Win32/Bubnix

Zpráva

kormuthka · #1 Příspěvek od **kormuthka** » 21 led 2013 22:30

Uz sa niekolko hodin snazit zbavit tronského kona Win32/Bubnix, zahlasil mi ho Nod 32 po spusteni PC, naistalovala som si SpyHunter a jemu asi podobni PC TOOls Doctor, ale nasli mi len hrozby a samozrejme, že som sa dalej nedostala, lebo pre ich odstranenie potrebujem plnu verziu.

prosim, mohol by mi niekto pomoct vyriesit moj problem?

dakujem

#2 Příspěvek od **vyosek** » 21 led 2013 22:33

Zdravim, pekny vecer preji a vitam Vas u nas na foru

Oba ty radoby antimalware produkty odinstalujte (Spy Huntera i PC Tools)

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

kormuthka · #3 Příspěvek od **kormuthka** » 22 led 2013 11:34

dobry den, dakujem, ze ste sa ma ujali,

uz vcera som oba odistalovala, ale zas som naistalova skybot, mam aj tento program odistalovat?

data som si zalohovala.

z RSIT log, zaslem, ked opet budem na svojom pc, nechcem sa zbytocne prihlasovat, nastrasilo ma, čo vsetko zmoze tento tronsky kon cez net.

dakujem

neviem, kedy sa nam podari pripojit oba na rovnaky cas, budem prihlasena na mailu, a upozorni ma sprava ale skor predpokladam, že tak po osmej

este raz vdaka

#4 Příspěvek od **vyosek** » 22 led 2013 13:59

Odinstalujte i Spybot - Search & Destroy - program ma uz nejlepsi leta davno za sebou a posledni cca 3 roky neni schopen celit aktualnim hrozbam

Ja tu budu prubezne nahlizet cele odpoledne a vecer, takze myslim ze se tu potkame

kormuthka · #5 Příspěvek od **kormuthka** » 22 led 2013 20:15

odinstalovala som skybot

dufam, ze co potrebujete je nasledovne:

Logfile of random's system information tool 1.06 (written by random/random)
Run by anička at 2013-01-22 20:13:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (36%) free of 54 GB
Total RAM: 894 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:01, on 22. 1. 2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Silvercrest NM1005 driver\StartAutorun.exe
C:\Program Files\Silvercrest NM1005 driver\KMConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\anička\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Silvercrest NM1005 driver\KMProcess.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\anička\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\anička\Dokumenty\Preberanie\RSIT(1).exe
C:\Program Files\trend micro\anička.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Service ... plcache=2/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://cs.intl.acer.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.st.sk:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.st.sk;192.*;172.*;10.*;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Silvercrest NM1005 driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\anička\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1290792843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4777981250
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate1ca9111331f92bd) (gupdate1ca9111331f92bd) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 11341 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1181458986-386484136-2996181770-1006Core1cd949c1d937728.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-06 439872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23 1137784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-12-17 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16 3942048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [2012-12-17 1000984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-09-06 439872]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-12-17 192144]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll [2012-10-23 1137784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-18 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-18 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-27 16248320]
"KMCONFIG"=C:\Program Files\Silvercrest NM1005 driver\StartAutorun.exe [2007-03-06 212992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-12-13 421160]
"DivX Download Manager"=C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe start []
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-11-26 5074384]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-03 68856]
"Google Update"=C:\Documents and Settings\anička\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-08-04 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Security Service]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^anička^Nabídka Start^Programy^Po spuštění^wwwzuc32.exe]
C:\Documents and Settings\anička\Nabídka Start\Programy\Po spuštění\wwwzuc32.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-04-27 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe"="C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe:*:Enabled:ASUS Device Discovery Application"
"C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe"="C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe:*:Enabled:ASUS Firmware Restoration Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\anička\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\anička\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{079f722e-b826-11dd-8b75-0016d4627a71}]
shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08ab3252-a823-11dc-9a61-0016d4627a71}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - F:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d675580-7dc7-11dd-8cea-0016d4627a71}]
shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3ec47c2-2848-11dd-8a8c-0016d4627a71}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\isi32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e35118fa-14f2-11dc-99ab-0016d4627a71}]
shell\AutoRun\command - E:\Server.exe

======List of files/folders created in the last 1 months======

2013-01-22 19:55:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-21 23:11:18 ----D---- C:\Program Files\Spybot - Search & Destroy 2
2013-01-21 22:45:51 ----SHD---- C:\Config.Msi
2013-01-21 21:54:52 ----D---- C:\Program Files\trend micro
2013-01-21 21:54:49 ----D---- C:\rsit
2013-01-21 21:18:56 ----A---- C:\WINDOWS\BDTSupport.dll
2013-01-21 21:18:54 ----A---- C:\WINDOWS\SGDetectionTool.dll
2013-01-21 21:18:53 ----A---- C:\WINDOWS\PCTBDCore.dll
2013-01-21 21:18:52 ----A---- C:\WINDOWS\PCTBDRes.dll
2013-01-21 21:08:20 ----D---- C:\Program Files\PC Tools
2013-01-21 21:03:06 ----D---- C:\Program Files\Common Files\PC Tools
2013-01-21 21:02:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-01-21 21:02:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Tools
2013-01-21 21:02:32 ----D---- C:\Documents and Settings\anička\Data aplikací\TestApp
2013-01-21 20:15:17 ----D---- C:\Program Files\Enigma Software Group
2013-01-21 20:13:22 ----D---- C:\WINDOWS\DDABC66756B3412282B02F5782EA2F9A.TMP
2013-01-21 20:13:13 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2013-01-21 20:11:38 ----D---- C:\Program Files\Mozilla Firefox
2013-01-11 13:29:43 ----D---- C:\Program Files\Adobe
2013-01-11 13:29:42 ----D---- C:\Program Files\Common Files\Adobe
2013-01-11 12:49:05 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-01-09 16:57:29 ----HD---- C:\WINDOWS\$NtUninstallKB2757638$
2012-12-28 14:52:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2012-12-28 14:34:18 ----HD---- C:\WINDOWS\$NtUninstallKB2753842-v2$

======List of files/folders modified in the last 1 months======

2013-01-22 19:56:04 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2013-01-22 03:52:52 ----A---- C:\WINDOWS\wininit.ini
2013-01-09 17:04:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-01-09 16:57:40 ----A---- C:\WINDOWS\imsins.BAK
2013-01-09 16:53:04 ----A---- C:\WINDOWS\system32\MRT.exe
2013-01-06 06:33:56 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-05-10 43008]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2012-10-08 159832]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2012-10-08 104736]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys []
R2 int15;int15; \??\C:\WINDOWS\system32\drivers\int15.sys []
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-18 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-18 55936]
R2 tvicport;tvicport; \??\C:\WINDOWS\system32\drivers\tvicport.sys []
R2 zntport;zntport; \??\C:\WINDOWS\system32\drivers\zntport.sys []
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-01-24 488448]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-27 1540096]
R3 Cam5603D;Acer OrbiCam; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-05-12 806272]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-05-24 61056]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-05-24 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-05-24 74752]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-06-12 990592]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-06-12 208384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-06-02 6144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-06-12 727808]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver; \??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver; \??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [2006-01-11 194048]
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 KMWDFilter;KMWDFilter; \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PcaSp50;Rawether NDIS 5.X SPR Protocol Driver; C:\WINDOWS\system32\DRIVERS\PcaSp50.sys [2006-11-28 52800]
S3 PCTBD;PC Tools Browser Defender Driver; C:\WINDOWS\System32\Drivers\PCTBD.sys [2012-10-23 62688]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-12-09 46592]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-19 13056]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-19 19968]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-19 24832]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcerMemUsageCheckService;Memory Check Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2006-03-29 28672]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-27 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [2012-10-23 580728]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [2006-04-27 254050]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [2006-04-27 114784]
R2 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [2006-04-27 61440]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-11-26 1329304]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe [2007-06-16 208896]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-02-17 73728]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-01-21 143360]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S2 gupdate1ca9111331f92bd;Služba Google Update (gupdate1ca9111331f92bd); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-09 133104]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 251400]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-09 133104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-21 194032]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-21 115608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#6 Příspěvek od **vyosek** » 22 led 2013 20:17

Tam toho je, cela zoo i s babkou pokladni

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

kormuthka · #7 Příspěvek od **kormuthka** » 22 led 2013 20:58

vyosek píše: Tam toho je, cela zoo i s babkou pokladni

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)
Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308

Spustte a kliknete na Deletion

Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

############################## | UsbFix V 7.096 | [Deletion]

User: anička (Administrator) # PODSIVKA02
Updated 15/08/2012 by El Desaparecido
Started at 20:48:16 | 22/01/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Acer (Aspire 3100 ) (X86-based PC) # Notebook
CPU: Mobile AMD Sempron(tm) Processor 3400+ (1795)
RAM -> [Total : 894 | Free : 397]
BIOS: Ver 1.00PARTTBL
BOOT: Normal boot

OS: Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 53 Gb (19 Mb free - 36%) [ACER] # FAT32
D:\ -> Fixed drive # 54 Gb (38 Mb free - 70%) [ACERDATA] # FAT32
E:\ -> CD-ROM
F:\ -> Removable drive # 498 Mb (306 Mb free - 62%) [] # FAT
G:\ -> Removable drive # 15 Gb (15 Mb free - 99%) [Transcend] # FAT32
H:\ -> Fixed drive # 466 Gb (281 Mb free - 60%) [SAMSUNG] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (516)
C:\WINDOWS\system32\winlogon.exe (612)
C:\WINDOWS\system32\services.exe (656)
C:\WINDOWS\system32\lsass.exe (668)
C:\WINDOWS\system32\Ati2evxx.exe (812)
C:\WINDOWS\system32\svchost.exe (824)
C:\WINDOWS\System32\svchost.exe (928)
C:\WINDOWS\system32\spoolsv.exe (1348)
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (1804)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1856)
C:\Program Files\Bonjour\mDNSResponder.exe (1876)
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (1900)
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe (1952)
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (1992)
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (2016)
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (2024)
C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe (216)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (236)
C:\WINDOWS\system32\Ati2evxx.exe (508)
C:\Program Files\CyberLink\Shared Files\RichVideo.exe (772)
C:\WINDOWS\Explorer.EXE (1044)
C:\WINDOWS\system32\svchost.exe (1124)
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe (2080)
C:\WINDOWS\RTHDCPL.EXE (2852)
C:\Program Files\Silvercrest NM1005 driver\StartAutorun.exe (2876)
C:\Program Files\Silvercrest NM1005 driver\KMConfig.exe (2960)
C:\Program Files\iTunes\iTunesHelper.exe (2964)
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (2976)
C:\WINDOWS\system32\ctfmon.exe (3028)
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3036)
C:\Documents and Settings\anička\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe (3048)
C:\Program Files\Silvercrest NM1005 driver\KMProcess.exe (3164)
C:\Program Files\iPod\bin\iPodService.exe (3376)
C:\Program Files\Mozilla Firefox\firefox.exe (2300)
C:\WINDOWS\System32\svchost.exe (3252)
C:\Program Files\Mozilla Firefox\plugin-container.exe (2144)
C:\Documents and Settings\anička\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe (2136)
C:\Program Files\Mozilla Firefox\plugin-container.exe (2116)
C:\WINDOWS\system32\NOTEPAD.EXE (3272)
C:\UsbFix\Go.exe (3912)

################## | Stopped processes |

Stopped! C:\WINDOWS\system32\Ati2evxx.exe (812)
Stopped! C:\WINDOWS\system32\spoolsv.exe (1348)
Stopped! C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (1804)
Stopped! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1856)
Stopped! C:\Program Files\Bonjour\mDNSResponder.exe (1876)
Stopped! C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (1900)
Stopped! C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe (1952)
Stopped! C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (1992)
Stopped! C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe (2016)
Stopped! C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (2024)
Stopped! C:\Program Files\Silvercrest NM1005 driver\KMWDSrv.exe (216)
Stopped! C:\Program Files\Common Files\LightScribe\LSSrvc.exe (236)
Stopped! C:\WINDOWS\system32\Ati2evxx.exe (508)
Stopped! C:\Program Files\CyberLink\Shared Files\RichVideo.exe (772)
Stopped! C:\WINDOWS\Explorer.EXE (1044)
Stopped! C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe (2080)
Stopped! C:\WINDOWS\RTHDCPL.EXE (2852)
Stopped! C:\Program Files\Silvercrest NM1005 driver\StartAutorun.exe (2876)
Stopped! C:\Program Files\Silvercrest NM1005 driver\KMConfig.exe (2960)
Stopped! C:\Program Files\iTunes\iTunesHelper.exe (2964)
Stopped! C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (2976)
Stopped! C:\WINDOWS\system32\ctfmon.exe (3028)
Stopped! C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (3036)
Stopped! C:\Documents and Settings\anička\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe (3048)
Stopped! C:\Program Files\Silvercrest NM1005 driver\KMProcess.exe (3164)
Stopped! C:\Program Files\iPod\bin\iPodService.exe (3376)
Stopped! C:\Program Files\Mozilla Firefox\firefox.exe (2300)
Stopped! C:\Program Files\Mozilla Firefox\plugin-container.exe (2144)
Stopped! C:\Documents and Settings\anička\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe (2136)
Stopped! C:\Program Files\Mozilla Firefox\plugin-container.exe (2116)
Stopped! C:\WINDOWS\system32\NOTEPAD.EXE (3272)

################## | Files # Infected Folders |

Deleted ! D:\Google Chrome.lnk
Deleted ! C:\WINDOWS\antiv.exe
Deleted ! H:\SamsungSoftware\APPInst.exe
Deleted ! C:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013
Deleted ! D:\kmp.exe
Deleted ! H:\Autorun.inf

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\software\microsoft\shared tools\msconfig\startupreg\Internet Security Service

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{079f722e-b826-11dd-8b75-0016d4627a71}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{5d675580-7dc7-11dd-8cea-0016d4627a71}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c3ec47c2-2848-11dd-8a8c-0016d4627a71}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{e35118fa-14f2-11dc-99ab-0016d4627a71}

################## | Listing |

[18/08/2004 - 20:00:00 | D ] C:\VALUEADD
[18/08/2004 - 20:00:00 | D ] C:\dotnetfx
[22/08/2010 - 23:36:28 | D ] C:\FOUND.000
[22/03/2011 - 08:36:04 | D ] C:\FOUND.001
[11/11/2011 - 12:13:32 | D ] C:\FOUND.002
[22/01/2013 - 19:55:22 | ASH | 1409286144] C:\pagefile.sys
[23/02/2006 - 11:38:08 | D ] C:\Sysinfo
[29/11/2011 - 09:23:38 | D ] C:\FOUND.003
[01/12/2011 - 09:24:04 | D ] C:\FOUND.004
[23/02/2006 - 11:38:04 | D ] C:\WINDOWS
[02/06/2006 - 16:47:06 | D ] C:\Documents and Settings
[02/06/2006 - 16:53:56 | D ] C:\Program Files
[19/01/2012 - 09:36:08 | D ] C:\FOUND.005
[29/03/2012 - 16:47:52 | D ] C:\FOUND.006
[07/12/2012 - 20:47:18 | D ] C:\FOUND.008
[27/06/2012 - 19:33:12 | D ] C:\FOUND.007
[02/06/2006 - 17:29:12 | D ] C:\Acer
[18/08/2004 - 20:00:00 | N | 4952] C:\Bootfont.bin
[10/05/2008 - 13:02:00 | N | 250576] C:\ntldr
[18/08/2004 - 20:00:00 | N | 47564] C:\NTDETECT.COM
[02/06/2006 - 16:54:56 | N | 0] C:\CONFIG.SYS
[02/06/2006 - 17:25:30 | N | 50] C:\AUTOEXEC.BAT
[02/06/2006 - 16:54:56 | N | 0] C:\IO.SYS
[02/06/2006 - 16:54:56 | N | 0] C:\MSDOS.SYS
[21/01/2013 - 21:54:50 | D ] C:\rsit
[24/05/2010 - 17:05:06 | N | 223] C:\boot.ini
[21/01/2013 - 22:45:52 | D ] C:\Config.Msi
[22/01/2013 - 20:47:08 | D ] C:\UsbFix
[22/01/2013 - 20:47:14 | N | 6120] C:\UsbFix.txt
[07/06/2007 - 10:57:58 | SHD ] C:\system volume information
[07/06/2007 - 15:23:18 | RHD ] C:\MSOCache
[08/06/2007 - 12:37:52 | SHD ] C:\Recycled
[06/09/2007 - 17:41:32 | D ] C:\Temp
[26/04/2008 - 08:06:26 | RSHD ] C:\RECYCLER
[29/08/2009 - 23:39:18 | D ] C:\21265f0245f35d673d7b
[04/12/2012 - 10:55:22 | D ] D:\PC
[28/12/2011 - 11:24:32 | D ] D:\anninka
[20/12/2006 - 02:27:32 | SHD ] D:\System Volume Information
[13/04/2007 - 20:59:32 | D ] D:\skolaTF
[28/12/2011 - 11:16:52 | D ] D:\záverecné prace
[28/12/2011 - 11:24:46 | D ] D:\byt
[20/03/2012 - 17:45:20 | D ] D:\100CANON
[19/10/2012 - 10:35:26 | D ] D:\dasaakaja
[28/12/2011 - 13:37:04 | D ] D:\sloaPF
[21/01/2012 - 20:46:54 | D ] D:\150
[26/09/2012 - 22:11:30 | D ] D:\AcompaĄamiento
[19/10/2012 - 10:36:42 | D ] D:\vyvolonie zima
[22/01/2013 - 04:36:48 | D ] D:\plocha zaloha
[28/12/2012 - 15:12:26 | D ] D:\seminarkyNOVkob
[01/03/2007 - 18:53:24 | D ] D:\hudba
[14/03/2007 - 13:14:10 | SHD ] D:\Recycled
[13/04/2007 - 21:07:36 | D ] D:\ANICKA
[28/05/2007 - 13:39:08 | D ] D:\Obrázky
[09/05/2008 - 12:36:24 | ASH | 17408] D:\Thumbs.db
[12/11/2012 - 16:44:54 | D ] F:\VÝUKA
[29/11/2012 - 16:54:36 | D ] F:\knihagaju
[04/12/2012 - 10:46:54 | D ] F:\zivotopis
[19/10/2012 - 10:21:50 | N | 1629903] F:\IMG_5026.JPG
[12/12/2012 - 12:24:58 | N | 3910427] F:\IMG_6674.JPG
[20/11/2012 - 08:12:02 | D ] F:\PC
[19/12/2012 - 14:59:48 | D ] F:\vse
[29/11/2012 - 16:54:12 | D ] F:\pf
[08/01/2013 - 16:17:20 | D ] G:\PC
[14/01/2013 - 21:03:50 | D ] G:\MP3
[14/01/2013 - 21:03:56 | D ] G:\AD_výuka
[15/01/2013 - 19:26:22 | N | 21207] G:\Volný_čas_ve_středověku_-_oprava.docx
[11/01/2013 - 12:51:28 | N | 63241] G:\na web2.JPG
[11/01/2013 - 12:49:46 | N | 47600] G:\na web1.JPG
[11/01/2013 - 12:53:36 | N | 7669] G:\na web.jpg
[11/01/2013 - 12:45:42 | N | 25088] G:\curriculum vitae na TF.doc
[22/01/2013 - 19:31:04 | N | 30208] G:\plan do MS.doc
[27/10/2009 - 15:51:14 | D ] H:\SamsungSoftware
[01/01/2010 - 00:00:34 | D ] H:\BUDA
[25/12/2009 - 17:18:24 | SHD ] H:\System Volume Information
[28/12/2009 - 19:20:24 | SHD ] H:\Recycled
[17/03/2010 - 12:53:32 | SHD ] H:\$RECYCLE.BIN
[04/06/2012 - 21:43:18 | D ] H:\FOTO
[04/06/2012 - 21:43:32 | D ] H:\FILM
[04/06/2012 - 21:52:30 | D ] H:\ŠKOLA
[04/06/2012 - 22:04:00 | D ] H:\ANIMACE
[02/08/2012 - 19:46:04 | D ] H:\video
[26/09/2012 - 22:59:52 | D ] H:\fotky
[12/11/2012 - 16:39:16 | D ] H:\vše
[19/10/2012 - 10:21:50 | N | 1629903] H:\IMG_5026.JPG
[12/12/2012 - 12:24:58 | N | 3910427] H:\IMG_6674.JPG
[31/10/2012 - 15:07:20 | N | 328618] H:\4_VOP.pdf
[30/11/2012 - 17:33:04 | N | 20480] H:\~WRD0000.tmp
[22/01/2013 - 04:39:44 | D ] H:\ACERDATA (D)

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_PODSIVKA02.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.

################## | E.O.F |

kormuthka · #8 Příspěvek od **kormuthka** » 22 led 2013 21:00

len asi ten program nemam na ploche,

#9 Příspěvek od **vyosek** » 22 led 2013 21:05

Programy priste pro snazsi praci ukladejte na plochu

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

kormuthka · #10 Příspěvek od **kormuthka** » 22 led 2013 21:13

1. prvu cast mam
pre druhu musim ist na administratora, teda budem chvilu odpojena

dakujem

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/22/2013 09:10:58 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 .archivioadulti.com
127.0.0.1 .internet-explorer.name
127.0.0.1 .katasearch.com
127.0.0.1 .preferiti-windows.com
127.0.0.1 .qoogler.com
127.0.0.1 .tuttoavolonta.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 15348 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 01/22/2013 09:11:54 PM
Execution time: 0 hours(s), 0 minute(s), and 56 seconds(s)

#11 Příspěvek od **vyosek** » 22 led 2013 21:14

OK, pockam si na log z ComboFix

kormuthka · #12 Příspěvek od **kormuthka** » 22 led 2013 21:47

Prihlasila som sa cez iny pc, aby ste vedeli, ze sa na tom stale pracuje
na tom mojom pc program stale pracuje

#13 Příspěvek od **vyosek** » 22 led 2013 22:01

OK, tak jej nechte pekne makat

kormuthka · #14 Příspěvek od **kormuthka** » 22 led 2013 22:23

len dufam, ze mu to nebude dlho trvat, aby som vas moc nezdrzovala

#15 Příspěvek od **vyosek** » 22 led 2013 22:24

Nic se nedeje, ja tu tak do pulnoci budu...naskakuji tam postupne dokoncene faze??? je jich cca 50

VIRY.CZ

Win32/Bubnix

Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix

Re: Win32/Bubnix