Kosak píše:
nevadí ak to bude log z combo fix? ak neva tak tu je tedaComboFix 08-11-13.02 - Peter 2008-11-16 10:09:29.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.296 [GMT 1:00]
Running from: c:\documents and settings\Peter\My Documents\Preberanie\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\resycled
c:\resycled\boot.com
c:\windows\system32\h@tkeysh@@k.dll
c:\windows\system32\kdzny.exe
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.
2008-11-15 13:05 . 2008-11-15 13:15 <DIR> d-------- C:\foto ktoré som nezatriedil
2008-11-15 11:32 . 2008-11-15 11:32 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-15 11:16 . 2008-11-15 11:16 <DIR> d-------- c:\program files\SlySoft
2008-11-15 09:10 . 2008-11-15 09:10 <DIR> d-------- c:\program files\Lavasoft
2008-11-14 18:19 . 2008-11-15 11:59 <DIR> d-------- C:\filmy dalsie
2008-11-06 16:37 . 2008-11-06 16:37 <DIR> d-------- C:\Speed Racer
2008-11-02 19:08 . 2008-11-02 20:32 <DIR> d-------- c:\documents and settings\Peter\Application Data\PSpad
2008-10-30 08:01 . 2008-10-30 08:01 <DIR> d-------- c:\program files\Rockstar Games
2008-10-26 07:36 . 2008-10-26 07:36 410,976 --a------ c:\windows\system32\deploytk.dll
2008-10-23 19:32 . 2008-11-04 18:42 <DIR> d-------- c:\program files\MOBILedit!
2008-10-23 19:27 . 2008-10-23 19:27 <DIR> d-------- c:\program files\LastEggStanding_at
2008-10-23 16:07 . 2008-10-23 16:07 99,904 --a------ c:\windows\system32\drivers\AnyDVD.sys
2008-10-19 13:22 . 2008-10-19 13:22 <DIR> d-------- c:\documents and settings\Peter\Application Data\TuneUp Software
2008-10-19 13:21 . 2008-10-19 13:21 <DIR> d-------- c:\documents and settings\Peter\Application Data\Lavasoft
2008-10-18 11:33 . 2008-10-18 11:33 <DIR> d-------- c:\documents and settings\Peter\Application Data\DivX
2008-10-16 20:53 . 2008-10-16 20:53 146 --a------ c:\windows\system32\MRT.INI
2008-10-16 16:39 . 2008-11-03 14:43 <DIR> d-------- C:\Filmy dvd
2008-10-16 16:35 . 2008-10-16 16:35 <DIR> d-------- c:\program files\DVD Decrypter
2008-10-16 14:56 . 2008-10-16 15:03 24 ---hs---- c:\windows\SC2DB24C9.tmp
2008-10-16 13:28 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-16 13:28 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 13:28 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 13:28 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 09:03 --------- d-----w c:\documents and settings\Peter\Application Data\OpenOffice.org2
2008-11-15 15:40 --------- d-----w c:\documents and settings\Peter\Application Data\Skype
2008-11-15 15:02 --------- d-----w c:\documents and settings\Peter\Application Data\skypePM
2008-11-15 13:11 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-15 11:26 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-15 10:59 --------- d-----w c:\documents and settings\Peter\Application Data\uTorrent
2008-11-06 16:52 --------- d-----w c:\documents and settings\Peter\Application Data\dvdcss
2008-10-30 07:01 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-30 06:54 --------- d-----w c:\program files\EA GAMES
2008-10-30 06:53 --------- d-----w c:\program files\Empire Interactive
2008-10-27 18:50 --------- d-----w c:\documents and settings\Peter\Application Data\Ahead
2008-10-26 06:36 --------- d-----w c:\program files\Java
2008-10-16 13:56 --------- d-----w c:\program files\Elaborate Bytes
2008-10-14 12:55 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-10-09 11:41 --------- d-----w c:\program files\Common Files\DirectX
2008-10-02 10:41 --------- d-----w c:\program files\Opera
2008-10-02 10:35 --------- d-----w c:\program files\DivX
2008-09-28 09:13 --------- d-----w c:\documents and settings\Peter\Application Data\ICQ
2008-09-28 09:08 --------- d-----w c:\program files\ICQ6
2008-09-28 08:56 --------- d-----w c:\program files\Google
2008-09-24 12:24 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-09-24 12:17 --------- d-----w c:\program files\WOW
2008-09-22 13:59 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-09-20 10:17 --------- d-----w c:\documents and settings\Peter\Application Data\vlc
2008-09-17 08:03 --------- d-----w c:\program files\Counter-Strike
2008-09-16 00:14 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2008-09-16 00:14 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2008-09-16 00:14 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-11 68856]
"Google Update"="c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-11-15 2259904]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 528384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"HP Software Update"="c:\program files\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-26 144792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\Peter\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - c:\program files\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-11-15 11:38 2259904 c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Counter-Strike\\hl.exe"=
"c:\\Program Files\\WOW\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Empire Interactive\\FlatOut2\\flatout2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\DRIVERS\tffsport.sys [2008-09-09 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-22 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-22 20560]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\DRIVERS\psched.sys [2004-08-04 69120]
S3 AIDA32Driver;AIDA32Driver;\??\d:\program files\AIDA32 - Enterprise System Information\aida32.sys [2004-02-23 3584]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-15 27904]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);c:\windows\system32\DRIVERS\s716bus.sys [2008-07-21 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s716mdfl.sys [2008-07-22 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s716mdm.sys [2008-07-22 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s716mgmt.sys [2008-07-27 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);c:\windows\system32\DRIVERS\s716nd5.sys [2008-07-27 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s716obex.sys [2008-07-22 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);c:\windows\system32\DRIVERS\s716unic.sys [2008-07-27 98952]
S3 TVICHW32;TVICHW32;\??\c:\windows\system32\DRIVERS\TVICHW32.SYS [2008-07-22 23600]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);c:\windows\system32\DRIVERS\w300bus.sys [2008-08-17 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w300mdfl.sys [2008-08-17 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;c:\windows\system32\DRIVERS\w300mdm.sys [2008-08-17 96352]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\w300obex.sys [2008-08-23 85696]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5519d811-589e-11dd-8cc2-000795d10c27}]
\Shell\AutoRun\command - H:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cee0adb2-5b0b-11dd-8ccb-000795d10c27}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com j:
\Shell\Open\command - resycled\boot.com j:
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3B6F3917-0B5C-9D48-4C95-15D496D553DB}]
c:\docume~1\Peter\LOCALS~1\Temp\IXP000.TMP\FRAPS2~1.EXE
.
Contents of the 'Scheduled Tasks' folder
2008-09-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-15 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 18:10]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKLM-Run-c:\windows\system32\kdzny.exe - c:\windows\system32\kdzny.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-c:\windows\system32\kdjfz.exe - c:\windows\system32\kdjfz.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Peter\Application Data\Mozilla\Firefox\Profiles\rl4y69yz.default\
FF -: plugin - c:\documents and settings\Peter\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-16 10:25:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Digital Imaging\bin\hpqgalry.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-11-16 10:30:20 - machine was rebooted [Peter]
ComboFix-quarantined-files.txt 2008-11-16 09:30:02
Pre-Run: 3 612 094 464 bytes free
Post-Run: 3,884,048,384 voľných bajtov
196 --- E O F --- 2008-10-16 19:54:52
no ale naslo mi tento vír/červ BV:AutoRun-E (WRM) našiel mi ho avast a stále mi ho teraz hlási dám presunuť do truhly o minútu hlási znova odstrániť znova hlási o minútu dal som všetky možnosti a nič sa nestalo ako sa ho mám zbaviť? 
pls pomozte je to dolezité
