VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Autorun.inf

https://forum.viry.cz:443/viewtopic.php?t=131184

Stránka 1 z 1

Autorun.inf

Napsal: 30 čer 2013 14:58
od Paulii
Zdravím

přes program USBFix by El Desaparecido & C_XX jsem dal scan mp3 a našlo mi to infikovaný soubor Autorun.inf ... na YouTube jsem našel toto video http://www.youtube.com/watch?v=Fozj3hGzdrc

Dá se použít tento ?? nebo mi prosím napište jak na to . Moc děkuji :thumbsup:

:arrow: posílám log

############################## | UsbFix V 7.127 | [Research]

User: Sedm (Administrator) # SEDM-PC
Updated 05/06/2013 by El Desaparecido
Started at 15:37:55 | 30/06/2013

Website: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: System manufacturer (System Product Name) (x64-based PC)
CPU: AMD FX(tm)-4100 Quad-Core Processor (3600)
RAM -> [Total : 6126 | Free : 4432]
BIOS: BIOS Date: 02/15/12 11:10:54 Ver: 09.01
BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16618

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 931 Gb (866 Mb free - 93%) [] # NTFS
D:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 8 Gb (477 Mb free - 6%) [ENERGY 75] # FAT32

################## | Active Processes |

C:\Windows\system32\csrss.exe (528)
C:\Windows\system32\wininit.exe (592)
C:\Windows\system32\csrss.exe (612)
C:\Windows\system32\winlogon.exe (660)
C:\Windows\system32\services.exe (704)
C:\Windows\system32\lsass.exe (720)
C:\Windows\system32\lsm.exe (728)
C:\Windows\system32\svchost.exe (836)
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (908)
C:\Windows\system32\nvvsvc.exe (928)
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (952)
C:\Windows\system32\svchost.exe (1004)
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (380)
C:\Windows\system32\svchost.exe (412)
C:\Windows\System32\svchost.exe (1064)
C:\Windows\System32\svchost.exe (1096)
C:\Windows\system32\svchost.exe (1140)
C:\Windows\system32\svchost.exe (1172)
C:\Windows\system32\svchost.exe (1260)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1480)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1532)
C:\Windows\system32\nvvsvc.exe (1540)
C:\Windows\System32\spoolsv.exe (1736)
C:\Windows\system32\svchost.exe (1788)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1956)
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (1980)
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe (2000)
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (2008)
C:\Windows\system32\conhost.exe (2016)
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe (1136)
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (1408)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2160)
C:\Windows\system32\svchost.exe (2824)
C:\Windows\System32\WUDFHost.exe (2856)
C:\Windows\system32\svchost.exe (2628)
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (3184)
C:\Windows\system32\taskhost.exe (3564)
C:\Windows\system32\Dwm.exe (3640)
C:\Windows\system32\taskeng.exe (3712)
C:\Windows\Explorer.EXE (3748)
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (368)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1832)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (1420)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (2104)
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (3076)
C:\Windows\system32\SearchIndexer.exe (2392)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (1528)
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe (2744)
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (3504)
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe (3524)
C:\Program Files\Windows Media Player\wmpnetwk.exe (2084)
C:\Windows\System32\svchost.exe (4612)
C:\Windows\SysWOW64\WinMsgBalloonServer.exe (4648)
C:\Windows\SysWOW64\WinMsgBalloonClient.exe (4760)
C:\Program Files\COMODO\COMODO Internet Security\cis.exe (4904)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1584)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4684)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4116)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3508)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2580)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3600)
C:\Windows\system32\wbem\wmiprvse.exe (1712)
C:\UsbFix\Go.exe (3500)
c:\program files\windows defender\MpCmdRun.exe (3908)
\\?\C:\Windows\system32\wbem\WMIADAP.EXE (4388)
C:\Windows\system32\wbem\wmiprvse.exe (4784)

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [Cpu Level Up help] - "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [gbrspcontrol] - "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Cpu Level Up help] - "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [gbrspcontrol] - "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2282262245-2118025531-1439039808-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-2282262245-2118025531-1439039808-1001\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-2282262245-2118025531-1439039808-1001\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Files # Infected Folders |

Found ! G:\AUTORUN.INF

################## | Registry |


################## | Mountpoints2 |



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F | http://sosvirus.org |

Re: Autorun.inf

Napsal: 30 čer 2013 15:41
od vyosek
Zdravim :)

:arrow: Zapojte vsechny USB flash disky a i tu MP3

:arrow: Spustte znovu USBFix a zvolte moznost Deletion - log pak opet sem

Re: Autorun.inf

Napsal: 30 čer 2013 16:52
od Paulii
ahoj :)

děkuji za pomoc

:arrow: tady je nový log

############################## | UsbFix V 7.127 | [Deletion]

User: Sedm (Administrator) # SEDM-PC
Updated 05/06/2013 by El Desaparecido
Started at 17:44:27 | 30/06/2013

Website: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: System manufacturer (System Product Name) (x64-based PC)
CPU: AMD FX(tm)-4100 Quad-Core Processor (3600)
RAM -> [Total : 6126 | Free : 4187]
BIOS: BIOS Date: 02/15/12 11:10:54 Ver: 09.01
BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 10.0.9200.16618

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 931 Gb (866 Mb free - 93%) [] # NTFS
D:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 8 Gb (477 Mb free - 6%) [ENERGY 75] # FAT32
I:\ -> Removable drive # 996 Mb (743 Mb free - 75%) [PAUL FLASH] # FAT
J:\ -> Removable drive # 984 Mb (39 Mb free - 4%) [PRAC FLASH] # FAT

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [Cpu Level Up help] - "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | Run : [gbrspcontrol] - "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE\wow6432Node | Run : [Cpu Level Up help] - "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE\wow6432Node | Run : [gbrspcontrol] - "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2282262245-2118025531-1439039808-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-2282262245-2118025531-1439039808-1001\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-2282262245-2118025531-1439039808-1001\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Stopped processes |

Stopped! C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (908)
Stopped! C:\Windows\system32\nvvsvc.exe (928)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (952)
Stopped! C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (380)
Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1480)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1532)
Stopped! C:\Windows\system32\nvvsvc.exe (1540)
Stopped! C:\Windows\System32\spoolsv.exe (1736)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1956)
Stopped! C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (1980)
Stopped! C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe (2000)
Stopped! C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (2008)
Stopped! C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe (1136)
Stopped! C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (1408)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2160)
Stopped! C:\Windows\System32\WUDFHost.exe (2856)
Stopped! C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (3184)
Stopped! C:\Windows\system32\taskhost.exe (3564)
Stopped! C:\Windows\system32\taskeng.exe (3712)
Stopped! C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (368)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1832)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (1420)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (2104)
Stopped! C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (3076)
Stopped! C:\Windows\system32\SearchIndexer.exe (2392)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (1528)
Stopped! C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe (2744)
Stopped! C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe (3524)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (2084)
Stopped! C:\Program Files\COMODO\COMODO Internet Security\cis.exe (4904)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1584)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4684)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4116)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2580)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3600)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (208)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5916)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4400)
Stopped! C:\Program Files (x86)\SpeedFan\speedfan.exe (800)

################## | Files # Infected Folders |


(!) Temporary files deleted.

################## | Registry |


################## | Mountpoints2 |


################## | Listing |

[07/06/2013 - 22:16:56 | SHD ] C:\$Recycle.Bin
[08/06/2013 - 01:13:45 | D ] C:\0652823b13a22ca2292511bf23590a
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[07/06/2013 - 23:32:18 | D ] C:\Games
[30/06/2013 - 15:22:24 | ASH | 4817772544] C:\hiberfil.sys
[07/06/2013 - 23:14:41 | D ] C:\NVIDIA
[30/06/2013 - 15:22:28 | ASH | 6423699456] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[29/06/2013 - 16:27:16 | D ] C:\Program Files
[22/06/2013 - 14:08:13 | D ] C:\Program Files (x86)
[10/06/2013 - 21:53:40 | HD ] C:\ProgramData
[07/06/2013 - 22:16:44 | SHD ] C:\Recovery
[29/06/2013 - 16:31:12 | SHD ] C:\System Volume Information
[30/06/2013 - 17:47:25 | D ] C:\UsbFix
[30/06/2013 - 17:47:36 | A | 6630] C:\UsbFix [Clean 1] SEDM-PC.txt
[07/06/2013 - 22:36:40 | D ] C:\Users
[15/06/2013 - 11:49:50 | D ] C:\VTRoot
[29/06/2013 - 16:28:08 | D ] C:\Windows

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.org |

Re: Autorun.inf

Napsal: 30 čer 2013 23:13
od vyosek
Poprosim o log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

Re: Autorun.inf

Napsal: 01 črc 2013 15:54
od Paulii
Zdravím posílám RSIT log

:arrow: viz příloha

Re: Autorun.inf

Napsal: 02 črc 2013 06:28
od vyosek
Log vypada OK, je s PC nejaky problem??

Re: Autorun.inf

Napsal: 02 črc 2013 20:08
od Paulii
Dekuji za pomoc. pc vypada dobre :thumbsup:

Re: Autorun.inf

Napsal: 02 črc 2013 20:10
od vyosek
Tak jeste uklidime :James008:

:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|

Re: Autorun.inf

Napsal: 04 črc 2013 17:21
od Paulii
dle instrukcí vše uděláno :idea:

díky za pomoc :worship:

Re: Autorun.inf

Napsal: 05 črc 2013 10:47
od vyosek
Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat :lock:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz