98,632 --a------ C:\Documents and Settings\golfy\Data aplikací\GDIPFONTCACHEV1.DAT
2008-10-19 18:38 . 2008-10-19 18:38 <DIR> d-------- C:\Program Files\Bagger-Simulator 2008
2008-10-19 18:38 . 2000-08-19 20:29 268,048 --a------ C:\WINDOWS\system32\dxtmeta2.dll
2008-10-19 12:03 . 2008-10-19 12:03 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-10-19 12:03 . 2008-10-19 12:03 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-10-19 12:00 . 2008-10-19 12:00 <DIR> d-------- C:\Program Files\Playlogic
2008-10-19 10:49 . 2008-10-19 10:49 <DIR> d-------- C:\Program Files\linguatec
2008-10-11 09:37 . 2008-10-11 09:37 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\PopCap
2008-10-11 09:36 . 2008-10-11 09:36 <DIR> d-------- C:\Program Files\PopCap Games
2008-10-09 18:32 . 2008-10-09 18:33 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-10-06 21:11 . 2008-10-25 00:03 <DIR> d-------- C:\Program Files\FlashGet
2008-10-05 18:58 . 2008-10-05 18:58 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-10-05 14:52 . 2008-10-05 14:52 <DIR> d-------- C:\Documents and Settings\golfy\Data aplikací\Lionhead Studios
2008-10-05 14:03 . 2008-10-05 14:03 <DIR> d-------- C:\Program Files\Lionhead Studios Ltd
2008-10-05 14:03 . 2008-10-05 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Lionhead Studios
2008-10-03 23:33 . 2008-10-03 23:33 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-10-03 23:29 . 2008-10-03 23:29 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-10-03 23:29 . 2008-10-05 18:22 <DIR> d-------- C:\Program Files\Cinema Tycoon 2 Movie Mania
2008-10-03 23:23 . 2008-10-03 23:29 <DIR> d-------- C:\Program Files\Retro64 Games
2008-10-02 16:38 . 2008-10-02 16:38 <DIR> d-------- C:\Documents and Settings\golfy\Data aplikací\Thinstall
2008-09-29 21:20 . 2008-04-13 20:46 51,200 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2008-09-29 21:20 . 2008-04-13 20:46 51,200 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-09-29 21:20 . 2008-04-13 20:46 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2008-09-29 21:20 . 2008-04-13 20:46 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-09-29 21:20 . 2008-04-13 20:46 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2008-09-29 21:20 . 2008-04-13 20:46 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2008-09-28 22:04 . 2008-09-28 22:04 <DIR> d-------- C:\Program Files\Software602
2008-09-28 22:04 . 2008-09-28 22:04 <DIR> d-------- C:\Program Files\Common Files\soft602
2008-09-28 22:04 . 2008-06-23 10:56 3,756,032 --a------ C:\WINDOWS\system32\cdintf300.dll
2008-09-28 22:04 . 2007-07-30 14:36 1,843,200 --a------ C:\WINDOWS\system32\acXMLParser.dll
2008-09-28 22:04 . 2003-05-12 12:04 402 --a------ C:\WINDOWS\system32\msxml4.inf
2008-09-25 17:45 . 2008-09-25 17:45 <DIR> d-------- C:\WINDOWS\Samsung
2008-09-25 17:45 . 2008-03-11 04:17 479,232 --a------ C:\WINDOWS\ssndii.exe
2008-09-25 17:45 . 2008-01-10 15:39 21,776 --a------ C:\WINDOWS\system32\msxml2a.dll
2008-09-25 17:45 . 2008-01-10 03:33 11,502 --------- C:\WINDOWS\Dr. Printer Icon.ico
2008-09-25 17:43 . 2008-09-25 17:43 <DIR> d-------- C:\WINDOWS\system32\drivers\Samsung
2008-09-25 17:43 . 2008-09-25 17:43 <DIR> d-------- C:\Program Files\Samsung
2008-09-25 17:43 . 2008-01-10 14:15 151,552 --a------ C:\WINDOWS\system32\ssp2mci.exe
2008-09-25 17:43 . 2008-01-10 14:15 65,536 --a------ C:\WINDOWS\system32\ssp2mci.dll
2008-09-25 17:43 . 2008-01-10 03:34 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS
2008-09-25 17:43 . 2008-01-10 14:17 22,723 --a------ C:\WINDOWS\system32\ssp2ml3.dll
2008-09-25 17:43 . 2008-01-10 14:17 361 --a------ C:\WINDOWS\system32\ssp2ml3.smt

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 14:48 --------- d-----w C:\Program Files\lg_fwupdate
2008-10-25 13:46 --------- d-----w C:\Documents and Settings\golfy\Data aplikací\OpenOffice.org2
2008-10-25 13:37 --------- d-----w C:\Documents and Settings\golfy\Data aplikací\Free Download Manager
2008-10-25 13:19 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-25 11:51 183,120 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-10-25 11:51 137,480 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-24 22:04 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-19 08:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-16 16:37 --------- d-----w C:\Program Files\Opera
2008-10-11 07:27 --------- d-----w C:\Program Files\Centauri
2008-09-23 17:11 --------- d-----w C:\Program Files\ICQ6
2008-09-22 17:36 --------- d-----w C:\Program Files\Java
2008-09-22 17:35 --------- d-----w C:\Program Files\Common Files\Java
2008-09-19 20:08 --------- d-----w C:\Program Files\Common Files\DirectX
2008-09-15 19:28 --------- d-----w C:\Program Files\rajce
2008-09-14 18:43 --------- d-----w C:\Program Files\Take Covers
2008-09-14 11:16 --------- d-----w C:\Program Files\LightScribe Diagnostic Utility
2008-09-14 10:58 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\LightScribe
2008-09-14 10:51 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-14 09:18 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-09-10 18:01 --------- d-----w C:\Documents and Settings\golfy\Data aplikací\Zoner
2008-09-10 17:57 --------- d-----w C:\Program Files\Zoner
2008-09-09 19:38 --------- d-----w C:\Documents and Settings\golfy\Data aplikací\GARMIN
2008-09-09 19:37 --------- d-----w C:\Program Files\Garmin GPS Plugin
2008-09-08 19:13 --------- d-----w C:\Documents and Settings\golfy\Data aplikací\IBP
2008-09-08 18:54 --------- d-----w C:\Program Files\IBP 10
2008-09-03 17:35 --------- d-----w C:\Program Files\Testy Autoškola
2008-08-18 18:57 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-08-18 16:35 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-18 13:42 22,328 ----a-w C:\Documents and Settings\golfy\Data aplikací\PnkBstrK.sys
2008-08-18 11:06 32 ----a-w C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-10-25_15.35.34.48 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-25 11:46:02 73,326 ----a-w C:\WINDOWS\system32\perfc005.dat
+ 2008-10-25 13:49:26 73,326 ----a-w C:\WINDOWS\system32\perfc005.dat
- 2008-10-25 11:46:02 62,286 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-25 13:49:26 62,286 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-25 11:46:02 397,976 ----a-w C:\WINDOWS\system32\perfh005.dat
+ 2008-10-25 13:49:26 397,976 ----a-w C:\WINDOWS\system32\perfh005.dat
- 2008-10-25 11:46:02 400,624 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-25 13:49:26 400,624 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-25 13:45:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_690.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-04 486856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-08-22 2363392]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-11 13520896]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-11 86016]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Adobe_ID0EZEHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-04-27 1884160]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 229376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2008-04-14 536576]
"nwiz"="nwiz.exe" [2008-03-11 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\golfy\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\golfy\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\golfy\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-03-16 393216]

C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe [2008-08-18 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
QuickTV6.lnk - C:\Program Files\AVerTV 6.0\AVerQT.exe [2006-04-19 516096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg30.dll
"vidc.mjpx"= Pvmjpg30.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\IBP 10\\IBP.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys [2006-03-21 520192]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2008-04-13 69120]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys [ ]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;C:\apache2triad\bin\httpd.exe [2008-08-18 17408]
S3 Ndisprot;ArcNet NDIS Protocol Driver;C:\WINDOWS\system32\drivers\Ndisprot.sys [2008-10-24 27904]
S3 PgSql;Apache2Triad PostgreSQL Service;C:\apache2triad\pgsql\bin\pg_ctl.exe runservice -N PgSql -D C:\apache2triad\pgsql\data\ [ ]
S3 SlimFTPd;Apache2Triad SlimFTPd Server;C:\apache2triad\ftp\SlimFTPd.exe [2008-08-18 54272]
S3 XMail;Apache2Triad Xmail Service;C:\apache2triad\mail\bin\XMail.exe [2008-08-18 339968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - D:\resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - E:\resycled\boot.com e:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - F:\resycled\boot.com f:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 16:53:32
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


**************************************************************************
.
Celkový čas: 2008-10-25 16:57:35
ComboFix-quarantined-files.txt 2008-10-25 14:56:33
ComboFix2.txt 2008-10-25 13:36:49

Před spuštěním: Volných bajtů: 11 702 497 280
Po spuštění: Volných bajtů: 11,691,823,104

226 --- E O F --- 2008-08-23 07:41:13



--------------------------------------------------------------

A ty soubory:

Bez nálezu..
http://www.virustotal.com/cs/analisis/6 ... a8e29d4d80
http://www.virustotal.com/cs/analisis/0 ... 6f443586c3
http://www.virustotal.com/cs/analisis/4 ... 77bd26fefb
http://www.virustotal.com/cs/analisis/8 ... aeec999252

[jaro3]

Najdi a smaž celou složku: C:\SDfix
Najdi a smaž celou složku: C:\fixwareout
SDFix nedělej.
Ten CFScript jsi dělal ,je to tam pořád..

[Golfy]

jo dělal jsem ho, je to snad na konci napsaný ne?

Kód: Vybrat vše

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - D:\resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - E:\resycled\boot.com e:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - F:\resycled\boot.com f: