VIRY.CZ

Smaže ho a hlásí, že byl infiltrovaný Win32/Tirauf.C Bohužel se to opakuje po každém restartu. Prosím o pomoc s odstraněním.
Díky Hledal jsem návod jak se ho zbavit, ale marně. Pravděpodobně zavlečen přes flash disk.

Zdravim a pekny den preji

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Tady je log:


############################## | UsbFix 7.014 | [Deletion]

User: Admin (Administrator) # MHLWS6 [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 12:25:07 | 02/08/2011
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Xeon(R) CPU W3503 @ 2.40GHz
CPU 2: Intel(R) Xeon(R) CPU W3503 @ 2.40GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512

Windows Firewall: Enabled
Antivirus: ESET NOD32 Antivirus 4.2 4.2 [Enabled | Updated]
RAM -> 3439 Mb
C:\ (%systemdrive%) -> Fixed drive # 40 Gb (25 Mb free - 62%) [] # NTFS
D:\ -> Fixed drive # 95 Gb (91 Mb free - 96%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 30 Gb (22 Mb free - 72%) [PATRIOT] # FAT32
X:\ -> Fixed drive # 14 Gb (4 Mb free - 26%) [HP_RECOVERY] # NTFS

################## | Files # Infected Folders |

Deleted ! C:\WINDOWS\system32\autorun.in
Deleted ! X:\Autorun.inf
Deleted ! C:\khw
Deleted ! D:\khw
Deleted ! F:\log.txt
Deleted ! X:\khw

################## | Registry |


################## | Mountpoints2 |


################## | Listing |

[07/02/2011 - 20:30:42 | D ] C:\9d49f2f63b0db7d9398d5bf4c83c
[07/02/2011 - 12:46:13 | RASH | 211] C:\boot.ini
[07/02/2011 - 20:30:42 | D ] C:\compaq
[27/05/2011 - 11:15:11 | D ] C:\Documents and Settings
[07/02/2011 - 20:30:48 | HD ] C:\hp
[07/02/2011 - 14:17:29 | A | 10116] C:\HPDIU.log
[07/02/2011 - 14:16:29 | A | 1768] C:\HPSIU.log
[07/02/2011 - 20:30:50 | D ] C:\I386
[07/02/2011 - 16:35:46 | RHD ] C:\MSOCache
[14/04/2008 - 10:00:00 | ASH | 47564] C:\ntdetect.com
[14/04/2008 - 10:00:00 | ASH | 250048] C:\ntldr
[02/08/2011 - 12:07:36 | D ] C:\NVIDIA
[02/08/2011 - 12:09:52 | ASH | 2145386496] C:\pagefile.sys
[02/08/2011 - 12:20:33 | RD ] C:\Program Files
[07/02/2011 - 12:48:09 | D ] C:\ProgramData
[02/08/2011 - 12:26:15 | SHD ] C:\RECYCLER
[02/08/2011 - 12:21:02 | D ] C:\rsit
[07/02/2011 - 20:30:41 | D ] C:\SWSETUP
[07/02/2011 - 12:56:05 | SHD ] C:\System Recovery
[07/02/2011 - 13:02:59 | SHD ] C:\System Volume Information
[07/02/2011 - 12:46:25 | HD ] C:\SYSTEM.SAV
[07/02/2011 - 14:40:31 | D ] C:\temp
[13/07/2011 - 07:25:25 | D ] C:\totalcmd
[02/08/2011 - 12:26:30 | D ] C:\UsbFix
[02/08/2011 - 12:26:31 | A | 1100] C:\UsbFix.txt
[07/02/2011 - 12:48:08 | D ] C:\Users
[04/03/2010 - 15:43:18 | A | 533276] C:\vcredist_x86.log
[04/03/2010 - 15:48:38 | D ] C:\VisionDiagnostics
[02/08/2011 - 12:10:34 | D ] C:\WINDOWS
[12/07/2011 - 18:01:36 | D ] D:\hlnt.RWE_N4G
[01/08/2011 - 18:22:35 | D ] D:\hlnt.RWE_N4G_pred_HotFix
[02/08/2011 - 12:26:15 | SHD ] D:\RECYCLER
[07/02/2011 - 16:06:05 | SHD ] D:\System Volume Information
[28/07/2011 - 12:46:25 | D ] D:\transfer
[11/07/2011 - 12:52:14 | D ] F:\COVOP
[11/07/2011 - 13:11:18 | D ] F:\DSTD
[11/07/2011 - 13:11:52 | D ] F:\FILGAS
[11/07/2011 - 13:18:28 | D ] F:\GC
[11/07/2011 - 13:18:50 | D ] F:\Install
[11/07/2011 - 13:18:50 | D ] F:\Miranda IM
[11/07/2011 - 13:18:58 | D ] F:\PKO
[11/07/2011 - 13:23:34 | D ] F:\PRS
[11/07/2011 - 13:26:34 | D ] F:\Přepeře
[11/07/2011 - 13:26:36 | D ] F:\Student
[11/07/2011 - 13:26:48 | D ] F:\TELEMAT
[11/07/2011 - 13:28:48 | D ] F:\TETA
[11/07/2011 - 13:36:20 | D ] F:\THM
[11/07/2011 - 13:50:38 | D ] F:\totalcmd
[11/07/2011 - 13:50:46 | D ] F:\UCOV
[11/07/2011 - 13:55:36 | D ] F:\VTL
[20/06/2011 - 15:45:20 | A | 276763] F:\Acknowledge.JPG
[11/07/2011 - 10:16:10 | A | 11774] F:\AcosCheck.zip
[20/12/2005 - 13:21:48 | A | 7113] F:\bo_dual.cfg
[16/06/2011 - 07:29:30 | A | 1376] F:\BOOTEX.LOG
[10/07/2009 - 09:56:38 | A | 951] F:\count_by_day.sql
[21/03/2011 - 16:57:28 | A | 832806] F:\cpu-z_1.57-32bits-en.zip
[17/02/2010 - 16:54:44 | A | 766666] F:\DB2's Command Line Processor and Scripting.mht
[19/11/2010 - 07:50:30 | A | 319466] F:\DbNoveTelemetrie_v111.xlsm
[26/02/2010 - 14:39:04 | A | 4427] F:\informace.txt.txt
[19/11/2010 - 07:50:46 | A | 515797] F:\JmpGasNew_2010.xlsm
[17/06/2011 - 15:10:24 | A | 28080028] F:\Kopie - PS.dat
[10/06/2011 - 09:29:56 | A | 2309426] F:\Kopie - Scan0007.jpg
[18/04/2011 - 10:58:36 | A | 9988560] F:\Kopie - Scan0007.tif
[07/06/2011 - 13:50:58 | A | 8412971] F:\Kopie - Scan0008.jpg
[07/06/2011 - 13:40:48 | A | 3096692] F:\Kopie - Scan0008.tif
[30/07/2010 - 15:34:14 | A | 1763767] F:\Kopie - schema_soustavy.dxf
[28/04/2011 - 10:45:14 | A | 22827] F:\MODHAN_8_11.LOG
[31/03/2011 - 17:19:30 | A | 1552490] F:\PODNIKATELSKY ZAMER.doc
[10/06/2011 - 09:29:56 | A | 2309426] F:\Scan0007.jpg
[07/04/2011 - 15:17:06 | A | 442927] F:\T1247417.pdf
[19/04/2011 - 14:44:18 | A | 1336726356] F:\TEST.ZIP
[16/11/2010 - 22:35:16 | A | 156] F:\WiFi_Key.txt
[21/07/2011 - 23:59:54 | A | 508908] F:\T1370074.pdf
[01/08/2011 - 18:05:28 | AD ] F:\mmi
[02/08/2011 - 10:51:28 | A | 99580760] F:\275.65-quadro-tesla-winxp-32bit-international-whql.exe
[02/08/2011 - 11:00:46 | A | 508306] F:\T1382968.pdf
[14/04/2008 - 15:45:26 | RASH | 651362] F:\bfblar.exe
[02/08/2011 - 12:21:04 | A | 781383] F:\RSIT.exe
[02/08/2011 - 12:21:08 | A | 10768] F:\info.txt
[02/07/2005 - 01:16:54 | ASH | 102] X:\Desktop.ini
[23/11/2004 - 05:28:00 | ASH | 8130] X:\Folder.htt
[07/02/2011 - 12:56:05 | A | 0] X:\FullImage.lst
[03/11/2005 - 20:29:50 | ASH | 0] X:\HP_RECOVERY
[07/02/2011 - 13:08:33 | RSHD ] X:\I386
[01/12/2004 - 01:01:00 | ASH | 73728] X:\Info.exe
[07/02/2011 - 12:46:26 | RSHD ] X:\ISOS
[07/02/2011 - 13:08:24 | ASH | 1144] X:\MASTER.LOG
[04/03/2010 - 15:53:29 | RSHD ] X:\minint
[29/08/2002 - 16:00:00 | ASH | 47580] X:\NTDETECT.COM
[13/05/2006 - 02:07:42 | ASH | 0] X:\NTFS
[29/08/2002 - 16:00:00 | ASH | 245920] X:\NTLDR
[07/02/2011 - 13:12:22 | AS | 0] X:\OSCDBoot.sys
[07/02/2011 - 13:12:22 | RSHD ] X:\PRELOAD
[10/09/2002 - 22:50:18 | ASH | 181651] X:\protect.ed
[04/03/2010 - 15:53:29 | RD ] X:\RECOVERY
[02/08/2011 - 12:26:15 | SHD ] X:\RECYCLER
[29/08/2002 - 16:00:00 | ASH | 245920] X:\STLDR
[07/02/2011 - 12:47:48 | RSHD ] X:\System Volume Information
[09/02/2002 - 05:44:00 | ASH | 88038] X:\Warning.bmp
[26/03/2005 - 02:00:00 | ASH | 10] X:\WIN51
[23/01/2001 - 07:00:00 | ASH | 11] X:\WIN51.B2
[26/07/2001 - 07:00:00 | ASH | 11] X:\WIN51.RC1
[26/07/2001 - 12:47:00 | ASH | 11] X:\WIN51.RC2
[26/03/2005 - 02:00:00 | ASH | 10] X:\WIN51IA
[26/03/2005 - 02:00:00 | ASH | 10] X:\WIN51IA.SP1
[19/08/2001 - 07:00:00 | ASH | 10] X:\WIN51IC
[21/03/2001 - 07:00:00 | ASH | 11] X:\WIN51IC.B2
[26/07/2001 - 07:00:00 | ASH | 11] X:\WIN51IC.RC1
[26/07/2001 - 07:00:00 | ASH | 11] X:\WIN51IC.RC2
[18/08/2001 - 07:00:00 | ASH | 10] X:\WIN51IP
[23/01/2001 - 07:00:00 | ASH | 11] X:\WIN51IP.B2
[26/07/2001 - 12:47:00 | ASH | 11] X:\WIN51IP.RC2
[18/08/2001 - 07:00:00 | ASH | 10] X:\WIN51IP.SP1
[18/08/2001 - 07:00:00 | ASH | 10] X:\WIN51IP2
[26/03/2005 - 02:00:00 | ASH | 167] X:\WINBOM.INI
[13/05/2006 - 02:07:42 | ASH | 0] X:\XGA

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
X:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_MHLWS6.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

Nechte flash disky zapojene

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Tady je log:


ComboFix 11-08-02.02 - Admin 02.08.2011 12:50:13.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.3439.2744 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin.SCADA\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\csrcs.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-02 do 2011-08-02 )))))))))))))))))))))))))))))))
.
.
2011-08-02 10:24 . 2011-08-02 10:26 -------- d-----w- C:\UsbFix
2011-08-02 10:20 . 2011-08-02 10:21 -------- d-----w- C:\rsit
2011-08-02 10:20 . 2011-08-02 10:20 -------- d-----w- c:\program files\trend micro
2011-08-02 10:08 . 2011-07-07 00:42 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-02 10:08 . 2011-08-02 10:08 278004 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-08-02 10:08 . 2011-08-02 10:08 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-08-02 10:08 . 2011-08-02 10:08 278004 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-08-02 10:08 . 2011-07-07 00:42 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll
2011-08-02 10:08 . 2011-07-07 00:42 876136 ----a-w- c:\windows\system32\nvgenco3220102.dll
2011-08-02 10:08 . 2011-07-07 00:42 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-02 10:08 . 2011-07-07 00:42 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-02 10:07 . 2011-08-02 10:07 -------- d-----w- C:\NVIDIA
2011-07-20 17:32 . 2011-07-20 17:32 -------- d-----w- c:\documents and settings\Admin.SCADA\Local Settings\Application Data\Microsoft Help
2011-07-13 05:25 . 2011-07-13 05:25 -------- d-----w- C:\totalcmd
2011-07-13 05:25 . 2010-04-07 05:55 545 ----a-w- c:\windows\UC.PIF
2011-07-13 05:25 . 2010-04-07 05:55 545 ----a-w- c:\windows\RAR.PIF
2011-07-13 05:25 . 2010-04-07 05:55 545 ----a-w- c:\windows\PKZIP.PIF
2011-07-13 05:25 . 2010-04-07 05:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-07-13 05:25 . 2010-04-07 05:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-07-13 05:25 . 2010-04-07 05:55 545 ----a-w- c:\windows\LHA.PIF
2011-07-13 05:25 . 2010-04-07 05:55 545 ----a-w- c:\windows\ARJ.PIF
2011-07-12 16:01 . 2010-08-24 18:58 104960 ----a-w- c:\windows\system32\HL-OdbcDrv.dll
2011-07-12 15:14 . 2011-07-12 15:14 -------- d-----w- c:\windows\SchCache
2011-07-11 11:58 . 2011-07-11 11:58 -------- d-----w- c:\program files\ESET
2011-07-11 11:58 . 2011-07-11 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 10:26 . 2011-08-02 10:26 12376 ----a-w- C:\UsbFix_Upload_Me_MHLWS6.zip
2011-07-07 00:42 . 2010-03-04 13:27 5332992 ----a-w- c:\windows\system32\nvcuda.dll
2011-07-07 00:42 . 2010-03-04 13:27 2808936 ----a-w- c:\windows\system32\nvcuvid.dll
2011-07-07 00:42 . 2010-03-04 13:27 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-07-07 00:42 . 2010-03-04 13:27 16072704 ----a-w- c:\windows\system32\nvoglnt.dll
2011-07-07 00:42 . 2010-03-04 13:27 4202112 ----a-w- c:\windows\system32\nv4_disp.dll
2011-07-07 00:42 . 2010-03-04 13:27 2330112 ----a-w- c:\windows\system32\nvapi.dll
2011-07-07 00:42 . 2010-03-04 13:27 12779904 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-07-07 00:42 . 2009-10-01 16:43 261632 ----a-w- c:\windows\system32\nvnt4cpl.dll
2011-07-07 00:42 . 2009-10-01 16:43 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-07-07 00:42 . 2009-10-01 16:43 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-07-07 00:42 . 2009-10-01 16:43 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-07-07 00:42 . 2009-10-01 16:43 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-07-07 00:42 . 2009-10-01 16:43 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-07-07 00:42 . 2009-10-01 16:43 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-07-07 00:42 . 2009-10-01 16:43 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-07-07 00:42 . 2009-10-01 16:43 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-07-07 00:42 . 2009-10-01 16:43 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-07-07 00:42 . 2009-10-01 16:43 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-07-07 00:42 . 2009-10-01 16:43 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-07-07 00:42 . 2009-10-01 16:43 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-07-07 00:42 . 2009-10-01 16:43 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-07-07 00:42 . 2009-10-01 16:43 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-07-07 00:42 . 2009-10-01 16:43 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-07-07 00:42 . 2009-10-01 16:43 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-07-07 00:42 . 2009-10-01 16:43 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-07-07 00:42 . 2009-10-01 16:43 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-07-07 00:42 . 2009-10-01 16:43 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-07-07 00:42 . 2009-10-01 16:43 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-07-07 00:42 . 2009-10-01 16:43 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-07-07 00:42 . 2009-10-01 16:43 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-07-07 00:42 . 2009-10-01 16:43 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-07-07 00:42 . 2009-10-01 16:43 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-07-07 00:42 . 2009-10-01 16:43 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-07-07 00:42 . 2009-10-01 16:43 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-07-07 00:42 . 2009-10-01 16:43 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-07-07 00:42 . 2009-10-01 16:43 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-07-07 00:42 . 2009-10-01 16:43 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-07-07 00:42 . 2009-10-01 16:43 154728 ----a-w- c:\windows\system32\nvsvc32.exe
2011-07-07 00:42 . 2009-10-01 16:43 145000 ----a-w- c:\windows\system32\nvcolor.exe
2011-07-07 00:42 . 2009-10-01 16:43 13897832 ----a-w- c:\windows\system32\nvcpl.dll
2011-07-07 00:42 . 2009-10-01 16:43 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-05-19 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"RTHDCPL"="RTHDCPL.EXE" [2009-07-29 18671104]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-07-07 13897832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-07-07 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP SkyRoom\\HP.SkyRoom.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP SkyRoom\\remote graphics receiver\\rgreceiver.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP SkyRoom\\remote graphics sender\\rgsender.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP SkyRoom\\remote graphics sender\\rgsender_gui.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\drivers\bxvbdx.sys [7.2.2011 14:35 453672]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21.12.2010 15:04 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21.12.2010 13:47 94872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12.1.2011 16:41 810144]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [18.4.2007 6:09 11032]
R3 Blfm;BASP Virtual Adapter;c:\windows\system32\drivers\baspxp32.sys [29.10.2008 1:39 89600]
R3 l2nd;Broadcom NetXtreme II BXND;c:\windows\system32\drivers\bxnd52x.sys [7.2.2011 14:34 66600]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [24.9.2008 3:01 114688]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [21.11.2009 0:10 124984]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4.3.2010 15:41 635416]
S2 rgsender;Remote Graphics Sender Service;c:\program files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [4.3.2010 15:51 379904]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4.3.2010 15:42 1684736]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [13.6.2009 20:13 1120752]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [4.3.2010 15:52 57344]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NVSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-05-19 01:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://10.235.203.22/odoku/analoge_io.html#ana_rw
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{7756E7E6-3CA2-4E0D-B051-8DE555B8038C}: NameServer = 10.235.203.11,10.235.203.12
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-02 12:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Celkový čas: 2011-08-02 12:52:26
ComboFix-quarantined-files.txt 2011-08-02 10:52
.
Před spuštěním: 26 680 737 792 bytes free
Po spuštění: 26 686 771 200 bytes free
.
- - End Of File - - C35FF36179CF278AB4FA2E93EA3D4C56

Jak se chova PC

Tak vypadá to, že je to v pořádku. Moc děkuji za pomoc. A poslední otázka co všechno teď můžu smazat popřípadě odinstalovat. Mám namysli pozůstatky po UsbFix a ComboFix? Ještě jednou díky

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

Znovu spusťte Usbfix a zvolte možnost Uninstall.

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Poprosim o novy log z RSIT a i log info.txt, bude umisten v c:\rsit