vir na vsetkych externych zariadeniach, externe hardisky atd

[majcoo]

ahojte, mame doma 2 notebooky a jeden sotolovy pocitac, bojim sa ze budu zavirene vsetky pocitace v dome pretoze som ich asi zaviril jednym mojim externym diskom ktory ma vsebe virus ktoreho neviem presny nazov ale je tam len zlozka recycler a subor autorun, po troske citania som zistil ze to je velmi neprijemny virus, prosim poradte mi co mam robit, nechcem vas otravovat aby som vam posielal log z kazdeho pc a kazdeho externeho zariadenia, skusil by som to aj sam ak to neni moc zlozite. doteraz som ziadne velke problemy nemal ale po dvoch neuspesnych pokusoch o vyliecenie pc podla navodov z youtubu to vzdavam,

[cernohous13]

Zdravím,

všechny tři PC jsou sesíťované? - mají společné sdílené priečinky?

[majcoo]

ano vsetky pc su v domacej sieti a maju zdielane priecinky, idem sa do toho pustit

[cernohous13]

po celou dobu čištění budou odpojeny od internetu oba NTB!

na stolním PC zahájíme

Zapoj do PC všechny USB klíče (flashky, ext. disky apod.)

• Stáhni a ulož na plochu UsbFix zde http://riffman.ic.cz/files/UsbFix.exe - návod zde: http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spusť a klikni na Deletion
• Po dokončení sem vlož log, pokud se sám neotevře, najdeš jej zde C:\UsbFix.txt

[majcoo]

############################## | UsbFix 7.014 | [Deletion]

User: majco (Administrator) # MAJCO-PC [Gigabyte Technology Co., Ltd. G31M-ES2L]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 17:14:35 | 01/11/2011
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Pentium(R) D CPU 3.00GHz
CPU 2: Intel(R) Pentium(R) D CPU 3.00GHz
Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 8.0.7601.17514

Windows Firewall: Disabled /!\
RAM -> 4094 Mb
C:\ (%systemdrive%) -> Fixed drive # 233 Gb (24 Mb free - 10%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Removable drive # 2 Gb (2 Mb free - 98%) [ZEDOLS] # FAT32
G:\ -> Fixed drive # 466 Gb (292 Mb free - 63%) [] # NTFS
H:\ -> Fixed drive # 931 Gb (521 Mb free - 56%) [HITACHI] # FAT32
I:\ -> Removable drive # 7 Gb (6 Mb free - 81%) [] # FAT32
J:\ -> Removable drive # 482 Mb (470 Mb free - 98%) [] # FAT

################## | Files # Infected Folders |


################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Listing |

[01/11/2011 - 17:18:19 | SHD ] C:\$RECYCLE.BIN
[16/08/2011 - 11:17:49 | D ] C:\amojee
[31/10/2011 - 23:31:30 | A | 15008] C:\ComboFix.txt
[14/07/2009 - 05:08:56 | SHD ] C:\Documents and Settings
[11/09/2011 - 13:17:48 | D ] C:\Downloads
[28/10/2011 - 11:35:46 | D ] C:\film
[20/02/2011 - 17:45:06 | D ] C:\fotky
[01/11/2011 - 15:03:48 | ASH | 3220037632] C:\hiberfil.sys
[20/02/2011 - 15:34:35 | D ] C:\Intel
[17/10/2011 - 01:30:45 | AD ] C:\Kaspersky Rescue Disk 10.0
[06/10/2010 - 17:04:57 | RD ] C:\MSOCache
[13/06/2011 - 20:38:31 | D ] C:\NVIDIA
[10/02/2011 - 07:12:20 | D ] C:\octaCAM__MCAS_EMU_MCLIENT__10022011
[01/11/2011 - 15:03:51 | ASH | 4293386240] C:\pagefile.sys
[14/07/2009 - 03:20:08 | D ] C:\PerfLogs
[12/10/2011 - 14:40:10 | RD ] C:\Program Files
[31/10/2011 - 12:29:19 | RD ] C:\Program Files (x86)
[26/10/2011 - 20:18:50 | D ] C:\ProgramData
[31/10/2011 - 23:31:52 | AD ] C:\Qoobox
[04/10/2010 - 18:52:47 | D ] C:\Recovery
[01/11/2011 - 15:07:36 | SHD ] C:\System Volume Information
[20/02/2011 - 17:39:55 | D ] C:\totalcmd
[01/11/2011 - 17:18:19 | D ] C:\UsbFix
[01/11/2011 - 17:14:37 | A | 2532] C:\UsbFix.txt
[13/06/2011 - 20:46:49 | RD ] C:\Users
[31/10/2011 - 23:15:42 | D ] C:\Windows
[18/10/2011 - 16:35:40 | A | 1306027] F:\fotka(2).JPG
[18/10/2011 - 16:36:14 | A | 4791808] F:\fotka(3).JPG
[18/10/2011 - 16:36:52 | A | 4477952] F:\fotka(4).JPG
[18/10/2011 - 16:36:52 | A | 2085976] F:\fotka(5).JPG
[18/10/2011 - 16:37:08 | A | 4663808] F:\fotka(6).JPG
[18/10/2011 - 16:37:22 | A | 4747264] F:\fotka(7).JPG
[18/10/2011 - 16:37:42 | A | 4631552] F:\fotka(8).JPG
[18/10/2011 - 16:37:56 | A | 4844032] F:\fotka(9).JPG
[23/10/2011 - 16:15:40 | A | 4194304] F:\bak-201110221708.abs
[23/10/2011 - 16:20:12 | RD ] F:\ALIDVRS2
[27/10/2011 - 21:39:46 | N | 6160384] F:\test_write1.dvr
[27/10/2011 - 21:39:50 | N | 6160384] F:\test_write2.dvr
[01/11/2011 - 17:18:19 | SHD ] G:\$RECYCLE.BIN
[07/05/2010 - 00:17:52 | A | 1396513] G:\aesetup2.5.exe
[13/10/2011 - 11:09:54 | SHD ] G:\film
[26/10/2011 - 19:11:28 | A | 132597] G:\Flash_Disinfector.exe
[13/10/2011 - 10:26:06 | SHD ] G:\fotky
[12/10/2011 - 19:49:56 | SHD ] G:\hry
[16/10/2011 - 12:53:36 | SHD ] G:\programy
[16/10/2011 - 13:03:35 | SHD ] G:\programy 32
[17/10/2011 - 17:51:36 | HD ] G:\RECYCLER
[17/10/2011 - 17:51:01 | SHD ] G:\System Volume Information
[17/10/2011 - 17:51:37 | A | 0] G:\System Volume Information.lnk
[27/01/2011 - 15:08:08 | D ] H:\ALIDVRS2
[19/06/2011 - 16:24:34 | N | 6160384] H:\test_write1.dvr
[01/02/2010 - 23:57:34 | D ] H:\Get_Started_for_Mac.app
[26/06/2010 - 21:02:46 | SHD ] H:\System Volume Information
[18/12/2009 - 19:52:24 | A | 23663725] H:\Get_Started_for_Win.exe
[01/02/2010 - 22:55:20 | D ] H:\fscommand
[19/06/2011 - 16:24:34 | N | 6160384] H:\test_write2.dvr
[28/12/2010 - 16:34:52 | D ] H:\kuk
[28/12/2010 - 17:16:56 | SHD ] H:\$RECYCLE.BIN
[19/06/2011 - 16:27:32 | D ] H:\sub
[21/10/2010 - 16:05:36 | D ] H:\fotky
[10/04/2011 - 14:19:50 | D ] H:\Filmy
[29/06/2011 - 11:51:10 | D ] H:\DZURO
[11/09/2011 - 12:47:56 | D ] H:\kuk2
[17/10/2011 - 01:28:48 | D ] H:\RECYCLER
[01/10/2011 - 15:40:58 | D ] H:\jaja fotky hudba atd
[11/10/2011 - 14:15:54 | D ] H:\HUDBA
[22/09/2011 - 15:48:22 | A | 21267771] H:\FAC.Optibox.AnacondaHD.v2.09.49.ird
[20/10/2011 - 09:20:42 | D ] I:\2011 hudba
[27/10/2011 - 18:54:26 | A | 1039596579] I:\fuerteventura full HD 1080p.mp4
[22/10/2011 - 22:06:42 | RD ] J:\ALIDVRS2
[22/10/2011 - 22:06:44 | N | 6160384] J:\test_write1.dvr
[22/10/2011 - 22:06:48 | N | 6160384] J:\test_write2.dvr
[18/10/2011 - 20:51:54 | A | 196608] J:\PROGRAMY prerobene.fdu

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
J:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | E.O.F |

[cernohous13]

vidím tam C:\ComboFix.txt - zkopíruj mi ho

[majcoo]

hned to bude ale urobim novy scan, pretoze vcera ked som to skusal nemal som pripojene ziadne disky ani usb

[majcoo]

ComboFix 11-10-30.04 - majco 01/11/2011 17:35:25.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1051.18.4094.2727 [GMT 0:00]
Running from: c:\users\majco\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-10-01 to 2011-11-01 )))))))))))))))))))))))))))))))
.
.
2011-11-01 17:43 . 2011-11-01 17:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-01 17:43 . 2011-11-01 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-01 17:14 . 2011-11-01 17:18 -------- d-----w- C:\UsbFix
2011-11-01 15:07 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52A0A36A-A4A6-4B1D-86C9-4412E2C42C52}\mpengine.dll
2011-10-31 12:29 . 2011-10-31 12:30 -------- d-----w- c:\program files (x86)\Google
2011-10-31 12:29 . 2011-10-31 12:29 -------- d-----w- c:\users\majco\AppData\Local\Google
2011-10-26 20:18 . 2011-10-26 20:45 -------- d-----w- c:\program files (x86)\PC Tools Security
2011-10-26 20:16 . 2011-10-26 20:43 -------- d-----w- c:\programdata\PC Tools
2011-10-26 19:16 . 2011-10-26 20:41 -------- d-----w- c:\programdata\Autorun Eater
2011-10-26 00:04 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 00:04 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-24 14:29 . 2011-10-24 14:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29 . 2011-10-24 14:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-18 21:01 . 2011-10-18 21:04 -------- d-----w- c:\users\majco\P5JavaClientSettings
2011-10-16 22:43 . 2011-10-17 01:30 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-10-16 20:57 . 2011-10-23 16:03 -------- d-----w- c:\users\majco\AppData\Roaming\ScanSpyware
2011-10-12 22:39 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-12 14:40 . 2011-10-12 14:40 -------- d-----w- c:\program files\iPod
2011-10-12 14:40 . 2011-10-12 14:40 -------- d-----w- c:\program files\iTunes
2011-10-12 14:40 . 2011-10-12 14:40 -------- d-----w- c:\program files (x86)\iTunes
2011-10-12 14:36 . 2011-10-12 14:36 -------- d-----w- c:\program files\Bonjour
2011-10-12 14:36 . 2011-10-12 14:36 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-11 22:40 . 2011-02-10 07:12 -------- d-----w- C:\octaCAM__MCAS_EMU_MCLIENT__10022011
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-01 15:53 . 2011-04-21 14:23 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-11 09:34 . 2011-06-10 21:47 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-30 22:05 . 2011-08-30 22:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-19 10:25 . 2010-11-07 18:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-31_23.15.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-04 19:01 . 2011-11-01 17:46 41122 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-01 17:46 35724 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-10-04 18:55 . 2011-11-01 17:46 13462 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2411548226-1523620878-1926446401-1001_UserData.bin
- 2010-10-04 18:56 . 2011-10-31 23:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-04 18:56 . 2011-11-01 17:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-11-01 15:06 88528 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-10-04 18:56 . 2011-10-31 23:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-04 18:56 . 2011-11-01 17:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-04 18:56 . 2011-11-01 17:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-10-04 18:56 . 2011-10-31 23:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-04 18:56 . 2011-11-01 17:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-04 18:56 . 2011-10-31 23:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-04 18:56 . 2011-10-31 23:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-04 18:56 . 2011-11-01 17:47 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-31 23:01 . 2011-10-31 23:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-01 17:44 . 2011-11-01 17:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-01 17:44 . 2011-11-01 17:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-31 23:01 . 2011-10-31 23:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-11-01 17:12 628414 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-31 23:06 628414 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-01 17:12 110598 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-31 23:06 110598 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-10-31 22:59 391976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-11-01 17:43 391976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-03 21:05 . 2011-11-01 17:43 20877948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2411548226-1523620878-1926446401-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-03-01 119608]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"WD Spindown Utility"="c:\program files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe" [2004-08-09 278528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SPC520;Philips SPC520NC PC Camera;c:\windows\system32\drivers\SPC520.sys [x]
R3 SPC520m;Philips SPC520NC PC Cameram;c:\windows\system32\drivers\SPC520m.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-07-02 810144]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 mobiolavs;Mobiola Web Camera Video Source;c:\windows\system32\DRIVERS\mobiolavs.sys [x]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 12:29]
.
2011-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-31 12:29]
.
2011-10-31 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2011-08-04 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-12 05:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 2342800]
"vsyst32/t"="C:/amojee/Log.exe" [2010-06-28 180332]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-07-02 2903688]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download All by FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{D9A6D5B8-EB84-4C2D-9C34-D39DBE6A62CE}: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\majco\AppData\Roaming\Mozilla\Firefox\Profiles\rw66dig1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
.
**************************************************************************
.
Completion time: 2011-11-01 17:52:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-01 17:52
ComboFix2.txt 2011-10-31 23:31
.
Pre-Run: 25,385,959,424 bytes free
Post-Run: 24,968,196,096 bytes free
.
- - End Of File - - 2EBAA3ED892994453497C944E35BF4DB

[cernohous13]

Jak se vir projevuje, kdo a kde ho našel

Nový log z ComboFixu mi je málo platný nevím co tam bylo odstraněno při předchozím použití.
Ukaž mi ComboFix2.txt

Klikni na https://www.virustotal.com/cs/
klik "Procházet" > do zadávacího pole "Název souboru" jen zkopíruj:

C:/amojee/Log.exe

"Send file" (pokud byl již testován, nech testovat znovu - Reanalyse)
Trpělivě vyčkej dokončení scanu dokud se neobjeví konečný výsledek např.0/41
Do fóra zkopíruj výsledný log. nebo odkaz z adresního řádku na stránku.
Pokud nebude nález stačí jen oznámit

[majcoo]

Antivirus Version Last Update Result
AhnLab-V3 2011.11.01.00 2011.11.01 -
AntiVir 7.11.16.234 2011.11.01 -
Antiy-AVL 2.0.3.7 2011.11.01 -
Avast 6.0.1289.0 2011.11.01 Win32:PUP-gen [PUP]
AVG 10.0.0.1190 2011.11.01 -
BitDefender 7.2 2011.11.01 -
ByteHero 1.0.0.1 2011.09.23 -
CAT-QuickHeal 11.00 2011.11.01 -
ClamAV 0.97.3.0 2011.11.01 -
Commtouch 5.3.2.6 2011.11.01 -
Comodo 10631 2011.11.01 -
DrWeb 5.0.2.03300 2011.11.01 -
Emsisoft 5.1.0.11 2011.11.01 -
eSafe 7.0.17.0 2011.10.30 -
eTrust-Vet 36.1.8651 2011.11.01 -
F-Prot 4.6.5.141 2011.11.01 -
F-Secure 9.0.16440.0 2011.11.01 -
Fortinet 4.3.370.0 2011.11.01 -
GData 22 2011.11.01 -
Ikarus T3.1.1.107.0 2011.11.01 -
Jiangmin 13.0.900 2011.11.01 -
K7AntiVirus 9.116.5371 2011.11.01 -
Kaspersky 9.0.0.837 2011.11.01 -
McAfee 5.400.0.1158 2011.11.01 -
McAfee-GW-Edition 2010.1D 2011.11.01 -
Microsoft 1.7801 2011.11.01 MonitoringTool:Win32/ArcSpy
NOD32 6593 2011.11.01 -
nProtect 2011-11-01.01 2011.11.01 -
Panda 10.0.3.5 2011.11.01 -
PCTools 8.0.0.5 2011.11.01 -
Prevx 3.0 2011.11.01 -
Rising 23.82.01.02 2011.11.01 -
Sophos 4.70.0 2011.11.01 -
SUPERAntiSpyware 4.40.0.1006 2011.11.01 -
Symantec 20111.2.0.82 2011.11.01 WS.Reputation.1
TheHacker 6.7.0.1.336 2011.10.31 -
TrendMicro 9.500.0.1008 2011.11.01 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.01 -
VBA32 3.12.16.4 2011.10.25 -
VIPRE 10937 2011.11.01 -
ViRobot 2011.11.1.4749 2011.11.01 -
VirusBuster 14.1.40.1 2011.11.01 -
Additional information
MD5 : 39df245716cbbc468f0df2198b7d6fa2
SHA1 : ecdaa776e67e05c7536dfdf539ab83712125b288
SHA256: 6770713ac4566984c60c2c3dda72cbc57368aa0f142bd47d57bc210b77f1947f
ssdeep: 1536:72hbZLDdqhefVdxGPNYpp/UiPvOjy9isijAf3hFfeoRwMs:7MbZLp9xWWXJPv/isOAZFfe
oRg
File size : 180332 bytes
First seen: 2010-07-01 23:25:24
Last seen : 2011-11-01 19:17:27
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: InstallShield 2000
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x39E0
timedatestamp....: 0x4C28FEDD (Mon Jun 28 19:58:21 2010)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x22370, 0x23000, 3.61, 5f6c4f4f07dd35a53a2fe04766dc50dd
.rdata, 0x24000, 0x16CA, 0x2000, 3.95, 1a1bcadf332fee8f9d70be7174284a9e
.data, 0x26000, 0x311C, 0x2000, 0.76, 64cf37dcdcd32da63dfb3ab72fbdcf06
.idata, 0x2A000, 0xC76, 0x1000, 3.68, edc685bbce02c4b3bb10055e1f8aef97
.rsrc, 0x2B000, 0xC73, 0x1000, 1.67, c2dc955bae6dc6db6166adbaa4e95fe9
.reloc, 0x2C000, 0x112E, 0x2000, 3.90, b3f87abafd566b1ab4246372a574fbde

[[ 4 import(s) ]]
KERNEL32.dll: GetStringTypeA, MultiByteToWideChar, GetOEMCP, GetACP, GetCPInfo, SetFilePointer, ReadFile, CreateFileA, FlushFileBuffers, SetStdHandle, VirtualAlloc, GetStringTypeW, HeapAlloc, SetConsoleCtrlHandler, RtlUnwind, VirtualFree, HeapFree, HeapCreate, HeapDestroy, GetFileType, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, LCMapStringA, SetEndOfFile, GetCommandLineA, GetModuleHandleA, GlobalAlloc, HeapReAlloc, GlobalAddAtomA, GetStartupInfoA, GetVersion, ExitProcess, DebugBreak, GetStdHandle, WriteFile, InterlockedDecrement, OutputDebugStringA, GetProcAddress, LoadLibraryA, InterlockedIncrement, GetModuleFileNameA, IsBadWritePtr, IsBadReadPtr, HeapValidate, GetLastError, CloseHandle, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, LCMapStringW
USER32.dll: SetDlgItemTextA, GetDlgItem, GetWindowTextLengthA, GetDlgItemTextA, IsDlgButtonChecked, CreateDialogParamA, GetAsyncKeyState, GetKeyState, UnregisterClassA, DefWindowProcA, EndDialog, PostQuitMessage, FindWindowA, LoadIconA, RegisterClassExA, CreateWindowExA, MessageBoxA, RegisterHotKey, ShowWindow, UpdateWindow, CheckDlgButton, SetTimer, GetMessageA, TranslateMessage, DispatchMessageA
GDI32.dll: GetStockObject
ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegOpenKeyExA, RegQueryValueExA, RegDeleteValueA
ExifTool:
file metadata
CodeSize: 143360
EntryPoint: 0x39e0
FileSize: 176 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 40960
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2010:06:28 21:58:21+02:00
UninitializedDataSize: 0

[majcoo]

nemozem najst combofix2 asi to nove skenovanie prepisalo na novu analyzu, virus sa chova tak ze subory co su v externych zariadeniach zmizli ale pritom su tam len sa neda knim dostat, po skenovani usb fixu a combofixu som zistil ze sa mi zlozky v diskoch aj v usbckach vratili znovu su viditel;ne ale stale je tam aj podivny subor autorun a zlozka recycler

[cernohous13]

Otevři Poznámkový blok (Notepad) a vlož zelený text ze scriptu.

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vsyst32/t"=-

Soubor ulož jako -> oprava.reg - Uložit jako typ -> Všechny soubory
Zavři a dvojklikem na ikonu spusť - jen problikne a opraví registry - po akci jej smažeš.

RECYCLER je složka "Koš" -OK
autorun vytvořil USB Fix - je to blokace škodlivého autorun - OK

nic škodlivého tam už nevidím, ale ještě provedeme kontrolu - nech zapojená všechna USB zařízení

Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení a program nech spuštěný

[majcoo]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Verzia databázy: 8071

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

02/11/2011 20:07:34
mbam-log-2011-11-02 (20-07-26).txt

Typ kontroly: Úplná kontrola (C:\|F:\|H:\|I:\|J:\|)
Objektov kontrolovaných: 405609
Uplynutý èas: 1 hod, 5 min, 54 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registraèné k¾úèe: 0
Infikované registraèné hodnoty: 0
Infikované položky registraèných dát: 0
Infikované prieèinky: 0
Infikované súbory: 2

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registraèné k¾úèe:
(Škodlivé položky neboli zistené)

Infikované registraèné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registraèných dát:
(Škodlivé položky neboli zistené)

Infikované prieèinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\amojee\programy 32\ahead nero v6.6.0.8\Keygen.exe (Trojan.Agent) -> No action taken.
c:\amojee\programy 32\bsplayer.pro.v1.36.825.multilingual.winall.incl.keymaker-core\cr-bs136\CORE10k.EXE (Dont.Steal.Our.Software) -> No action taken.

[cernohous13]

Ty dva cracky můžeš smazat, nebo je alespoň zabal v RARu.

Jinak máš PC čisté. Jsou ještě nějaké problémy?

ComboFix odinstalujeme
jdi Start -> Spustit... a zkopíruj ComboFix /Uninstall (pozor, za x je mezera) -> OK

Stáhni a spusť T-cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe - uklidí po použitých čističích.
Po spuštění ignoruj případné varování antiviru - je to v pořádku
Po provedení akce T-cleaner smažeš

Stáhni TempFolderCleaner http://oldtimer.geekstogo.com/TFC.exe
Zavři všechny programy a spusť. Po ukončení akce bude PC restartován.
Pokud ne, restartuj sám.
(čistí Temp složky , nečistí URL, historii, prefetch ani cookies)

Vypni Obnovení systému -> restartuj -> zapni Obnovení systému http://www.viry.cz/forum/viewtopic.php?t=47040

Mohu doporučit kontrolu a vyčištění Ccleanerem

Stáhni Ccleaner - http://www.slunecnice.cz/sw/ccleaner/
Při instalaci vyhodit fajfku u "Instalovat Yahoo! Toolbar"

zavřít Internetový prohlížeč a
spustit "Čistič" > "Spustit Ccleaner" - odstraní nepotřebné
spustit "Registry" > "Hledej problémy" > "Opravit vybrané problémy"
souhlas se zálohou registrů - opakovat dokud nebudou registry čisté.

Návod:http://jnp.zive.cz/Clanky/Prirucka-do-k ... fault.aspx

Ten si můžeš nechat i na budoucí občasné čištění.