Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Počítač vytváří na discích autorun.inf

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
janycta
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 16 čer 2011 12:53

Počítač vytváří na discích autorun.inf

#1 Příspěvek od janycta »

Dobrý den,
bohužel jsem nedopatřením otevřela disk s virem a ten se zřejmě dostal do počítače. Teď kdykoliv vložím nějaký disk, ze všech složek se stanou zástupci + skryté složky, vytvoří se soubor autorun.inf a složka recycler, kde je vždy ještě nějaký soubor exe. I když disk naformátuju a znova vložím, stejně se to tam objeví znovu. Antivir (Avira) mi nějaké viry našel, ale nepomohlo to. UsbFix nenašel nic. Přikládám ještě RSIT log. Budu vděčná za jakoukoliv pomoc.
Díky. :)


Logfile of random's system information tool 1.08 (written by random/random)
Run by Jana at 2011-06-16 19:52:38
Microsoft Windows 7 Professional
System drive C: has 22 GB (14%) free of 153 GB
Total RAM: 1919 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:52:43, on 16.6.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Users\Jana\AppData\Local\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\Jana\AppData\Local\Mozilla Firefox\plugin-container.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jana\Desktop\RSIT.exe
C:\Program Files\trend micro\Jana.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O1 - Hosts: 77.93.197.182 exfort.org
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [2Gis Update Notifier] "C:\Program Files\2gis\3.0\2GISTrayNotifier.exe" -delayed_start
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RMClock] "C:\Program Files\RMClock\RMClockLauncher.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Qxscss] C:\Users\Jana\AppData\Roaming\Qxscss.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O8 - Extra context menu item: &Download with BitKinex - C:\Program Files\BitKinex\ieext_cp.htm
O8 - Extra context menu item: &Register in BitKinex - C:\Program Files\BitKinex\ieext_reg.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: 2GIS UpdateService (2GISUpdateService) - ??? ???????? - C:\Program Files\2gis\3.0\2GISUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BitKinex File Transfer Service (BitKinex) - Unknown owner - C:\Program Files\BitKinex\bitkinexsvc.exe
O23 - Service: Cerberus FTP Server - Cerberus, LLC - C:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8126 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2523703693-4012042572-3954051302-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2523703693-4012042572-3954051302-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Jana\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-05 1466368]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdcBase.exe [2007-05-31 648072]
"pdfSaver3"= []
"MMReminderService"=C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe []
"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2010-03-18 421888]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-11-10 281768]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 9734760]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"2Gis Update Notifier"=C:\Program Files\2gis\3.0\2GISTrayNotifier.exe [2011-05-31 4581208]
"KeePass 2 PreLoad"=C:\Program Files\KeePass Password Safe 2\KeePass.exe [2011-04-10 1733120]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"RMClock"=C:\Program Files\RMClock\RMClockLauncher.exe [2008-03-01 61440]
"Google Update"=C:\Users\Jana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-18 135664]
"eyeBeam SIP Client"= []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 354304]
"OEXPRESS"= []
"Qxscss"=C:\Users\Jana\AppData\Roaming\Qxscss.exe [2011-06-16 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutorunRemover.exe]
C:\Program Files\AutorunRemover\AutorunRemover.exe [2011-04-22 1806848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dexrex Extensions]
C:\Program Files\Dexrex\DexrexExtensions.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Users\Jana\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-02 3739648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\Users\Jana\swxkw.exe \u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Qxscss]
C:\Users\Jana\AppData\Roaming\Qxscss.exe [2011-06-16 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sxscsu]
G:\RECYCLER\0x9FDDC8D5.exe []

C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe
Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-06-16 19:41:14 ----D---- C:\Program Files\trend micro
2011-06-16 19:41:13 ----D---- C:\rsit
2011-06-16 19:12:01 ----D---- C:\Autorun.inf
2011-06-16 18:57:21 ----D---- C:\UsbFix
2011-06-16 18:35:01 ----A---- C:\Users\Jana\AppData\Roaming\Qxscss.exe
2011-06-16 16:49:54 ----A---- C:\Users\Jana\AppData\Roaming\A1C9.exe
2011-06-16 16:00:28 ----SHD---- C:\$RECYCLE.BIN
2011-06-16 15:57:54 ----A---- C:\Users\Jana\AppData\Roaming\A9FD.exe
2011-06-16 00:32:55 ----A---- C:\Users\Jana\AppData\Roaming\B284.tmp
2011-06-16 00:32:33 ----A---- C:\Users\Jana\AppData\Roaming\5AFB.exe
2011-06-15 15:50:33 ----D---- C:\ProgramData\Farm Frenzy
2011-06-15 15:49:59 ----D---- C:\ProgramData\AlawarWrapper
2011-06-15 15:49:38 ----D---- C:\Program Files\Alawar
2011-06-15 14:06:10 ----D---- C:\ProgramData\Kaspersky Lab
2011-06-15 12:54:38 ----A---- C:\Users\Jana\AppData\Roaming\66C5.exe
2011-06-15 12:50:30 ----D---- C:\Program Files\AutorunRemover
2011-06-11 13:19:11 ----D---- C:\Program Files\Common Files\Java
2011-06-11 13:18:45 ----A---- C:\Windows\system32\javaws.exe
2011-06-11 13:18:45 ----A---- C:\Windows\system32\javaw.exe
2011-06-11 13:18:45 ----A---- C:\Windows\system32\java.exe
2011-05-29 11:14:56 ----D---- C:\Users\Jana\AppData\Roaming\go
2011-05-29 11:14:53 ----D---- C:\ProgramData\Easybits GO
2011-05-19 05:05:02 ----A---- C:\Windows\system32\poqexec.exe

======List of files/folders modified in the last 1 months======

2011-06-16 19:48:06 ----D---- C:\Users\Jana\AppData\Roaming\Skype
2011-06-16 19:41:32 ----D---- C:\Windows\Prefetch
2011-06-16 19:41:14 ----RD---- C:\Program Files
2011-06-16 19:11:41 ----D---- C:\Program Files\PSPad editor
2011-06-16 18:46:24 ----D---- C:\Windows\system32\config
2011-06-16 18:36:18 ----D---- C:\Windows\system32\catroot
2011-06-16 18:36:17 ----D---- C:\Windows\system32\catroot2
2011-06-16 18:36:14 ----D---- C:\Windows\winsxs
2011-06-16 16:36:23 ----D---- C:\Users\Jana\AppData\Roaming\Dropbox
2011-06-16 16:34:44 ----D---- C:\Windows\Temp
2011-06-16 16:34:35 ----D---- C:\Windows
2011-06-16 14:33:41 ----SHD---- C:\System Volume Information
2011-06-16 11:16:39 ----D---- C:\Windows\system32\drivers
2011-06-15 15:50:33 ----HD---- C:\ProgramData
2011-06-15 12:55:35 ----D---- C:\Windows\System32
2011-06-15 12:55:34 ----D---- C:\Windows\inf
2011-06-15 12:55:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-15 01:46:02 ----D---- C:\ProgramData\Skype Extras
2011-06-13 14:16:41 ----SHD---- C:\Windows\Installer
2011-06-13 14:16:41 ----SHD---- C:\Config.Msi
2011-06-13 14:16:39 ----D---- C:\Windows\system32\Tasks
2011-06-11 13:39:17 ----D---- C:\Users\Jana\AppData\Roaming\vlc
2011-06-11 13:37:53 ----D---- C:\Users\Jana\AppData\Roaming\dvdcss
2011-06-11 13:19:11 ----D---- C:\Program Files\Common Files
2011-06-11 13:18:36 ----D---- C:\Program Files\Java
2011-06-11 12:45:13 ----D---- C:\Users\Jana\AppData\Roaming\KeePass
2011-06-11 12:44:02 ----D---- C:\Users\Jana\AppData\Roaming\Mozilla
2011-06-10 22:48:03 ----D---- C:\Users\Jana\AppData\Roaming\uTorrent
2011-05-29 10:53:59 ----D---- C:\Users\Jana\AppData\Roaming\skypePM
2011-05-27 16:36:21 ----D---- C:\Users\Jana\AppData\Roaming\gnupg
2011-05-20 13:38:16 ----D---- C:\Windows\system32\NDF
2011-05-18 18:37:33 ----D---- C:\Users\Jana\AppData\Roaming\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-24 691696]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-03-21 137656]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-11-24 61960]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet - adaptér; C:\Windows\system32\DRIVERS\l260x86.sys [2009-07-14 29184]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-02 4179968]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3197608]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 RTCore32;RTCore32; \??\C:\Program Files\RMClock\RTCore32.sys [2005-05-25 4608]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\Windows\System32\Drivers\StkCMini.sys [2007-06-06 1260672]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 axr4siv9;axr4siv9; C:\Windows\system32\drivers\axr4siv9.sys []
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-26 99728]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2009-10-07 32016]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123); C:\Windows\system32\drivers\WPRO_40_1123.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-03-21 269480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-02 720896]
S2 BitKinex;BitKinex File Transfer Service; C:\Program Files\BitKinex\bitkinexsvc.exe [2009-03-22 28160]
S2 Cerberus FTP Server;Cerberus FTP Server; C:\Program Files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [2010-05-04 4405568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 DirMngr;DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [2009-09-28 242176]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\Windows\System32\StkCSrv.exe [2007-04-19 24576]
S3 2GISUpdateService;2GIS UpdateService; C:\Program Files\2gis\3.0\2GISUpdateService.exe [2011-05-31 874328]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-14 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Počítač vytváří na discích autorun.inf

#2 Příspěvek od vyosek »

Zdravim a pekny den preji

:arrow: Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
janycta
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 16 čer 2011 12:53

Re: Počítač vytváří na discích autorun.inf

#3 Příspěvek od janycta »

Dobrý den,
děkuji moc za rychlou odpověď. Zde je log:



ComboFix 11-06-16.01 - Jana 17.06.2011 8:55.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1919.831 [GMT 7:00]
Spuštěný z: c:\users\Jana\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jana\AppData\Roaming\4974.exe
c:\users\Jana\AppData\Roaming\5AFB.exe
c:\users\Jana\AppData\Roaming\65A4.tmp
c:\users\Jana\AppData\Roaming\66C5.exe
c:\users\Jana\AppData\Roaming\7B5F.exe
c:\users\Jana\AppData\Roaming\A1C9.exe
c:\users\Jana\AppData\Roaming\A9FD.exe
c:\users\Jana\AppData\Roaming\ADEC.exe
c:\users\Jana\AppData\Roaming\B284.tmp
c:\users\Jana\AppData\Roaming\F861.exe
c:\users\Jana\AppData\Roaming\Qxscss.exe
c:\users\Jana\secupdat.dat
c:\users\Jana\videos\SubtitleToolCZ.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-17 do 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 02:15 . 2011-06-17 02:19 -------- d-----w- c:\users\Jana\AppData\Local\temp
2011-06-17 02:15 . 2011-06-17 02:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-16 20:06 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 20:06 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 20:06 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 12:41 . 2011-06-16 12:52 -------- d-----w- c:\program files\trend micro
2011-06-16 12:41 . 2011-06-16 12:42 -------- d-----w- C:\rsit
2011-06-16 11:57 . 2011-06-16 12:34 -------- d-----w- C:\UsbFix
2011-06-16 11:36 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 11:36 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 11:36 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 11:36 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 11:36 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 11:36 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 11:36 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 11:36 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 11:36 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 11:36 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 11:36 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 08:50 . 2011-06-15 08:53 -------- d-----w- c:\programdata\Farm Frenzy
2011-06-15 08:49 . 2011-06-15 08:50 -------- d-----w- c:\programdata\AlawarWrapper
2011-06-15 08:49 . 2011-06-16 08:59 -------- d-----w- c:\program files\Alawar
2011-06-15 07:06 . 2011-06-15 07:06 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-15 05:50 . 2011-06-15 05:50 -------- d-----w- c:\program files\AutorunRemover
2011-06-11 06:19 . 2011-06-11 06:19 -------- d-----w- c:\program files\Common Files\Java
2011-05-29 04:14 . 2011-06-16 12:17 -------- d-----w- c:\users\Jana\AppData\Roaming\go
2011-05-29 04:14 . 2011-06-16 14:26 -------- d-----w- c:\programdata\Easybits GO
2011-05-26 14:23 . 2011-05-27 04:20 -------- d-----w- c:\users\Jana\AppData\Local\Temporary Projects
2011-05-18 22:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 20:05 . 2011-02-16 09:59 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-06-16 20:03 . 2011-02-16 09:38 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-05-03 21:52 . 2010-05-09 16:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 06:13 . 2011-05-11 08:47 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 08:47 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-03-25 08:43 . 2011-03-25 08:43 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-25 08:43 . 2011-03-25 08:43 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-25 08:43 . 2011-03-25 08:43 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-25 08:43 . 2011-03-25 08:43 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-25 08:43 . 2011-03-25 08:43 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-25 08:43 . 2011-03-25 08:43 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-25 08:43 . 2011-03-25 08:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-25 08:43 . 2011-03-25 08:43 367104 ----a-w- c:\windows\system32\html.iec
2011-03-25 08:43 . 2011-03-25 08:43 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-25 08:43 . 2011-03-25 08:43 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-25 08:43 . 2011-03-25 08:43 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-25 08:43 . 2011-03-25 08:43 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-25 08:43 . 2011-03-25 08:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-25 08:43 . 2011-03-25 08:43 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-25 08:43 . 2011-03-25 08:43 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-25 08:43 . 2011-03-25 08:43 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-25 08:43 . 2011-03-25 08:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-25 08:43 . 2011-03-25 08:43 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-25 08:43 . 2011-03-25 08:43 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-25 08:42 . 2011-03-25 08:42 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-25 08:42 . 2011-03-25 08:42 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-03-25 08:42 . 2011-03-25 08:42 107520 ----a-w- c:\windows\system32\cdd.dll
2011-03-20 20:35 . 2010-06-30 23:26 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-26 04:11 . 2010-11-14 18:39 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2011-03-18 17:55 . 2011-04-11 06:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RMClock"="c:\program files\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-03-17 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 9734760]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"2Gis Update Notifier"="c:\program files\2gis\3.0\2GISTrayNotifier.exe" [2011-05-31 4581208]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-04-10 1733120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2009-10-3 12594352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\users\Jana\swxkw.exe \u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutorunRemover.exe]
2011-04-22 06:25 1806848 ----a-w- c:\program files\AutorunRemover\AutorunRemover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Jana\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2009-09-28 242176]
R3 2GISUpdateService;2GIS UpdateService;c:\program files\2gis\3.0\2GISUpdateService.exe [2011-05-31 874328]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2009-10-07 32016]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-24 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 BitKinex;BitKinex File Transfer Service;c:\program files\BitKinex\bitkinexsvc.exe DISPATCH [x]
S2 Cerberus FTP Server;Cerberus FTP Server;c:\program files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [2010-05-04 4405568]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet - adaptér;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-06-06 1260672]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2523703693-4012042572-3954051302-1001Core.job
- c:\users\Jana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-18 13:35]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2523703693-4012042572-3954051302-1001UA.job
- c:\users\Jana\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-18 13:35]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Download with BitKinex - c:\program files\BitKinex\ieext_cp.htm
IE: &Register in BitKinex - c:\program files\BitKinex\ieext_reg.htm
IE: &??????? ? Microsoft Excel - c:\progra~1\MIB0A5~1\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 109.123.155.180 109.123.144.7 109.123.174.207
FF - ProfilePath - c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\is8lc4su.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-eyeBeam SIP Client - (no file)
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-Qxscss - c:\users\Jana\AppData\Roaming\Qxscss.exe
HKLM-Run-pdfSaver3 - (no file)
HKLM-Run-MMReminderService - c:\program files\Mindjet\MindManager 6\MMReminderService.exe
MSConfigStartUp-Dexrex Extensions - c:\program files\Dexrex\DexrexExtensions.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-Qxscss - c:\users\Jana\AppData\Roaming\Qxscss.exe
MSConfigStartUp-Sxscsu - g:\recycler\0x9FDDC8D5.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1504)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\BitKinex\rubitkinexwe.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\BitKinex\bitkinexsvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Celkový čas: 2011-06-17 09:33:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-17 02:33
.
Před spuštěním: Volných bajtů: 15 397 990 400
Po spuštění: Volných bajtů: 16 791 711 744
.
- - End Of File - - EBB1C18C69D35CD76A93142A268888BC
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Počítač vytváří na discích autorun.inf

#4 Příspěvek od vyosek »

:arrow: Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
janycta
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 16 čer 2011 12:53

Re: Počítač vytváří na discích autorun.inf

#5 Příspěvek od janycta »

############################## | UsbFix 7.014 | [Deletion]

User: Jana (Administrator) # JANYCTA [ASUSTeK Computer Inc. F5R]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 19:21:22 | 17/06/2011
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Genuine Intel(R) CPU T2130 @ 1.86GHz
CPU 2: Genuine Intel(R) CPU T2130 @ 1.86GHz
Microsoft Windows 7 Professional (6.1.7600 32-Bit) #
Internet Explorer 9.0.8112.16421

Windows Firewall: Enabled
RAM -> 1919 Mb
C:\ (%systemdrive%) -> Fixed drive # 149 Gb (16 Mb free - 11%) [] # NTFS
D:\ -> CD-ROM
F:\ -> CD-ROM
H:\ -> Fixed drive # 596 Gb (195 Mb free - 33%) [Transcend] # NTFS
I:\ -> Removable drive # 964 Mb (964 Mb free - 100%) [] # FAT

################## | Files # Infected Folders |


################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Listing |

[17/06/2011 - 19:32:35 | SHD ] C:\$RECYCLE.BIN
[23/01/2011 - 17:02:05 | D ] C:\AMD
[11/06/2009 - 04:42:20 | A | 24] C:\autoexec.bat
[17/06/2011 - 10:31:57 | A | 18182] C:\ComboFix.txt
[17/06/2011 - 03:15:30 | D ] C:\Config.Msi
[11/06/2009 - 04:42:20 | A | 10] C:\config.sys
[23/10/2009 - 19:07:56 | D ] C:\cygwin
[14/07/2009 - 11:53:55 | SHD ] C:\Documents and Settings
[07/05/2010 - 06:05:34 | D ] C:\ftproot
[17/06/2011 - 09:40:18 | ASH | 1509351424] C:\hiberfil.sys
[23/01/2011 - 18:49:22 | RASH | 0] C:\IO.SYS
[09/12/2009 - 01:51:17 | A | 1060] C:\libSRTP_log.txt
[22/02/2011 - 00:43:02 | D ] C:\logs
[04/03/2010 - 01:09:43 | D ] C:\MinGW
[23/01/2011 - 18:49:22 | RASH | 0] C:\MSDOS.SYS
[29/12/2009 - 20:52:44 | RD ] C:\MSOCache
[04/03/2010 - 01:11:17 | D ] C:\msys
[07/10/2009 - 16:41:15 | D ] C:\MySQL
[07/10/2009 - 16:45:15 | D ] C:\MySQLDatafiles
[17/06/2011 - 09:40:21 | ASH | 2012471296] C:\pagefile.sys
[14/07/2009 - 09:37:05 | D ] C:\PerfLogs
[16/06/2011 - 19:41:14 | RD ] C:\Program Files
[15/06/2011 - 15:50:33 | D ] C:\ProgramData
[17/06/2011 - 10:32:09 | D ] C:\Qoobox
[03/10/2009 - 21:02:51 | D ] C:\Recovery
[16/06/2011 - 19:42:10 | D ] C:\rsit
[04/12/2009 - 21:44:17 | D ] C:\Sun
[23/01/2011 - 17:22:55 | D ] C:\SwSetup
[17/06/2011 - 03:00:41 | SHD ] C:\System Volume Information
[10/03/2011 - 22:13:15 | D ] C:\Temp
[15/11/2010 - 01:08:10 | D ] C:\tmp
[02/12/2010 - 02:29:22 | D ] C:\totalcmd
[17/06/2011 - 19:32:36 | D ] C:\UsbFix
[17/06/2011 - 19:21:22 | A | 2713] C:\UsbFix.txt
[31/08/2010 - 16:16:02 | RD ] C:\Users
[17/06/2011 - 10:32:05 | D ] C:\Windows
[17/06/2011 - 19:32:35 | D ] H:\$RECYCLE.BIN
[17/06/2011 - 18:58:46 | D ] H:\Altaj
[16/06/2011 - 10:09:58 | D ] H:\Films
[16/06/2011 - 10:10:14 | D ] H:\Martin
[16/06/2011 - 10:10:30 | D ] H:\Matthias
[16/06/2011 - 10:10:56 | D ] H:\Serials

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
I:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Počítač vytváří na discích autorun.inf

#6 Příspěvek od vyosek »

:arrow: Omlouvam se za zdrzeni, pracovni povinnosti :oops:

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

DDS::
uSearchAssistant = hxxp://search.qip.ru/ie

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2523703693-4012042572-3954051302-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2523703693-4012042572-3954051302-1001Core.job

Collect::
c:\users\Jana\swxkw.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"QuickTime Task"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"AdobeAAMUpdater-1.0"=-
"AdobeCS5ServiceManager"=-
"SwitchBoard"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
janycta
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 16 čer 2011 12:53

Re: Počítač vytváří na discích autorun.inf

#7 Příspěvek od janycta »

Dobrý den, nic se neděje. Zde je nový log:


ComboFix 11-06-17.04 - Jana 18.06.2011 11:07:03.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1919.821 [GMT 7:00]
Spuštěný z: c:\users\Jana\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jana\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2523703693-4012042572-3954051302-1001Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2523703693-4012042572-3954051302-1001UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2523703693-4012042572-3954051302-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2523703693-4012042572-3954051302-1001UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-05-18 do 2011-06-18 )))))))))))))))))))))))))))))))
.
.
2011-06-18 04:28 . 2011-06-18 04:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-17 02:42 . 2011-06-17 02:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 02:15 . 2011-06-18 04:32 -------- d-----w- c:\users\Jana\AppData\Local\temp
2011-06-16 20:06 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-16 20:06 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-16 20:06 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-16 12:41 . 2011-06-16 12:52 -------- d-----w- c:\program files\trend micro
2011-06-16 12:41 . 2011-06-16 12:42 -------- d-----w- C:\rsit
2011-06-16 11:57 . 2011-06-17 12:32 -------- d-----w- C:\UsbFix
2011-06-16 11:36 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 11:36 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 11:36 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 11:36 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 11:36 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 11:36 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-16 11:36 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 11:36 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 11:36 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 11:36 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 11:36 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 08:50 . 2011-06-15 08:53 -------- d-----w- c:\programdata\Farm Frenzy
2011-06-15 08:49 . 2011-06-15 08:50 -------- d-----w- c:\programdata\AlawarWrapper
2011-06-15 08:49 . 2011-06-16 08:59 -------- d-----w- c:\program files\Alawar
2011-06-15 07:06 . 2011-06-15 07:06 -------- d-----w- c:\programdata\Kaspersky Lab
2011-06-15 05:50 . 2011-06-15 05:50 -------- d-----w- c:\program files\AutorunRemover
2011-06-11 06:19 . 2011-06-11 06:19 -------- d-----w- c:\program files\Common Files\Java
2011-05-29 04:14 . 2011-06-18 03:29 -------- d-----w- c:\users\Jana\AppData\Roaming\go
2011-05-29 04:14 . 2011-06-18 03:49 -------- d-----w- c:\programdata\Easybits GO
2011-05-26 14:23 . 2011-05-27 04:20 -------- d-----w- c:\users\Jana\AppData\Local\Temporary Projects
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 20:05 . 2011-02-16 09:59 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2011-06-16 20:03 . 2011-02-16 09:38 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-05-03 21:52 . 2010-05-09 16:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 06:13 . 2011-05-11 08:47 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 08:47 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-18 22:05 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-03-25 08:43 . 2011-03-25 08:43 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-25 08:43 . 2011-03-25 08:43 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-25 08:43 . 2011-03-25 08:43 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-25 08:43 . 2011-03-25 08:43 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-25 08:43 . 2011-03-25 08:43 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-25 08:43 . 2011-03-25 08:43 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-25 08:43 . 2011-03-25 08:43 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-25 08:43 . 2011-03-25 08:43 367104 ----a-w- c:\windows\system32\html.iec
2011-03-25 08:43 . 2011-03-25 08:43 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-25 08:43 . 2011-03-25 08:43 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-25 08:43 . 2011-03-25 08:43 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-25 08:43 . 2011-03-25 08:43 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-25 08:43 . 2011-03-25 08:43 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-25 08:43 . 2011-03-25 08:43 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-25 08:43 . 2011-03-25 08:43 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-25 08:43 . 2011-03-25 08:43 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-25 08:43 . 2011-03-25 08:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-25 08:43 . 2011-03-25 08:43 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-25 08:43 . 2011-03-25 08:43 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-25 08:42 . 2011-03-25 08:42 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-25 08:42 . 2011-03-25 08:42 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-03-25 08:42 . 2011-03-25 08:42 107520 ----a-w- c:\windows\system32\cdd.dll
2011-03-20 20:35 . 2010-06-30 23:26 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-26 04:11 . 2010-11-14 18:39 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2011-03-18 17:55 . 2011-04-11 06:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 02:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"RMClock"="c:\program files\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2000-01-01 9734760]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"2Gis Update Notifier"="c:\program files\2gis\3.0\2GISTrayNotifier.exe" [2011-05-31 4581208]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-04-10 1733120]
.
c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jana\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-26 24176560]
Thunderbird.lnk - c:\program files\Mozilla Thunderbird\thunderbird.exe [2009-10-3 12594352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutorunRemover.exe]
2011-04-22 06:25 1806848 ----a-w- c:\program files\AutorunRemover\AutorunRemover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DirMngr;DirMngr;c:\program files\GNU\GnuPG\dirmngr.exe [2009-09-28 242176]
R3 2GISUpdateService;2GIS UpdateService;c:\program files\2gis\3.0\2GISUpdateService.exe [2011-05-31 874328]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2009-10-07 32016]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-23 1343400]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-24 691696]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 BitKinex;BitKinex File Transfer Service;c:\program files\BitKinex\bitkinexsvc.exe DISPATCH [x]
S2 Cerberus FTP Server;Cerberus FTP Server;c:\program files\Cerberus LLC\Cerberus FTP Server\CerberusGUI.exe [2010-05-04 4405568]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-04-19 24576]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet - adaptér;c:\windows\system32\DRIVERS\l260x86.sys [2009-07-13 29184]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-06-06 1260672]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://search.qip.ru/ie
IE: &Download with BitKinex - c:\program files\BitKinex\ieext_cp.htm
IE: &Register in BitKinex - c:\program files\BitKinex\ieext_reg.htm
IE: &??????? ? Microsoft Excel - c:\progra~1\MIB0A5~1\OFFICE11\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 109.123.155.180 109.123.144.7 109.123.174.207
FF - ProfilePath - c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\is8lc4su.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(2796)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\users\Jana\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\BitKinex\rubitkinexwe.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\BitKinex\bitkinexsvc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Celkový čas: 2011-06-18 11:46:26 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-06-18 04:46
ComboFix2.txt 2011-06-17 03:31
ComboFix3.txt 2011-06-17 02:33
.
Před spuštěním: Volných bajtů: 16 621 481 984
Po spuštění: Volných bajtů: 16 110 645 248
.
- - End Of File - - E0CE7F0DCCFE44CAF6DF1A42887F3AA6
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Počítač vytváří na discích autorun.inf

#8 Příspěvek od vyosek »

Jak se chova nas pacient :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
janycta
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 16 čer 2011 12:53

Re: Počítač vytváří na discích autorun.inf

#9 Příspěvek od janycta »

Tak teď už se žádné složky ani autorun.inf nevytváří když vložím disk. Myslíte, že už je všechno v pořádku? :)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Počítač vytváří na discích autorun.inf

#10 Příspěvek od vyosek »

Tak jeste uklidime :James008:

:arrow: Odinstalujte Combofix
  • Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
  • Napiste ComboFix /Uninstall
  • Stisknete Enter
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
¨ :arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za 14 dni

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :turned:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
janycta
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 16 čer 2011 12:53

Re: Počítač vytváří na discích autorun.inf

#11 Příspěvek od janycta »

Vypadá to, že snad všechno dobrý. Moc děkuju! :-)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Počítač vytváří na discích autorun.inf

#12 Příspěvek od vyosek »

Nemate zac, rado se stalo :) Pekny zbytek vecera a vikendu :turned:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“