XP Antispyware 2010

[jordanovka]

Dobrý den, do počítače jsem si zřejmě přes flash disk přenesla tento vir. Momentalně na mě neustále vyskakují různá okna upozorňující okna o infekci, blokuje mi to přístup k internetu. Mám zde dva prohlížeče Explorer a Mozilu, zprvu byly bloklé oba, ted z ničeho nic Mozila funguje, ale naslo mi to 26 infekci, a hlasí mí to různá výhružná upozornění o virech jako:
"Internet Explorer is infected with Trojan - BNK.Win32.Keylogger.gen"...
Můžete mi poradit, jak se tohoto problému zbavit?

Děkuji

[Caroprd111]

Zdravím

Vložte sem log z RSIT http://www.viry.cz/forum/viewtopic.php?f=30&t=82744

[jordanovka]

bohuzel se mi ta stranka nechce pri kliknuti na odkaz zobrazit, kde si muzu ten RSIT stahnout?

[Caroprd111]

http://images.malwareremoval.com/random/RSIT.exe

[jordanovka]

Pri kliknuti na tento odkaz mi to taky hlasi: Server nenalezen, lze pokracovat i bez tohoto logu?

[Caroprd111]

Zkuste RSIT stáhnout v nouzovém režimu.

[jordanovka]

Omlouvam se, ale jsem v tomto smeru uzivatel zacatecnik,jakym zpusobem uvedu PC do nouzoveho rezimu?a jak pokracovat pak?

[Caroprd111]

Restartujte PC a mačkejte F8, poté vyberte "Nouzový režim s prací v síti".

[jordanovka]

tak jsem stahla RSIT a tady je muj log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Štěpánka at 2010-03-15 16:50:44
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (7%) free of 20 GB
Total RAM: 895 MB (66% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At49.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At50.job
C:\WINDOWS\tasks\At51.job
C:\WINDOWS\tasks\At52.job
C:\WINDOWS\tasks\At53.job
C:\WINDOWS\tasks\At54.job
C:\WINDOWS\tasks\At55.job
C:\WINDOWS\tasks\At56.job
C:\WINDOWS\tasks\At57.job
C:\WINDOWS\tasks\At58.job
C:\WINDOWS\tasks\At59.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At60.job
C:\WINDOWS\tasks\At61.job
C:\WINDOWS\tasks\At62.job
C:\WINDOWS\tasks\At63.job
C:\WINDOWS\tasks\At64.job
C:\WINDOWS\tasks\At65.job
C:\WINDOWS\tasks\At66.job
C:\WINDOWS\tasks\At67.job
C:\WINDOWS\tasks\At68.job
C:\WINDOWS\tasks\At69.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At70.job
C:\WINDOWS\tasks\At71.job
C:\WINDOWS\tasks\At72.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"14290"=C:\DOCUME~1\TPNKA~1\LOCALS~1\Temp\igqjj.exe [2010-03-15 23040]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Microsoft Driver Setup"=C:\WINDOWS\cidrive32.exe [2010-03-15 131072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""=C:\WINDOWS\system32\OSK.exe [2004-08-17 216064]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

C:\Documents and Settings\Štěpánka\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="app_dll.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"=C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
qlolexpv.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Installation\Setupx.exe"="F:\Installation\Setupx.exe:*:Enabled:Nero ControlCenter"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe:*:Enabled:ArchiCAD 12.0.0 Component"
"C:\Program Files\WIBUKEY\Server\WkSvW32.exe"="C:\Program Files\WIBUKEY\Server\WkSvW32.exe:*:Enabled:WIBU-KEY Network Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\DOCUME~1\TPNKA~1\LOCALS~1\Temp\775.exe"="C:\DOCUME~1\TPNKA~1\LOCALS~1\Temp\775.exe:*:C:\WINDOWS\cidrive32.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c74f56c-a864-11de-8f55-0015f2ccdb2f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51aa1ee7-9fcf-11de-8f3d-0015f2ccdb2f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nIoqEz.eXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68241e76-faa6-11de-90eb-0015f2ccdb2f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6948402c-0f5b-11df-90fc-0015f2ccdb2f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ec0b99a-1a6c-11df-9105-0015f2ccdb2f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn


======File associations======

.exe - open - "C:\Documents and Settings\Štěpánka\Local Settings\Data aplikací\av.exe" /START "%1" %*
.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-15 16:50:45 ----D---- C:\Program Files\trend micro
2010-03-15 16:50:44 ----D---- C:\rsit
2010-03-15 16:48:10 ----A---- C:\WINDOWS\system32\pfxzmtymsg.dll
2010-03-15 16:48:10 ----A---- C:\WINDOWS\system32\pfxzmtwbmail.dll
2010-03-15 16:48:10 ----A---- C:\WINDOWS\system32\pfxzmtsmtspm.dll
2010-03-15 16:48:10 ----A---- C:\WINDOWS\system32\pfxzmtsmt.dll
2010-03-15 16:48:10 ----A---- C:\WINDOWS\system32\pfxzmticq.dll
2010-03-15 16:48:10 ----A---- C:\WINDOWS\system32\pfxzmtgtal.dll
2010-03-15 16:48:10 ----A---- C:\WINDOWS\system32\pfxzmtforum.dll
2010-03-15 16:48:10 ----A---- C:\WINDOWS\system32\pfxzmtaim.dll
2010-03-15 16:47:44 ----A---- C:\WINDOWS\system32\sporder.dll
2010-03-15 16:47:44 ----A---- C:\WINDOWS\system32\rsvp32_2.dll
2010-03-15 16:46:20 ----D---- C:\WINDOWS\CSC
2010-03-15 16:46:09 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-15 14:28:05 ----RSH---- C:\WINDOWS\cidrive32.exe
2010-03-15 14:15:13 ----A---- C:\WINDOWS\system32\regedit.exe
2010-03-15 11:56:24 ----A---- C:\WINDOWS\system32\app_dll.dll
2010-03-15 11:53:22 ----A---- C:\lsass.exe
2010-02-24 10:39:44 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-21 11:35:00 ----A---- C:\WINDOWS\system32\svchost.bat

======List of files/folders modified in the last 1 months======

2010-03-15 16:50:45 ----RD---- C:\Program Files
2010-03-15 16:50:24 ----D---- C:\WINDOWS\system32
2010-03-15 16:50:16 ----D---- C:\WINDOWS
2010-03-15 16:47:45 ----D---- C:\WINDOWS\system32\drivers
2010-03-15 16:45:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-15 16:44:26 ----D---- C:\Documents and Settings\Štěpánka\Data aplikací\Skype
2010-03-15 16:39:57 ----D---- C:\WINDOWS\Temp
2010-03-15 16:12:05 ----SD---- C:\WINDOWS\Tasks
2010-03-15 16:06:26 ----D---- C:\Documents and Settings\Štěpánka\Data aplikací\skypePM
2010-03-15 14:28:10 ----RSHD---- C:\RECYCLER
2010-03-15 11:56:30 ----D---- C:\Program Files\Adobe
2010-03-15 11:55:46 ----D---- C:\WINDOWS\Prefetch
2010-03-15 11:54:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-15 11:54:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-15 11:53:55 ----D---- C:\Program Files\Internet Explorer
2010-03-15 09:45:25 ----D---- C:\Program Files\Mozilla Firefox
2010-03-11 00:28:05 ----D---- C:\Documents and Settings\Štěpánka\Data aplikací\Adobe
2010-03-10 15:11:57 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-10 11:41:34 ----D---- C:\Program Files\epson
2010-03-10 11:11:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\Real
2010-03-10 11:11:27 ----D---- C:\Documents and Settings\Štěpánka\Data aplikací\Real
2010-03-10 10:33:12 ----HD---- C:\Program Files\InstallShield Installation Information
2010-03-10 10:22:42 ----D---- C:\WINDOWS\twain_32
2010-03-10 10:22:37 ----HD---- C:\WINDOWS\inf
2010-03-10 10:19:02 ----SHD---- C:\WINDOWS\Installer
2010-03-10 10:18:16 ----D---- C:\Documents and Settings\Štěpánka\Data aplikací\uTorrent
2010-03-04 01:37:27 ----D---- C:\Documents and Settings\Štěpánka\Data aplikací\SendSpace Wizard
2010-02-16 18:44:16 ----D---- C:\WINDOWS\system32\Restore

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R3 BCM43XX;ASUS 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2009-08-31 5632]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
S1 c8bbf518;c8bbf518; C:\WINDOWS\System32\drivers\c8bbf518.sys []
S1 ddra1f7;ddra1f7; C:\WINDOWS\System32\drivers\ddra1f7.sys [2010-03-15 18528]
S1 gga808b;gga808b; C:\WINDOWS\System32\drivers\gga808b.sys [2010-03-15 18528]
S1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-02-17 13312]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
S2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
S2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2009-08-31 15781]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2006-11-22 72704]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
S3 boiro;boiro; \??\C:\WINDOWS\system32\02.tmp []
S3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-17 14080]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-05-12 1037056]
S3 HSFHWSIS;HSFHWSIS; C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-06-17 193280]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 npf;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-15 34064]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-08-09 70144]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-02-17 240640]
S3 tlepsrb;tlepsrb; \??\C:\WINDOWS\system32\02.tmp []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-05-12 685312]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-17 138680]
S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 BtwSvc;BtwSvc; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-15 194032]
S2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-12 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-26 73728]
S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
S2 peresvc;peresvc Service; C:\WINDOWS\system32\PereSvc.exe [2001-10-25 33792]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-09-11 85096]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-17 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-11 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 InstallShield Licensing Service;InstallShield Licensing Service; C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe [2009-10-26 78536]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-11-15 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary

Vložte do PC všechny flash disky, které používáte.

Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"

Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna

Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.

Během skenování může být počítač restartován.

[jordanovka]

tak tady je ten dalsi log:

ComboFix 10-03-14.06 - Štěpánka 15.03.2010 17:10:06.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.895.626 [GMT 1:00]
Spuštěný z: c:\documents and settings\Štěpánka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091210-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Štěpánka\qiour.exe
C:\lsass.exe
c:\program files\Adobe\acrotray .exe
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858
c:\recycler\S-1-5-21-1302078591-7715636455-998825404-5881
c:\recycler\S-1-5-21-5132471647-1863997967-033953024-2319
c:\recycler\S-1-5-21-5495462110-5941497053-173914837-5111
c:\recycler\S-1-5-21-5495462110-5941497053-173914837-5111\wnzip32.exe
c:\recycler\S-1-5-21-6861574820-4702894998-714047285-5998
c:\recycler\S-1-5-21-7439632134-8937796311-532373128-5555
c:\recycler\S-1-5-21-8273869158-4698002785-899069769-2094
c:\recycler\S-1-5-21-8311854567-5790017637-456388478-1478
c:\recycler\S-1-5-21-8345199824-0656858887-983727429-6474
c:\recycler\S-1-5-21-9555552274-6230562945-739612793-7490
c:\windows\cidrive32.exe
c:\windows\hsfpwcfg .exe
c:\windows\irc.txt
c:\windows\qlolexpv.dll
c:\windows\system32\app_dll.dll
c:\windows\system32\BtwSvc.dll
c:\windows\system32\ctfmon .exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\flags.ini
c:\windows\system32\ieuinit.inf
c:\windows\system32\Install.txt
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\muzapp.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pfxzmtaim.dll
c:\windows\system32\pfxzmtforum.dll
c:\windows\system32\pfxzmtgtal.dll
c:\windows\system32\pfxzmticq.dll
c:\windows\system32\pfxzmtsmt.dll
c:\windows\system32\pfxzmtsmtspm.dll
c:\windows\system32\pfxzmtwbmail.dll
c:\windows\system32\pfxzmtymsg.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\regedit.exe
c:\windows\system32\restorer32_a .exe
c:\windows\system32\restorer32_a.exe
c:\windows\system32\rsvp32_2.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\uses32.dat
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\TEMP\mta13187.dll
D:\autorun.inf

Nakažená kopie c:\windows\system32\DRIVERS\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BTWSVC
-------\Service_BtwSvc
-------\Service_npf


((((((((((((((((((((((((( Soubory vytvořené od 2010-02-15 do 2010-03-15 )))))))))))))))))))))))))))))))
.

2010-03-15 16:07 . 2010-03-15 16:07 4 ----a-w- c:\program files\1307218.dat
2010-03-15 15:50 . 2010-03-15 15:51 -------- d-----w- c:\program files\trend micro
2010-03-15 15:50 . 2010-03-15 15:50 -------- d-----w- C:\rsit
2010-03-15 15:47 . 2010-03-15 15:47 8704 ----a-w- c:\windows\system32\sporder.dll
2010-03-15 15:38 . 2010-03-15 15:36 31848 ---h--w- C:\Pornopics.scr
2010-03-15 13:12 . 2010-03-15 13:12 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-03-15 10:55 . 2010-03-15 10:55 18528 ----a-w- c:\windows\system32\drivers\gga808b.sys
2010-03-15 10:54 . 2010-03-15 10:54 18528 ----a-w- c:\windows\system32\drivers\ddra1f7.sys
2010-03-15 10:54 . 2010-03-15 16:18 823296 ----a-w- c:\windows\system32\drivers\tyyvzct.sys
2010-02-24 09:39 . 2010-02-24 09:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-21 10:35 . 2010-02-21 10:35 137 ----a-w- c:\windows\system32\svchost.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-15 16:14 . 2001-10-25 14:00 79440 ----a-w- c:\windows\system32\perfc005.dat
2010-03-15 16:14 . 2001-10-25 14:00 432516 ----a-w- c:\windows\system32\perfh005.dat
2010-03-10 10:41 . 2010-02-01 21:15 -------- d-----w- c:\program files\epson
2010-03-10 09:33 . 2009-08-31 13:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-01 21:30 . 2009-08-31 13:39 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-22 11:21 . 2010-01-22 11:21 -------- d-----w- c:\program files\ASUSTeK
2010-01-07 11:38 . 2009-08-31 12:40 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2004-08-17 13:49 . 2004-08-17 13:49 165281 --sha-r- c:\windows\system32\xrjxzi.dll
.

Kód: Vybrat vše

<pre>
c:\program files\ASUS\NB Probe\nbprobe .exe
c:\program files\Common Files\LightScribe\lightscribecontrolpanel .exe
c:\program files\Common Files\Nero\Lib\nerocheck .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\MarkAny\ContentSafer\maagent .exe
c:\program files\Samsung\Samsung Media Studio 5\smstray .exe
c:\windows\ATK0100\hcontrol .exe
</pre>

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\ćtŘp nka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-8-31 331776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Graphisoft\\ArchiCAD 12\\ArchiCAD.exe"=
"c:\\Program Files\\WIBUKEY\\Server\\WkSvW32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2381:TCP"= 2381:TCP:jlqxjf

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12.10.2009 13:12 114768]
R1 ddra1f7;ddra1f7;c:\windows\system32\drivers\ddra1f7.sys [15.3.2010 11:54 18528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.10.2009 13:12 20560]
R2 BtwSvc;BtwSvc;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
R2 peresvc;peresvc Service;c:\windows\system32\PereSvc.exe [25.10.2001 15:00 34816]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [31.8.2009 14:40 193280]
S1 c8bbf518;c8bbf518;c:\windows\system32\drivers\c8bbf518.sys [29.10.2009 16:33 0]
S1 gga808b;gga808b;c:\windows\system32\drivers\gga808b.sys [15.3.2010 11:55 18528]
S2 hfqoweirn;Windows Time;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
S2 zxuxn;Security Center;c:\windows\system32\svchost.exe -k netsvcs [17.8.2004 14:49 14336]
S3 boiro;boiro;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S3 tlepsrb;tlepsrb;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - BTWSVC
*Deregistered* - tyyvzct

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zxuxn

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 12:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2010-03-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-15 17:52]

2010-03-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.facebook.com/home.php?
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Štěpánka\Data aplikací\Mozilla\Firefox\Profiles\9g8ekgcz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8 ... &gfns=1&q=
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
AddRemove-MoI_v1_1_trial_is1 - c:\program files\MoI 1.1 trial\unins000.exe
AddRemove-QIP Infium - c:\program files\QIP Infium\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 17:19
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\system32\Install.txt 266 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\boiro]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tlepsrb]
"ImagePath"="\??\c:\windows\system32\02.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hfqoweirn]
"ServiceDll"="c:\windows\system32\xrjxzi.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tyyvzct]

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\zxuxn]
"ServiceDll"="c:\windows\system32\xrjxzi.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3824)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\PowerDes.exe
c:\windows\system32\msctc.sys
.
**************************************************************************
.
Celkový čas: 2010-03-15 17:23:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-15 16:23

Před spuštěním: 1 213 046 784
Po spuštění: 7 073 153 024

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 647DC745E388BD5B8FE4B1B9BF797435

[jordanovka]

Přestaly mi zde vyskakovat okna s upozorněními o infekcich..mam stále vložené usb zařízení v počítači..co následuje nyní?Je už problém vyřešen?zbavila jsem se viru a jiné havěti co jsem měla vpočítači?a zbavyla si jí i usb zařízení?mám Flashku zformátovat?a jaký antivirus byste mi doporučíl?děkuji

[Caroprd111]

Ještě toho tam máte. Vydržte, napíšu skript na smazání, případné dotazy zodpovím později.

[Caroprd111]

Pokud nemáte, přesuňte Combofix na plochu

• Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Driver::
ddra1f7
BtwSvc
peresvc
c8bbf518
gga808b
hfqoweirn
zxuxn
boiro
tlepsrb
tyyvzct

File::
c:\windows\system32\drivers\ddra1f7.sys
c:\windows\system32\PereSvc.exe
c:\windows\system32\drivers\c8bbf518.sys
c:\windows\system32\drivers\gga808b.sys
c:\windows\system32\02.tmp 
c:\windows\system32\02.tmp 
c:\windows\system32\Install.txt 
c:\program files\1307218.dat
c:\windows\system32\msctc.sys
c:\windows\system32\drivers\gga808b.sys
c:\windows\system32\drivers\ddra1f7.sys
c:\windows\system32\drivers\tyyvzct.sys
c:\windows\system32\svchost.bat
c:\windows\system32\xrjxzi.dll

NetSvc::
zxuxn

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2381:TCP"=-

RenV::
c:\program files\ASUS\NB Probe\nbprobe .exe
c:\program files\Common Files\LightScribe\lightscribecontrolpanel .exe
c:\program files\Common Files\Nero\Lib\nerocheck .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\MarkAny\ContentSafer\maagent .exe
c:\program files\Samsung\Samsung Media Studio 5\smstray .exe
c:\windows\ATK0100\hcontrol .exe

• Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
• Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
  
  
• Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[jordanovka]

zkopírovala sem vytvořený CFScript.txt do Combofixu podle návodu, ale vmodrem okně Combofixu je ted napsáno:

NIRCMDC není názvem vnitřního ani vnějšího příkazu
spustitelného programu nebo dávkového souboru

je něco špatně?