trojsky kon

[stanulka30]

Ako odstranim trojskeho kona z pc?
Dakujem!

// Téma přesunuto do sekce HijackThis
//mike007

[Reklama]

[mike007]

První co udělej je, že sem vlož log z programu HijackThis. Nějaký náš virobijce se ti na to podívá a poradí co dál.
Návod na HijackThis: http://www.pc-help.cz/viewtopic.php?f=70&t=5119

[stanulka30]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:10, on 13.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Acer\OrbiCam10\OrbiCam.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\A360\av360.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - C:\WINDOWS\system32\winconfig.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [197F68A42D8C97991BFB963C9CEE5B1F] C:\Program Files\A360\av360.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8367 bytes

[fredik]

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna, vypni rezidentní ochranu u antiviru/antispyware a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Pokud budeš vyzván k nainstalování Konzole pro zotavení tak zvol Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- Pak si rezidentní ochranu zapni zpět

[stanulka30]

ComboFix 09-02-12.03 - User 2009-02-13 12:03:03.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2046.1554 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090212-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\A360
c:\program files\A360\av360.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.

2009-02-13 10:41 . 2009-02-13 10:41 <DIR> d-------- c:\program files\Trend Micro
2009-02-12 20:27 . 2009-02-12 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-02-12 20:26 . 2009-02-12 20:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-02-12 20:25 . 2009-02-12 20:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-12 20:22 . 2009-02-12 20:22 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-12 19:24 . 2009-02-12 19:29 <DIR> d-------- c:\program files\Lavasoft
2009-02-12 19:07 . 2009-02-12 20:10 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-12 17:44 . 2009-02-12 17:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-02-12 17:07 . 2009-02-12 19:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-12 16:35 . 2009-02-12 16:35 298,496 --a------ c:\windows\system32\winconfig.dll
2009-02-10 18:31 . 2009-02-10 18:32 <DIR> d-------- c:\documents and settings\User\Application Data\U3
2009-02-08 13:15 . 2009-02-08 13:15 <DIR> d-------- c:\documents and settings\User\OngameNetwork
2009-02-08 13:14 . 2009-02-08 13:14 <DIR> d-------- c:\windows\Sun
2009-02-08 13:09 . 2009-02-08 13:09 <DIR> d-------- c:\program files\Java
2009-02-08 13:09 . 2009-02-08 13:09 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-08 13:09 . 2009-02-08 13:09 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-07 16:53 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-02-07 16:53 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-02-07 16:52 . 2008-04-13 19:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-02-07 16:52 . 2008-04-13 19:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-13 10:55 --------- d-----w c:\documents and settings\User\Application Data\Skype
2009-02-13 10:43 --------- d-----w c:\documents and settings\User\Application Data\skypePM
2009-01-16 17:15 --------- d-----w c:\documents and settings\User\Application Data\MSN6
2009-01-11 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\MSN6
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-18 22:30 --------- d-----w c:\documents and settings\User\Application Data\DivX
2008-12-18 18:11 --------- d-----w c:\program files\Opera
2008-12-17 15:22 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-17 15:22 --------- d-----w c:\program files\ViaVoiceTTS
2008-12-17 15:20 --------- d-----w c:\program files\Commercial Service
2008-12-17 11:55 --------- d-----w c:\program files\Nero
2008-12-17 11:55 --------- d-----w c:\program files\Common Files\Ahead
2008-12-17 11:55 --------- d-----w c:\documents and settings\User\Application Data\Ahead
2008-12-17 10:36 --------- d-----w c:\program files\iTunes
2008-12-17 10:36 --------- d-----w c:\program files\iPod
2008-12-17 10:36 --------- d-----w c:\program files\Common Files\Apple
2008-12-17 10:36 --------- d-----w c:\documents and settings\User\Application Data\Apple Computer
2008-12-17 10:36 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-17 10:36 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-17 10:35 --------- d-----w c:\program files\QuickTime
2008-12-17 10:35 --------- d-----w c:\program files\Bonjour
2008-12-17 10:34 --------- d-----w c:\program files\Apple Software Update
2008-12-17 10:34 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-12-17 10:13 --------- d-----w c:\documents and settings\User\Application Data\Windows Search
2008-12-17 10:00 --------- d-----w c:\program files\Mobility Manager
2008-12-17 09:33 --------- d-----w c:\documents and settings\User\Application Data\Windows Desktop Search
2008-12-17 09:32 --------- d-----w c:\program files\Windows Desktop Search
2008-12-17 09:13 --------- d--h--w c:\program files\Zero G Registry
2008-12-17 08:57 --------- d-----w c:\program files\Skype
2008-12-17 08:57 --------- d-----w c:\program files\Common Files\Skype
2008-12-17 08:57 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-17 08:08 --------- d-----w c:\program files\MSXML 4.0
2008-12-16 14:52 --------- d-----w c:\program files\Microsoft Works
2008-12-16 14:52 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-16 14:41 --------- d-----w c:\program files\Common Files\Logitech
2008-12-16 14:40 --------- d-----w c:\program files\Common Files\Acer
2008-12-16 14:40 --------- d-----w c:\program files\Acer
2008-12-16 14:20 --------- d-----w c:\program files\WIDCOMM
2008-12-16 14:19 --------- d-----w c:\program files\CyberLink
2008-12-16 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-12-16 14:18 --------- d-----w c:\program files\CONEXANT
2008-12-16 14:09 --------- d-----w c:\program files\Realtek
2008-12-16 13:59 --------- d-----w c:\documents and settings\User\Application Data\Acer
2008-12-16 13:52 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-16 13:51 --------- d-----w c:\program files\DivX
2008-12-16 13:46 --------- d-----w c:\program files\Gabest
2008-12-16 13:43 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-12-16 13:42 --------- d-----w c:\program files\Common Files\Adobe
2008-12-16 13:38 --------- d-----w c:\program files\Alwil Software
2008-12-16 12:58 --------- d-----w c:\program files\Intel
2008-12-16 12:31 --------- d-----w c:\program files\microsoft frontpage
2008-12-16 12:30 558,142 ----a-w c:\windows\java\Packages\2U0OTBVP.ZIP
2008-12-16 12:30 155,995 ----a-w c:\windows\java\Packages\PF5JBLZT.ZIP
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:47 129,784 ------w c:\windows\system32\pxafs.dll
2008-11-21 21:47 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-11-21 21:47 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}]
2009-02-12 16:35 298496 --a------ c:\windows\system32\winconfig.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-21 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-21 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"AcerOrbicamRibbon"="c:\program files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 754712]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" [2006-07-21 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-08-16 c:\windows\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 618557]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-12 20560]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2008-12-16 847392]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2002-08-29 69120]
S3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\DRIVERS\LtkUSB.sys --> c:\windows\system32\DRIVERS\LtkUSB.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3877d73a-f74b-11dd-8edb-0018de269146}]
\Shell\AutoRun\command - G:\f.exe
\Shell\explore\Command - G:\f.exe
\Shell\open\Command - G:\f.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-02-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-197F68A42D8C97991BFB963C9CEE5B1F - c:\program files\A360\av360.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\zjcpysn3.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 12:04:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-13 12:05:32
ComboFix-quarantined-files.txt 2009-02-13 11:05:30

Pre-Run: 57 813 471 232 bytes free
Post-Run: 8 adresárov, 58,030,108,672 voľných bajtov

195 --- E O F --- 2009-02-11 22:56:20

[stanulka30]

mohol sa mi trojsky kon a virus dostat no mojho compu z druheho tym, ze som pouzila sd pamatovu kartu z fotoaparatu z jedneho nainfikovaneho pc do druheho? aj ked mi tam zostali fotky na karte, nedali sa mi vsetky pozriet vo fotoaparate, ale ked som kartu znova vlozila do notebooku, vsetky fotky tam boli...
da sa nejako ta karta vycistit? taktiez usb kluc?

[fredik]

Promiň za zpožděnou odpověď.

Pod jakými písmeny se ti zobrazují když připojíš do PC USB klíč a kartu?
Vzhledem k tomu, že jsi tam měla i malware, který šíří přes výměnná zařízení a využívá k tomu zapnutý autorun, tak ano, za předpokladu že ten dotyčný komp byl nakažený.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Preventivně na USB klíč použij toto:
Stáhni tento program: Flash Disinfector (by sUBs)
- připoj k Pc ten USB klíč
- Spusť Flash Disinfector a počkej až tě program bude informovat o ukončení své činnosti.
- po té můžeš výměnné zařízení odpojit.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\system32\winconfig.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3877d73a-f74b-11dd-8edb-0018de269146}]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna a vypni opět po dobu běhu ComboFixu rezidentní ochranu.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť

- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Jdi přes Start -> Spustit... a napiš/zkopíruj do okna tento příkaz označený modře
cmd /c Find /i /n "Java" "%systemdrive%\Qoobox\Add-Remove Programs.txt">>Jlog.txt&Jlog.txt&del Jlog.txt
a dej Ok.
Vlož sem pak obsah souboru, který se ti zobrazí.