Nezobrazuje se ikona externího disku v hlavním panelu

[gomik]

Včem je problém...
Když zapojím do USB flash disk, nebo externí HDD, tak mi nevyskočí autorun (tuším, že se to "neděje" i při vložení CD). Taky se mi vpravo dole v liště nezobrazí ikona, že je připojeno velkokapacitní zařízení... to mne štve asi nejvíc, páč nemůžu zvolit možnost "bezpečně odebrat zařízení".
Autorun už nefunguje delší dobu, ta ikonka se semtam objeví (většinou po projetí ccleanerem) ale už nepomáhá ani ten...

info

log

dík za jakoukoliv radu

[stell]

zdravim
Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\Documents and Settings\Petra\Plocha\rncsys32.exe
C:\Documents and Settings\Petra\Nabídka Start\Programy\Po spuštění\rncsys32.lnk

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"WinampAgent"=-
"QuickTime Task"=-
"OpwareSE2"=-
"AdobeAAMUpdater-1.0"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
"RocketDock"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

:Commands 
[resethosts] 
[CreateRestorePoint] 
[emptytemp] 
[start explorer]
[Reboot]

[gomik]

Dík, večer sem hodím výsledek, teď jsem v práci a blbne mi PC doma.

[stell]

Ok, mas tam trojana, priamo v startupe, vytazuje ti CPU, a kdo vie,este co vsetko.

Takze potom vloz sem log, a potom spust combofix
ale log vloz tiez sem navod
PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

Autorun, by som neriesil, nakolko prave cez autorun.info, najcastejsie sa infikuje pocitac,.

[gomik]

Takže...
začal jsem s OTMoveIt3 by OldTimer a než to dojelo do konce, tak to vyhlásilo chybové hlášení:
"Acces violation at adress 004029E3 in module 'OTMexe'. Read of adress 0019B000.

po zmáčknutí OK jsem sice mohl zkopírovat text ze zeleného okna, ale vypla se mi celá plocha a nešlo pustit notepead, prostě nic...
po restartu už ikonu vpravo dole mám, autorun stále nejede a nespustil se mi rocket dock...
koukám podle návodu do C:\_OTM\MovedFiles, ale žádný log tam není...

čili combofix raději nespouštím...
co dál?

[stell]

Pravdepodobne niečo zle si spravil,
To ze sa ti plocha straca je v poriadku, to OTM, zabija explorer.
Teda bud Firewall chytil OTM.

Takze este raz restartuj pocitac, vypni Firewalla a este raz sprav script pre OTM. a uvidime.

[stell]

Aha,pockaj
autorun stále nejede a nespustil se mi rocket dock...

Autorun je vypnuty, vsak som ti pisal, ale ak chces tak potom to zapneme,
rocket docka>>som odstavil ja, nakolko to je program , a ma sa spustat rucne, z cez start, vsetky programy,

[gomik]

právě že nic s příponou .log tam není... ani v podadresářích

takže ještě raz bez firewallu, ok?

[stell]

ok, skus

[gomik]

tak tady je log, teď se odmlčím/oslava...
večer dokopu ten combofiz (asi je to teď na řadě, že?)
mimochodem blokoval to ten firewall



All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Documents and Settings\Petra\Plocha\rncsys32.exe not found.
File/Folder C:\Documents and Settings\Petra\Nabídka Start\Programy\Po spuštění\rncsys32.lnk not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OpwareSE2 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RocketDock not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTM Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 589020 bytes

User: Petra
->Temp folder emptied: 25301666 bytes
->Temporary Internet Files folder emptied: 273635944 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64007294 bytes
->Flash cache emptied: 1531487 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 2832840 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 93347440 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 39161164 bytes

Total Files Cleaned = 479,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 04212011_183510

Files moved on Reboot...
File C:\WINDOWS\temp\_avast_\Webshlock.txt not found!
C:\WINDOWS\temp\hlktmp moved successfully.

Registry entries deleted on Reboot...

[stell]

ok, potom sprav combofix, ak nie dnes tak zajtra.

[gomik]

takže... combofix vyplivl toto:

ComboFix 11-04-20.03 - Petra 21.04.2011 20:53:12.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3061.2499 [GMT 2:00]
Spuštěný z: c:\documents and settings\Petra\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\audiograbber\audiograbber.exe
c:\documents and settings\All Users\Data aplikací\hpeE7.dll
c:\documents and settings\Petra\WINDOWS
c:\windows\system32\UNWISE.EXE
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-21 do 2011-04-21 )))))))))))))))))))))))))))))))
.
.
2011-04-21 16:00 . 2011-04-21 16:00 -------- d-----w- C:\_OTM
2011-04-20 17:45 . 2011-04-20 17:45 -------- d-----w- C:\rsit
2011-04-12 02:58 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-05 16:28 . 2011-04-05 16:29 -------- d-----w- c:\program files\GPSBabel
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:42 . 2011-01-19 20:21 14208 ----a-w- c:\windows\system32\drivers\194A0611.bin
2011-03-07 05:33 . 2008-08-08 19:53 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36 . 2004-08-17 13:49 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53 . 2004-08-17 13:44 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 14:04 . 2010-08-15 06:59 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2009-06-05 21:44 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2009-06-05 21:44 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2009-06-05 21:44 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2009-06-05 21:44 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2009-06-05 21:44 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2009-06-05 21:44 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2009-06-05 21:44 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2009-06-05 21:44 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-22 23:08 . 2004-08-17 13:49 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:08 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 23:08 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 11:41 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2011-02-19 18:27 . 2009-01-25 14:49 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-02-17 13:18 . 2004-08-03 21:15 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-03 21:14 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:54 . 2010-08-13 17:44 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2004-08-17 13:48 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2004-08-17 13:49 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-17 13:49 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2004-08-17 13:49 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2004-08-17 13:49 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 20:40 . 2010-05-21 15:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2008-08-12 12:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2008-08-08 19:52 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-08-08 19:52 677888 ----a-w- c:\windows\system32\mstsc.exe
2008-08-30 19:37 . 2008-08-30 19:37 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"Svátky a výročí"="c:\program files\OKsoftware\Svátky a výročí\Vyroci.exe" [2003-03-28 881664]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ButtonMonitor"="c:\program files\IOI\IOI\ButtonMonitor.exe" [2007-01-30 53248]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Petra\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Obsah aplikace OneNote.onetoc2 [2008-8-17 3656]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"d:\\Eplan P8\\1.9.6\\BIN\\W3u.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.1.2009 16:49 721904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12.4.2011 4:58 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5.6.2009 23:44 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5.6.2009 23:44 19544]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [16.3.2011 18:08 21992]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.8.2010 11:38 92008]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [20.1.2011 20:38 27632]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [20.1.2011 21:01 90112]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [20.1.2011 20:40 13224]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [20.1.2011 21:01 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [20.1.2011 21:01 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [20.1.2011 21:01 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [20.1.2011 21:01 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [20.1.2011 21:01 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [20.1.2011 21:01 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [20.1.2011 21:02 109864]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 14:37 517096]
S3 XHASP;XHASP;c:\windows\system32\drivers\XHASP.sys [19.1.2011 21:58 259584]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-03-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-G-Petra.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-01-29 17:49]
.
2011-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\documents and settings\Petra\Data aplikací\Mozilla\Firefox\Profiles\c9tdyf5g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Pageshots Pro: jid0-2rURdEv0oBelly8OSpHSRMwx9OI@jetpack - c:\program files\Mozilla Firefox\extensions\jid0-2rURdEv0oBelly8OSpHSRMwx9OI@jetpack
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-21 20:59
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-04-21 21:02:39
ComboFix-quarantined-files.txt 2011-04-21 19:02
.
Před spuštěním: 3 926 228 992
Po spuštění: 3 878 154 240
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 360A828C1D5A378E8DE46ABA1548F241

[gomik]

jen tak mimochodem - proč jste vypl spay boot search and destroy?

[stell]

spybot, a jeho TEATIMER je minulost, akurat je dobry na to ze ak sa v tom nevyznas tak podrzi aj infikovane reg,kluce, doporucujem uplne odinstalovat.

Otestuj na WWW.virustotal.com
c:\windows\system32\drivers\194A0611.bin
link z testu vloz sem.

[gomik]

je to tohle?

AhnLab-V3 2011.04.22.00 2011.04.21 -
AntiVir 7.11.6.230 2011.04.21 -
Antiy-AVL 2.0.3.7 2011.04.21 -
Avast 4.8.1351.0 2011.04.21 -
Avast5 5.0.677.0 2011.04.21 -
AVG 10.0.0.1190 2011.04.21 -
BitDefender 7.2 2011.04.21 -
CAT-QuickHeal 11.00 2011.04.21 -
ClamAV 0.97.0.0 2011.04.21 -
Commtouch 5.3.2.6 2011.04.21 -
Comodo 8424 2011.04.21 -
DrWeb 5.0.2.03300 2011.04.21 -
eSafe 7.0.17.0 2011.04.20 -
eTrust-Vet 36.1.8283 2011.04.21 -
F-Prot 4.6.2.117 2011.04.21 -
F-Secure 9.0.16440.0 2011.04.21 -
Fortinet 4.2.257.0 2011.04.21 -
GData 22 2011.04.21 -
Ikarus T3.1.1.103.0 2011.04.21 -
Jiangmin 13.0.900 2011.04.21 -
K7AntiVirus 9.97.4451 2011.04.21 -
Kaspersky 7.0.0.125 2011.04.21 -
McAfee 5.400.0.1158 2011.04.21 -
McAfee-GW-Edition 2010.1D 2011.04.21 -
Microsoft 1.6802 2011.04.21 -
NOD32 6062 2011.04.21 -
Norman 6.07.07 2011.04.21 -
Panda 10.0.3.5 2011.04.21 -
PCTools 7.0.3.5 2011.04.21 -
Prevx 3.0 2011.04.21 -
Rising 23.54.03.06 2011.04.21 -
Sophos 4.64.0 2011.04.21 -
SUPERAntiSpyware 4.40.0.1006 2011.04.21 Rogue.Agent/Gen-Nullo[BIN]
Symantec 20101.3.2.89 2011.04.21 -
TheHacker 6.7.0.1.180 2011.04.21 -
TrendMicro 9.200.0.1012 2011.04.21 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.21 -
VBA32 3.12.16.0 2011.04.21 -
VIPRE 9078 2011.04.21 -
ViRobot 2011.4.21.4422 2011.04.21 -
VirusBuster 13.6.315.0 2011.04.21 -