Autorun.inf

Вообщем ребят подхватил я очередной вирус, мне дал друг флэшку, и был в нем авторан, ну я думаю вирус, вот код который был внутри него:
[autorun]
'=
USEAUTOPLAY=1
`=
icon=%SystemRoot%\system32\SHELL32.dll,4
}=
!=
@=
^=
&=
action=Open folderto view file usingWindowsExplorer
-=

Не факт…может на флешки остался только Autorun.inf, на флешки есть скрытый exe? Сделайте лог HJ…посмотрим, может что прелипло.

Вот, ехе файла не заметил

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:44:16, on 12.09.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
E:\Games\Advanced SystemCare 5\ASCService.exe
D:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
D:\Games\hamachi-2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\USB Safely Remove\USBSafelyRemove.exe
E:\Games\Advanced SystemCare 5\ASCTray.exe
E:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
E:\Program Files\Hotspot Shield\bin\hsswd.exe
E:\Games\HTTPAnalyzerFullV5\InjectWinSockServiceV5.exe
E:\Games\bin\ibguard.exe
C:\Program Files\ASUS\N10 WLAN Card Utilities\Wireless.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
E:\Games\bin\ibserver.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
D:\Delphi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = kino-on-line.my1.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Спутник@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - (no file)
O2 - BHO: IEInspector Browser Helper - {9B43B7B1-BF56-4708-81D2-332D708B0DD9} - E:\Games\HTTPAnalyzerFullV5\IEInspectorBHO.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - E:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
O4 - HKLM..\Run: [avast] “C:\Program Files\AVAST Software\Avast\avastUI.exe” /nogui
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM..\Run: [COMODO Internet Security] “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM..\Run: [Adobe ARM] “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [USB Safely Remove] D:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU..\Run: [Advanced SystemCare 5] “E:\Games\Advanced SystemCare 5\ASCTray.exe” /AutoStart
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: ASUS WLAN Control Center.lnk = C:\Program Files\ASUS\N10 WLAN Card Utilities\Center.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: IE HTTPAnalyzer V5 - {858CFDE9-D018-453E-80D9-FD4FC3EF631E} - E:\Games\HTTPAnalyzerFullV5\IEHTTPAnalyzerV5.dll
O9 - Extra ‘Tools’ menuitem: IE HTTPAnalyzer V5 - {858CFDE9-D018-453E-80D9-FD4FC3EF631E} - E:\Games\HTTPAnalyzerFullV5\IEHTTPAnalyzerV5.dll
O9 - Extra button: Справочные материалы - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip..{7376B124-6868-485D-828B-47BB68C062FA}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip..{CFCC704A-F078-4344-930E-73182D164ED0}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - E:\Games\Advanced SystemCare 5\ASCService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Служба Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Служба Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Games\hamachi-2.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - E:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - E:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: HttpAnalyzerV5 CodeHook service (HttpAnalyzerV5 DllInjectService) - Unknown owner - E:\Games\HTTPAnalyzerFullV5\InjectWinSockServiceV5.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - E:\Games\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - E:\Games\bin\ibserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - E:\Games\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - D:\Program Files\USB Safely Remove\USBSRService.exe


End of file - 9650 bytes

Нужно было конечно отдельным файлом…ну да ладно.

Вроде бы нет ни чего такого…

  1. Windows XP SP2 ---- >> SP3 бы накатить и все заплатки

  2. Avast + COMODO Internet Security (в нем тоже ведь АВ есть)…нет конфликтов?