VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

neviem odstranit autorun

https://forum.viry.cz:443/viewtopic.php?t=99535

Stránka 1 z 2

neviem odstranit autorun

Napsal: 31 bře 2010 10:53
od Elbro
Dobry den, mohla ba som poprosit niekoho o pomoc?
Pred niekolkymi dnami som vlozila usb-kluc do notebooku. Odvtedy mi raz zmrzol a na inom usb-kluci sa mi objavuje skryty subor autorun. Dala som ho zmazat, ale vzdy po vlozeny sa tam objavi znova. Mala som nainstalovany avast (pravidelne aktualizovany), ale virus mi neukazal, tak som preinstalovala na avg. Ten virus oznaci, ale neda sa odstranit, iba ho uklada do trezoru. Nepomohlo ani sformatovanie kluca, tak myslim, ze je virus v NB. Avg ani po teste celeho pocitaca nic nenasiel (hladal ale podla mna prilis kratko).
Citala som si tie uvodne clanky, tak som sformatovala usb a dala ho vakcinovat, ale neviem ci to pomohlo, ako stopercentne zistim, ze virus nie je niekde v mojom NB alebo na kluci? Nevyznam sa totiz nejako v pc a tu terminologiu, ktoru som nasla na stranke... no nerozumiem takmer nicomu. Stiahlo som si tie programy, co su tam linky na ne, ale co s nimi?
Bude mat niekto na mna trpezlivost?
Eliska

P.S. 1 Neponahla to, lebo na internet sa dostanem az o tyzden. Dakujem...
P.S. 2 Ak som napisala na nejake miesto fora, kde som nemala, ospravedlnujem sa, neviem pracovat s takymito strankami.

Re: neviem odstranit autorun

Napsal: 31 bře 2010 11:45
od motji
Hezké odpoledne :)
Mrkneme se na to :)
:arrow: Jaký program jste použila na vakcinaci?
:arrow: připojte Usb klíč a udělejte log ze Rsitu, viz můj podpis

:arrow: Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt

Re: neviem odstranit autorun

Napsal: 07 dub 2010 08:29
od Elbro
Ked som mala na tomto notebooku nejaky virus, nachadzal sa vzdy v tejto zlozke:
C:\System Volume Information\
ale AVG tuto zlozku oznacuje ako zamknuty subor a netestuje ho. Avast ho sice testoval, ale nic nenasiel, som si ista, ze v mojom NB je virus, ale neviem kde, a mal by to byt autorun.inf
Pred odinstalovanim Avastu, dala som este aj s nim urobit test celeho pocitaca, ale jedine co mi zistil je:
Subor: C: \System Volume Information\_restore{B4B83D51-8879-465D-8C91-23922FE32132}\RP27\A0013823.exe\{app}\FUM\fumcore.dll Chyba 42146 {Archiv instalatora je poskodeny.}
Moze to suvisiet s tym virom?
Ako mam nastavit AVG, aby prezrel aj taketo subory a subory zaheslovane, obsahujuce makra,... neprehladava ich a mozno v tom je chyba. Skusila som pozriet vsetky moznosti nastavenia, ale nic take som nevidela.
Alebo asi lepsia otazka, ktory antivirovy program by bol najlepsi, ale skor nejaky na stiahnutie z netu, lebo pravidelne kupovanie programu je dost nakladne (pravda, aj bezpecnejsie, ja viem :( )
Na vakcinaciu som pouzila ten program, ktory bol v inej teme o autorune odporucany: Panda USB Vaccinace

Pripojila som usb a spustila program Usbfix a toto mi vyhodilo, ale neviem, ci to je ten log (co to vlastne znamena?)


############################## | UsbFix V6.100 |

User : user (Administrators) # ACER
Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8
Start at: 9:17:19 | 7.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

procesor Intel Pentium III Xeon
Systém Microsoft Windows XP Home Edition (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Enabled
AV : AVG Anti-Virus Free 9.0 [ Enabled | Updated ]

C:\ -> Lokálny pevný disk # 97,65 Go (71,36 Go free) [HD] # NTFS
D:\ -> Lokálny pevný disk # 135,22 Go (102,76 Go free) [HD] # NTFS
E:\ -> Disk CD-ROM
F:\ -> Vymeniteľný disk # 3,77 Go (3,34 Go free) [ELIŠKA] # FAT32

################## | Files # Infected Folders |

Deleted ! C:\Documents and Settings\user\csrss.exe
Deleted ! C:\Recycler\S-1-5-21-1390067357-1844823847-725345543-1004
Deleted ! D:\Recycler\S-1-5-21-1390067357-1844823847-725345543-1004
(!) Not deleted ! F:\autorun.inf

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\...\Explorer\MountPoints2\{3c45fe45-de80-11de-80cf-00265e5b1d20}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{62dfdcd2-b5ae-11de-807e-00265e5b1d20}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{69e4a558-cea0-11de-80ad-00265e5b1d20}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{6d56452a-dda5-11de-80ca-00265e5b1d20}\Shell\AutoRun\Command
Deleted ! HKCU\...\Explorer\MountPoints2\{92f39f2b-accd-11de-8069-00265e5b1d20}\Shell\AutoRun\Command

################## | Listing of the present files |

[14.09.2009 12:26|--a------|0] C:\AUTOEXEC.BAT
[14.09.2009 12:41|-rahs----|211] C:\boot.ini
[14.09.2009 12:26|--a------|0] C:\CONFIG.SYS
[14.09.2009 12:26|-rahs----|0] C:\IO.SYS
[14.09.2009 12:26|-rahs----|0] C:\MSDOS.SYS
[14.09.2009 12:39|-rahs----|47564] C:\NTDETECT.COM
[14.09.2009 12:39|-rahs----|250032] C:\ntldr
[?|?|?] C:\pagefile.sys
[07.04.2010 09:22|--a------|2028] C:\UsbFix.txt
[?|?|?] F:\AUTORUN.INF

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# D:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# F:\autorun.inf -> Panda USB Vaccine

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_ACER.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.100 ! |

a z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-04-07 09:26:01
Systém Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 73 GB (73%) free of 100 GB
Total RAM: 1977 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:16, on 7.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: MultiShop v2.0 - {39AA6D29-4236-4F25-A36A-3410EF5283D9} - C:\PROGRA~1\PIVIMM~1\MULTIS~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\MSOCache\ALLUSE~1\900004~1\FILES\SETUP\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Music Player Utility.lnk = C:\Program Files\Transcend\Digital Music Player Utility\UDisk.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: MultiShop v2.0 - {39AA6D29-4236-4F25-A36A-3410EF5283D9} - C:\PROGRA~1\PIVIMM~1\MULTIS~1.DLL
O9 - Extra 'Tools' menuitem: MultiShop v2.0 - {39AA6D29-4236-4F25-A36A-3410EF5283D9} - C:\PROGRA~1\PIVIMM~1\MULTIS~1.DLL
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\MSOCache\ALLUSE~1\900004~1\FILES\SETUP\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\MSOCache\ALLUSE~1\900004~1\FILES\SETUP\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Konfigurační služba Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 7867 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1844823847-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1844823847-725345543-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39AA6D29-4236-4F25-A36A-3410EF5283D9}]
MultiShop v2.0 - C:\PROGRA~1\PIVIMM~1\MULTIS~1.DLL [2009-09-08 893440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-31 1598744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\MSOCache\ALLUSE~1\900004~1\FILES\SETUP\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-02-19 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-02-19 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-02-19 141848]
"PLFSetI"=C:\WINDOWS\PLFSetI.exe [2008-07-29 200704]
"ACU"=C:\Program Files\Atheros\ACU.exe [2009-01-05 450648]
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-31 2059544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpybotSD TeaTimer"=D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-06 133104]
"uTorrent"=D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\uTorrent.exe [2009-10-15 289072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Digital Music Player Utility.lnk - C:\Program Files\Transcend\Digital Music Player Utility\UDisk.exe

C:\Documents and Settings\user\Start Menu\Programs\Startup
PandaUSBVaccine.lnk - C:\Program Files\Panda USB Vaccine\USBVaccine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-31 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-02-19 206848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=255
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\ICQ6.5\ICQ.exe"="D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\uTorrent.exe"="D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\ABA3.exe"="D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\ABA3.exe:*:Enabled:Audio Bible Ambassador"
"D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\webupdater.exe"="D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\webupdater.exe:*:Enabled:Audio Bible Ambassador Updater"
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-07 09:22:48 ----RASHD---- C:\autorun.inf
2010-04-07 09:17:14 ----A---- C:\UsbFix.txt
2010-04-07 09:08:32 ----D---- C:\UsbFix
2010-04-07 09:05:57 ----D---- C:\Program Files\trend micro
2010-04-07 09:05:55 ----D---- C:\rsit
2010-04-07 08:42:11 ----HDC---- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-04-07 08:41:49 ----D---- C:\Program Files\Lavasoft
2010-04-07 08:41:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-04-07 07:25:54 ----D---- C:\Program Files\Common Files\Java
2010-04-07 07:25:54 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-04-07 07:25:35 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-07 07:25:35 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-07 07:25:35 ----A---- C:\WINDOWS\system32\java.exe
2010-03-31 13:47:10 ----D---- C:\Documents and Settings\user\Application Data\AVG9
2010-03-31 11:18:01 ----D---- C:\Documents and Settings\All Users\Application Data\Panda Security
2010-03-31 11:17:53 ----D---- C:\Program Files\Panda USB Vaccine
2010-03-31 09:13:15 ----HD---- C:\$AVG
2010-03-31 07:36:10 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-31 07:35:56 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-03-31 07:35:40 ----D---- C:\Program Files\AVG
2010-03-31 07:35:40 ----D---- C:\Documents and Settings\All Users\Application Data\avg9

======List of files/folders modified in the last 1 months======

2010-04-07 09:24:04 ----D---- C:\WINDOWS\system32
2010-04-07 09:24:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-07 09:22:57 ----SD---- C:\WINDOWS\Tasks
2010-04-07 09:22:55 ----D---- C:\WINDOWS\Temp
2010-04-07 09:19:55 ----SHD---- C:\RECYCLER
2010-04-07 09:19:22 ----D---- C:\WINDOWS
2010-04-07 09:16:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-07 09:10:41 ----D---- C:\WINDOWS\Prefetch
2010-04-07 09:05:57 ----D---- C:\Program Files
2010-04-07 08:44:31 ----D---- C:\Documents and Settings\user\Application Data\uTorrent
2010-04-07 08:44:28 ----HD---- C:\WINDOWS\inf
2010-04-07 08:44:28 ----D---- C:\WINDOWS\system32\drivers
2010-04-07 08:44:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-07 08:44:23 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-07 08:42:11 ----SHD---- C:\WINDOWS\Installer
2010-04-07 08:41:44 ----D---- C:\WINDOWS\WinSxS
2010-04-07 08:06:54 ----D---- C:\Program Files\Mozilla Firefox
2010-04-07 07:32:35 ----A---- C:\WINDOWS\WDICT32.INI
2010-04-07 07:25:54 ----D---- C:\Program Files\Common Files
2010-04-07 07:25:32 ----D---- C:\Program Files\Java
2010-04-03 15:03:48 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-02 14:18:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-01 16:37:02 ----D---- C:\Program Files\Movie Maker
2010-04-01 16:36:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 07:35:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-31 07:33:44 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2010-03-30 17:34:27 ----D---- C:\Program Files\CCleaner
2010-03-09 04:28:20 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-31 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-31 29512]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-31 242696]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-12-29 1346464]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2009-04-01 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-04-01 991136]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2009-03-09 805888]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-02-19 6312608]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-04-07 39424]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2009-04-01 534312]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2009-04-01 156816]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2009-04-01 57384]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2009-04-01 37032]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-04-01 47272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-07-10 1753984]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Konfigurační služba Atheros; C:\WINDOWS\system32\acs.exe [2009-01-05 475220]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-31 916760]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-31 308064]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2009-03-23 349528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-07 1181328]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

Dufam, ze som nic nepoplietla :o

Re: neviem odstranit autorun

Napsal: 07 dub 2010 09:19
od motji
Ne, udělala jste to dobře :)
Vy jste použila Pandu vakcinator, a ta stejně jako USBfix vytváří ochranou složku autorun.inf. Je to jen prázdná složka :) . Teoreticky to funguje tak, že ten škodlivý soubor autorun.inf už se na takto ochráněnou flešku nezapíše, protože už tam jeden autorun.inf je.
# F:\autorun.inf -> Panda USB Vaccine


NIcméně se mi nelíbí, co USBfix smazal, mohla bych udělat ještě další testy?
A viry ve složce SVI pak smažeme jinak :) . Složka System volume information - tam se ukládají soubory obnovy systému, takže stačí vypnout obnovu systému a restartovat počítač :)

Jak to ted vypadá s počítačem?
S AVG Vám nepomůžu, nepoužívám ho :)

Mluvíte o tom, že máte 2 USBklíče. Nechala jste navakcinovat oba? Bylo by vhodné nechat USBfixem zkontrolovat oba :)

Re: neviem odstranit autorun

Napsal: 07 dub 2010 10:06
od Elbro
Dakujem, nie to druhe usb bolo spoluziackino a uz ho radsej nedam do pocitaca. Bude vakcinacia ucinna len pre kluce v mojom pocitaci alebo aj ked moj kluc dam do ineho pocitaca?
momentalne mi resisdentny stit avg vyhadzuje vela suborov a pribudaju a nedaju sa vymazat...

"C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nhpyhmj5.default\cookies.sqlite";"Nalezeno Tracking cookie.Revsci";""
"C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nhpyhmj5.default\cookies.sqlite";"Nalezeno Tracking cookie.Revsci";""
"C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nhpyhmj5.default\cookies.sqlite";"Nalezeno Tracking cookie.Revsci";""
"C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nhpyhmj5.default\cookies.sqlite";"Nalezeno Tracking cookie.Revsci";""
"C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nhpyhmj5.default\cookies.sqlite";"Nalezeno Tracking cookie.Revsci";""
"C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nhpyhmj5.default\cookies.sqlite";"Nalezeno Tracking cookie.Revsci";""
"C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nhpyhmj5.default\cookies.sqlite";"Nalezeno Tracking cookie.Revsci";""
"C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nhpyhmj5.default\cookies.sqlite";"Nalezeno Tracking cookie.Revsci";""
"C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nhpyhmj5.default\cookies.sqlite";"Nalezeno Tracking cookie.Revsci";""
"C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nhpyhmj5.default\cookies.sqlite";"Nalezeno Tracking cookie.Revsci";""

sformatovala som usb a opat vlozila, opat tam naskocil autorun a teraz ho avg uz oznacil, ten virus musi byt niekde v pocitaci, ked vzdy sformatovane usb sa infikuje po vlozeni do pocitaca, ved predtym som dala usb do pocitaca a vsetko bolo ok aj bez vakcinacie, ale teraz sem skace so zalubou, virus musi byt niekde u mna, inak to nepochopim,... alebo je to nejako inak? som z toho mimo :roll:

Re: neviem odstranit autorun

Napsal: 07 dub 2010 12:18
od motji
Dobře, jdeme hledat dál :)
Combofix spustte se zapojeným USBklíčem :)


:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Re: neviem odstranit autorun

Napsal: 10 dub 2010 11:26
od motji
Jak to tu vypadá? :)

Re: neviem odstranit autorun

Napsal: 13 dub 2010 09:52
od Elbro
Dobry den :)

Ja som este nieco skusila. Pouzila som program Malwarebytes' Anti-Malware a takyto log mi vyhodilo:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verzia databázy: 3962

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10.4.2010 14:59:05
mbam-log-2010-04-10 (14-59-05).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 257672
Uplynulý čas: 3 hod, 47 min, 32 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 1
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 2
Infikované priečinky: 0
Infikované súbory: 4

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{67kln5j0-4opm-00we-aax5-74cc2a323342} (Backdoor.Bifrose) -> Quarantined and deleted successfully.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
C:\System Volume Information\_restore{B4B83D51-8879-465D-8C91-23922FE32132}\RP39\A0020514.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B4B83D51-8879-465D-8C91-23922FE32132}\RP47\A0024396.exe (Trojan.Palevo.Gen.A) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\Documents and Settings\user\csrss.exe.UsbFix (Trojan.Palevo.Gen.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Mylim, ze tymto sa ten problem odstranil, lebo sa mi notebook aj rychlejsie zapina a AVG prehladava aj priecinok System volume information a mozem sa don dostat, co predtym bol blokovany.

Nechcela som neposluchnut Vasu radu, ale bojim sa toho upozornenia, ze Combofix moze poskodit system. Ja casto nieco zbabrem ...

Re: neviem odstranit autorun

Napsal: 13 dub 2010 09:59
od motji
Dobře, ještě za týden zopakujte mbam a vložte nový log ze Rsitu a uvidíme, zda je vše ok. :)

:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.



:arrow: Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-počítač se restartuje

:arrow: Klikněte mi do podpisu na SVI a podle návodu zapněte a vypněte obnovu systému, někdy se tam viry schovávají

:arrow: mohla bych ještě provést test na rootkity?

Re: neviem odstranit autorun

Napsal: 20 dub 2010 13:24
od Elbro
Dobry den, tu je log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2010-04-20 14:18:22
Systém Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 77 GB (77%) free of 100 GB
Total RAM: 1977 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:39, on 20.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\PLFSetI.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\PLFSetL.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Transcend\Digital Music Player Utility\UDisk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {39AA6D29-4236-4F25-A36A-3410EF5283D9} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\MSOCache\ALLUSE~1\900004~1\FILES\SETUP\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PandaUSBVaccine.lnk = C:\Program Files\Panda USB Vaccine\USBVaccine.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Music Player Utility.lnk = C:\Program Files\Transcend\Digital Music Player Utility\UDisk.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: MultiShop v2.0 - {39AA6D29-4236-4F25-A36A-3410EF5283D9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: MultiShop v2.0 - {39AA6D29-4236-4F25-A36A-3410EF5283D9} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\MSOCache\ALLUSE~1\900004~1\FILES\SETUP\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\MSOCache\ALLUSE~1\900004~1\FILES\SETUP\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Konfigurační služba Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

--
End of file - 8448 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1844823847-725345543-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1844823847-725345543-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39AA6D29-4236-4F25-A36A-3410EF5283D9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-04-14 1602912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\MSOCache\ALLUSE~1\900004~1\FILES\SETUP\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-02-23 1664256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-02-19 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-02-19 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-02-19 141848]
"PLFSetI"=C:\WINDOWS\PLFSetI.exe [2008-07-29 200704]
"ACU"=C:\Program Files\Atheros\ACU.exe [2009-01-05 450648]
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-04-14 2064224]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpybotSD TeaTimer"=D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-06 133104]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-04-01 2010864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Digital Music Player Utility.lnk - C:\Program Files\Transcend\Digital Music Player Utility\UDisk.exe

C:\Documents and Settings\user\Start Menu\Programs\Startup
PandaUSBVaccine.lnk - C:\Program Files\Panda USB Vaccine\USBVaccine.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-31 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-02-19 206848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=255
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\ICQ6.5\ICQ.exe"="D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\ABA3.exe"="D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\ABA3.exe:*:Enabled:Audio Bible Ambassador"
"D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\webupdater.exe"="D:\MSOCache\All Users\9000041b-6000-11D3-8CFE-0150048383C9\FILES\SETUP\webupdater.exe:*:Enabled:Audio Bible Ambassador Updater"
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-20 14:18:22 ----D---- C:\rsit
2010-04-16 14:50:43 ----A---- C:\Documents and Settings\user\Application Data\burnaware.ini
2010-04-16 14:42:31 ----A---- C:\WINDOWS\system32\gdiplus.dll
2010-04-16 14:42:29 ----D---- C:\Program Files\BurnAware Free
2010-04-14 13:51:36 ----HDC---- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-08 09:15:07 ----D---- C:\Documents and Settings\user\Application Data\NwDocx
2010-04-08 09:14:55 ----D---- C:\Documents and Settings\user\Application Data\Docx2Rtf
2010-04-07 17:14:44 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-04-07 11:54:20 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2010-04-07 11:54:09 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-07 11:54:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-07 11:49:05 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-07 11:48:48 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-07 11:48:48 ----D---- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2010-04-07 11:48:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-07 09:22:48 ----RASHD---- C:\autorun.inf
2010-04-07 09:17:14 ----A---- C:\UsbFix.txt
2010-04-07 09:08:32 ----D---- C:\UsbFix
2010-04-07 09:05:57 ----D---- C:\Program Files\trend micro
2010-04-07 08:41:49 ----D---- C:\Program Files\Lavasoft
2010-04-07 08:41:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-04-07 07:25:54 ----D---- C:\Program Files\Common Files\Java
2010-04-07 07:25:54 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-04-07 07:25:35 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-07 07:25:35 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-07 07:25:35 ----A---- C:\WINDOWS\system32\java.exe
2010-03-31 13:47:10 ----D---- C:\Documents and Settings\user\Application Data\AVG9
2010-03-31 11:18:01 ----D---- C:\Documents and Settings\All Users\Application Data\Panda Security
2010-03-31 11:17:53 ----D---- C:\Program Files\Panda USB Vaccine
2010-03-31 09:13:15 ----HD---- C:\$AVG
2010-03-31 07:36:10 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-31 07:35:56 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-03-31 07:35:40 ----D---- C:\Program Files\AVG
2010-03-31 07:35:40 ----D---- C:\Documents and Settings\All Users\Application Data\avg9

======List of files/folders modified in the last 1 months======

2010-04-20 14:17:47 ----SD---- C:\WINDOWS\Tasks
2010-04-20 14:17:46 ----D---- C:\WINDOWS\Temp
2010-04-20 14:15:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-20 13:41:09 ----D---- C:\WINDOWS\system32
2010-04-20 13:41:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-20 10:09:51 ----D---- C:\WINDOWS
2010-04-20 10:09:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-17 17:25:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-17 09:06:02 ----A---- C:\WINDOWS\WDICT32.INI
2010-04-17 08:48:28 ----D---- C:\Documents and Settings\user\Application Data\uTorrent
2010-04-17 08:47:21 ----D---- C:\Program Files\Pivim Multibar
2010-04-17 08:39:41 ----SHD---- C:\WINDOWS\Installer
2010-04-16 14:42:29 ----D---- C:\Program Files
2010-04-15 21:43:30 ----A---- C:\WINDOWS\WTRAN32.INI
2010-04-14 23:09:22 ----SHD---- C:\System Volume Information
2010-04-14 23:09:22 ----D---- C:\WINDOWS\system32\Restore
2010-04-14 13:52:54 ----D---- C:\WINDOWS\system32\drivers
2010-04-14 13:51:40 ----D---- C:\WINDOWS\WinSxS
2010-04-10 15:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-04-10 11:03:02 ----D---- C:\Documents and Settings\user\Application Data\Adobe
2010-04-08 09:11:14 ----D---- C:\Program Files\Common Files\Adobe
2010-04-08 09:11:13 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-04-07 11:48:08 ----D---- C:\Program Files\Common Files
2010-04-07 09:33:55 ----A---- C:\WINDOWS\win.ini
2010-04-07 09:33:35 ----HD---- C:\WINDOWS\inf
2010-04-07 09:19:55 ----SHD---- C:\RECYCLER
2010-04-07 09:10:41 ----D---- C:\WINDOWS\Prefetch
2010-04-07 08:44:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-07 08:06:54 ----D---- C:\Program Files\Mozilla Firefox
2010-04-07 07:25:32 ----D---- C:\Program Files\Java
2010-04-03 15:03:48 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-01 16:37:02 ----D---- C:\Program Files\Movie Maker
2010-04-01 16:36:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 07:35:34 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-03-31 07:33:44 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2010-03-30 17:34:27 ----D---- C:\Program Files\CCleaner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-31 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-31 29512]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-31 242696]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-12-29 1346464]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2009-04-01 37160]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2009-04-01 991136]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2009-03-09 805888]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-02-19 6312608]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-04-07 39424]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2008-02-08 57408]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2009-04-01 534312]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2009-04-01 156816]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2009-04-01 57384]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2009-04-01 37032]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2009-04-01 47272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-07-10 1753984]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Konfigurační služba Atheros; C:\WINDOWS\system32\acs.exe [2009-01-05 475220]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-31 916760]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-31 308064]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2009-03-23 349528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-09 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-14 1265264]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


A pouzila som viackrat mbam, ale vzdy mi najde tie iste subory, ktore pri restarte vymaze, ale o dva dni su tam opat, tak neviem ci ich nevie zmazat alebo sa mi tam dostavaju nejako, ale len z internetu, lebo usbkluce som zatial nepouzivala. Ide o tieto subory:


Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Stale sa mi sem vracaju :?:

Aj tie rootkity mozeme pohladat, ak mate na mna este cas a nervy.

Dakujem za ochotu a obetavost

Re: neviem odstranit autorun

Napsal: 20 dub 2010 16:05
od motji
Jdeme na to :)

:arrow: Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

Re: neviem odstranit autorun

Napsal: 26 dub 2010 12:53
od Elbro
Dobry den, pouzila som program gmer, ale to bolo zle...
Program som spustila, z toho, co napisal, som dala ulozit log. Potom som chcela dat urobit scan, ale vzdy (robila som viac pokusov) sa mi pritom akosi zblaznil pocitac. Niekedy ani nezoscanoval cely pocitac (trvalo to asi 5 minut) a ked zoskenoval cely pocitac (viac ako 3 hodiny), sa zrazu sam restartoval a objavilo sa hlasenie, ze sa vyskytla chyba a doslo k obnoveniu systemu. Teda ten druhy log nemam. Posielam 3 logy, ktore som ulozila pri spusteni gmeru, su tu len tie, ktore su rozdielne, lebo viac logov bolo rovnakych pri dalsich spusteniach.
Pri niekolkych spusteniach mi zmrzol cely pocitac, po chvili sa program sam zavrel, ale s nim zmizli aj vsetky ikony a panel start, nemala som na co kliknut, restartovanie pocitaca ctrl+alt+delete nefungovalo, musela som ho len natvrdo vypnut tlacitkom na zapinanie. Nemoze sa system takto poskodit, ved sa Windows vobec korektne neodhlasil...
Pri scanovani gmerom som nic ine nespustala, bezal len tento program.
Teraz mam problem (ale neviem ci to suvisi so scanovanim tymto programom), ze program BSPlayer, ktory fungoval bez problemov mi teraz nevie spustit subory .vob a sam sa vypina, ale ine typy pusta bez problemov.

1. log gmeru

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-23 17:23:26
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxtdrpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----

2. log gmeru

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-23 20:12:32
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxtdrpob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


3. log gmeru


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-23 20:30:22
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\pxtdrpob.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA7A4A320]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----

Re: neviem odstranit autorun

Napsal: 26 dub 2010 14:27
od motji
:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

Re: neviem odstranit autorun

Napsal: 04 kvě 2010 15:41
od Elbro
Cez vikend som sa s tym trapila, ale neviem, ako mam vypnut antivirusovy program a spyware, a ine (celkom ich mam asi 5). Mam ich odinstalovat? :?:

Re: neviem odstranit autorun

Napsal: 04 kvě 2010 15:52
od motji
Raději ano :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz