Odkaz na usb na C:\Windows\System32

Dneska som v "copy centre" dostal na kluc darcek, asi nejaky druh viru. Po odpojení kluca na nom sice data zostali, ale ich tam nevidno namiesto toho tam je len odkaz na ktorý ma odkazal na C:\Windows\System32, (asi bola chyba ze som ho otvoril:D) ked dam propperties tak v targete je C:\WINDOWS\system32\rundll32.exe ~$WBJR.FAT32,_ldr@16 desktop.ini RET TLS " " ... avast nic nenasiel, nemate s tym niekto skusenost?

Stiahni si USBFIX z http://www.infospyware.com/utiles/usbfix/
Zapoj USB kluče externe disky a pod
Spusť a klikni na Listing
po skončení vybehne log budeš ho mať na C:\UsbFix.txt vlož ho sem .

############################## | UsbFix V 7.096 | [Listing]

User: martin (Administrator) # MARTIN-PC
Updated 15/08/2012 by El Desaparecido
Started at 10:27:54 | 15/02/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: ASUSTeK Computer Inc. (K50IP ) (x64-based PC) # Notebook
CPU: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz (2100)
RAM -> [Total : 4095 | Free : 1782]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows 7 Professional (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 136 Gb (6 Mb free - 4%) [] # NTFS
D:\ -> Fixed drive # 320 Gb (263 Mb free - 82%) [New Volume] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
H:\ -> Removable drive # 4 Gb (3 Mb free - 69%) [MYLINUXLIVE] # FAT32

################## | Listing |

[21/10/2012 - 11:32:41 | SHD ] C:\$Recycle.Bin
[29/12/2012 - 21:26:51 | D ] C:\D
[29/11/2012 - 10:43:59 | D ] C:\dipl
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[05/11/2012 - 08:46:02 | A | 14] C:\end
[20/01/2013 - 21:33:41 | D ] C:\Games
[14/02/2013 - 07:30:28 | ASH | 3220647936] C:\hiberfil.sys
[21/01/2013 - 09:38:45 | D ] C:\LogTemp
[21/10/2012 - 20:00:37 | RHD ] C:\MSOCache
[06/12/2012 - 00:24:46 | D ] C:\Office 2010 Developer Resources
[14/02/2013 - 07:30:33 | ASH | 4294201344] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[02/12/2012 - 16:18:30 | D ] C:\Pm
[28/06/2012 - 09:54:06 | D ] C:\PmInstall
[07/02/2013 - 08:25:31 | RD ] C:\Program Files
[15/02/2013 - 10:08:29 | RD ] C:\Program Files (x86)
[15/02/2013 - 10:08:32 | HD ] C:\ProgramData
[21/10/2012 - 11:32:18 | SHD ] C:\Recovery
[13/02/2013 - 17:35:05 | SHD ] C:\System Volume Information
[03/02/2013 - 12:00:21 | D ] C:\temp
[15/02/2013 - 10:27:59 | D ] C:\UsbFix
[15/02/2013 - 10:27:45 | A | 2140] C:\UsbFix.txt
[21/10/2012 - 18:19:07 | RD ] C:\Users
[15/02/2013 - 07:46:28 | D ] C:\Windows
[08/12/2012 - 15:31:25 | SHD ] D:\$RECYCLE.BIN
[09/01/2013 - 18:40:05 | D ] D:\Downloads
[27/12/2012 - 11:40:51 | RAD ] D:\Music
[15/02/2013 - 08:35:36 | ASH | 0] H:\autorun.inf
[15/02/2013 - 08:35:38 | SHD ] H:\ 
[15/02/2013 - 08:35:52 | RASH | 338] H:\Thumbs.db
[15/02/2013 - 08:35:52 | A | 459] H:\MYLINUXLIVE (4GB).lnk

################## | E.O.F |



H:\ je infikovany kluc
stiahol som si aj antimalware od malwarebytes ten nasiel zopar zaujimavych veci:
C:\Users\martin\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe (Trojan.Backdoor.MRX) -> Žiadna úloha nevykonaná.
C:\$Recycle.Bin\S-1-5-21-394793741-1729996374-813867596-1001\$R5WEG3J.exe (Malware.Packer.GenX) -> Žiadna úloha nevykonaná.
C:\$Recycle.Bin\S-1-5-21-394793741-1729996374-813867596-1001\$RW94QXN.exe (Trojan.Backdoor.MRX) -> Žiadna úloha nevykonaná.

tie položky zmáž

Znovu spusť USBFIX zo zapojenimy zariadeniami
Daj volbu Deletion

Stiahni si RSIT z http://images.malwareremoval.com/random/RSIT.exe pre 64 bit verzie http://images.malwareremoval.com/random/RSITx64.exe spusť daj continue chvíľu počkaj dokým sa vygeneruje log keď ho vygeneruje nájdeš ho na C:\rsit\log.txt log vlož sem

a daj toho avasta preč ( ak to nieje origo full platená verzia ), potom tam daj aviru, alebo stiahni najnovší eset smart sec. 6, možno pouvažuješ nad kúpou.

mam 64, log je tu https://www.dropbox.com/s/1gfe4bzpwtkxcak/info.txt
inak neviem ci to je nejak suvisi, ale po odstranenim USBfixom, (musel som podla instrukcii vypnut avast) mi vyskocilo ze bol zablokovany pokus o zmenu domovskej stranky (proces GO.exe)

to je info a nie log.txt

https://www.dropbox.com/s/1qxe6kpj4dr82be/log.txt sorry

a log z mazania usbfix by nebol
Stiahni si AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
ulož ho na plochu Spusť program stlač tlačidlo search
Po skene sa objaví log budeš ho mať na systémovom disku ako AdwCleaner[R?].txt cely obsah vlož sem

https://https://www.dropbox.com/s/dlrz89mca3ioqtv/AdwCleaner%5BR3%5D.txt
https://www.dropbox.com/s/nuznp18y49ucnw7/UsbFix.txt
tu su obidve

Spusť adwcleaner stlač tlačidlo delete pre odsúhlasenie stlač OK počítač sa reštartuje
log budeš ho mať na systémovom disku ako AdwCleaner[S?].txt cely obsah vlož sem

tu to je
https://www.dropbox.com/s/yll3qz1pks15o3g/AdwCleaner%5BS1%5D.txt

Stiahni si RKill z http://download.bleepingcomputer.com/grinler/rkill.com
ulož ho na plochu Spusť Rkill
program ukonči všetky procesi teda aj malware
Na ploche sa vytvori rkill.txt vlož ho sem
Teraz nereštartuj PC
Aplikuj hneď combofix


Stihni si combofix z http://download.bleepingcomputer.com/sUBs/ComboFix.exe ulož ho na plochu
Vypni všetky rezidentné štíty antiviru a antyspyware
Pre WIN XP spuštaj pod administrátorom
Pre WIN Vista a WIN 7 klikny na combofix pravým tlačidlom daj spustiť ako správca
Hneď po zapnutý okno z licečnimi podmienkami stlač tlačidlo áno
Keď ty combofix ponúkne inštalovať konzolu pre zotavenie odsúhlas inštaláciu tlačidlom ANO
Behom scanu nechaj combofix pracovať nerob nič na PC
Scan môže trvať cca 10 min všetko zaleží od toho v akom stave je PC môže sa to predlžiť o dvojnásobok
Po dokončení skenovanie combofix reštartuje PC a zobrazí sa log budeš ho mať na C:\ComboFix.txt vlož ho sem
Nože sa stať že systém nenabehne v tom prípade použi poslednú známu konfiguráciu http://support.microsoft.com/kb/307852/sk

https://www.dropbox.com/s/bmnza5m0l8o9hl4/ComboFix.txt
uz sme k niecomu dospeli?:O

Keď nemáš combofix tak ho presuň na plochu
Spusť poznámkový blok
skopíruj script do poznámkového bloku

Ulož vytvorený TXT súbor ako CFScript
Pretiahni cfscript cez combofix aplikuje sa script
Po aplikovaný scriptu a možnom reštarte pc vlož log sem

Stiahni si tdsskiller http://support.kaspersky.com/downloads/ ... killer.exe na plochu
Spusť daj scan nič nemaž
C:\TDSSKiller.2.8.15.0._datum_log.txt , vlož sem celý log

cavte, ja mam tiez taky problem, ked otvorim usb tak mi vyhodi okno kde je odkaz usb a ked nan kliknem tak mi otvori nove okno so subormi co su v usb....ako opravim dunll32.exe???...skusal som par veci cez cmd ale stale mi to ukazuje zlozku dunll32.exe v pc vizirovo ako (modru knizku BAK) a malo by mi to ukazovat ako exe.

ahoj
Stiahni si USBFIX z http://www.infospyware.com/utiles/usbfix/
Zapoj USB kluče externe disky a pod
Spusť a klikni na Listing
po skončení vybehne log budeš ho mať na C:\UsbFix.txt vlož ho sem .

No ked spustim listing tak mi otvori txt a tem mi ulozi ci mam ho dakde ulozit???

obsah skopíruj sem

kde sem?...uz ked mi to otvorilo txt a som ho zavrel..a znovu spustil usb tak uz mi nejde cez odkaz

no sem na forum obsah txt suboru skopiruj

############################## | UsbFix V 7.118 | [Listing]

User: MILOŠ (Administrator) # MILOŠ-PC
Updated 24/03/2013 by El Desaparecido
Started at 14:29:52 | 27/03/2013

Website: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org

PC: Acer (Aspire 6930G ) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz (2000)
RAM -> [Total : 3066 | Free : 856]
BIOS: ZK2 v0.3204 3B04
BOOT: Normal boot

OS: Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET NOD32 Antivirus 4.2 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 144 Gb (27 Mb free - 19%) [ACER] # NTFS
D:\ -> Fixed drive # 140 Gb (14 Mb free - 10%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 8 Gb (7 Mb free - 99%) [Miloš] # NTFS

################## | Listing |

[08/04/2010 - 11:31:14 | SHD ] C:\$RECYCLE.BIN
[08/04/2010 - 12:18:58 | D ] C:\ACER
[16/12/2010 - 19:23:45 | D ] C:\Autodesk
[18/09/2006 - 22:43:36 | A | 24] C:\autoexec.bat
[26/11/2008 - 07:42:13 | AD ] C:\book
[27/03/2013 - 21:49:11 | SHD ] C:\Boot
[11/04/2009 - 07:36:36 | RASH | 333257] C:\bootmgr
[26/11/2008 - 08:16:51 | RAS | 8192] C:\BOOTSECT.BAK
[08/04/2010 - 12:05:05 | D ] C:\CLSetup
[18/09/2006 - 22:43:37 | A | 10] C:\config.sys
[02/11/2006 - 14:02:03 | SHD ] C:\Documents and Settings
[26/02/2013 - 21:20:28 | D ] C:\Downloads
[04/03/2013 - 18:33:49 | A | 0] C:\END
[25/03/2013 - 09:23:56 | D ] C:\EnergyPlusV7-2-0
[27/03/2013 - 13:05:48 | ASH | 3215843328] C:\hiberfil.sys
[26/11/2008 - 06:30:24 | D ] C:\Intel
[23/03/2013 - 14:45:21 | RASH | 0] C:\IO.SYS
[08/04/2010 - 12:05:05 | A | 20] C:\Medion.ini
[23/03/2013 - 14:45:21 | RASH | 0] C:\MSDOS.SYS
[11/04/2010 - 18:48:53 | RHD ] C:\MSOCache
[09/03/2011 - 07:55:56 | D ] C:\NVIDIA
[27/03/2013 - 13:05:45 | ASH | 3529633792] C:\pagefile.sys
[08/04/2010 - 11:57:10 | A | 58] C:\Partition.txt
[21/01/2008 - 03:32:31 | D ] C:\PerfLogs
[26/03/2013 - 20:37:19 | RD ] C:\Program Files
[25/03/2013 - 21:05:28 | HD ] C:\ProgramData
[26/11/2008 - 06:37:32 | A | 646] C:\RHDSetup.log
[20/04/2012 - 13:36:50 | D ] C:\Score
[27/03/2013 - 13:44:02 | SHD ] C:\System Volume Information
[25/03/2013 - 15:38:37 | D ] C:\Temp
[27/03/2013 - 14:29:54 | D ] C:\UsbFix
[27/03/2013 - 14:04:42 | A | 3386] C:\UsbFix [Listing 1 ] MILOŠ-PC.txt
[27/03/2013 - 14:07:07 | A | 3459] C:\UsbFix [Listing 2 ] MILOŠ-PC.txt
[27/03/2013 - 14:29:54 | A | 2663] C:\UsbFix [Listing 3 ] MILOŠ-PC.txt
[13/12/2012 - 19:31:25 | RD ] C:\Users
[27/03/2013 - 22:04:06 | D ] C:\Windows
[08/04/2010 - 11:31:14 | SHD ] D:\$RECYCLE.BIN
[23/03/2013 - 14:44:19 | AD ] D:\Call Of Duty 1 Cz
[25/03/2013 - 20:57:43 | D ] D:\Call of Duty 2
[01/10/2011 - 18:44:18 | SHD ] D:\Config.Msi
[29/01/2013 - 12:45:30 | D ] D:\DOW
[22/03/2013 - 20:28:51 | D ] D:\FILMY
[17/03/2013 - 22:35:00 | D ] D:\MILOŠ
[18/12/2012 - 17:44:58 | D ] D:\Plocha Veci
[11/03/2013 - 15:23:21 | D ] D:\Stavební fyzika 2010
[08/03/2010 - 23:53:42 | SHD ] D:\System Volume Information
[18/03/2013 - 21:46:47 | D ] D:\Tomb Raider 9 CZ (2013)
[27/03/2013 - 14:04:29 | ASH | 0] G:\autorun.inf
[26/03/2013 - 19:34:30 | RASH | 2953] G:\desktop.ini
[26/03/2013 - 19:34:30 | SHD ] G:\ 

################## | E.O.F |

Znovu spusť USBFIX zo zapojenimy zariadeniami
Daj voľbu Deletion
pošli log

ale ja mam halvne problem stim ze mam infikovane rundll32.exe a potrebujem ho znovu dat na nove...a to mi nejde....pozri toto http://www.revthatup.com/how-to-fix-rundll32-exe/
ja potrebujem to spravit

už len rob čo hovorim inak sa nikde nedopracujeme

############################## | UsbFix V 7.118 | [Deletion]

User: MILOŠ (Administrator) # MILOŠ-PC
Updated 24/03/2013 by El Desaparecido
Started at 14:52:08 | 27/03/2013

Website: http://sosvirus.org/
Upload Malware: http://upload.sosvirus.org/
Contact: contact@sosvirus.org" target="_blank" rel="nofollow

PC: Acer (Aspire 6930G ) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz (2000)
RAM -> [Total : 3066 | Free : 1616]
BIOS: ZK2 v0.3204 3B04
BOOT: Normal boot

OS: Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET NOD32 Antivirus 4.2 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 144 Gb (27 Mb free - 19%) [ACER] # NTFS
D:\ -> Fixed drive # 140 Gb (14 Mb free - 10%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 8 Gb (7 Mb free - 99%) [Miloš] # NTFS

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\SOFTWARE | Run : [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
HKLM\SOFTWARE | Run : [RtHDVCpl] - RtHDVCpl.exe
HKLM\SOFTWARE | Run : [ePower_DMC] - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
HKLM\SOFTWARE | Run : [eDataSecurity Loader] - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
HKLM\SOFTWARE | Run : [eAudio] - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
HKLM\SOFTWARE | Run : [BkupTray] - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
HKLM\SOFTWARE | Run : [ProductReg] - "C:\Program Files\Acer\WR_PopUp\ProductReg.exe"
HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [LManager] - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
HKLM\SOFTWARE | Run : [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM\SOFTWARE | Run : [eRecoveryService] -
HKLM\SOFTWARE | Run : [ArcadeDeluxeAgent] - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
HKLM\SOFTWARE | Run : [CLMLServer] - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
HKLM\SOFTWARE | Run : [PlayMovie] - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
HKLM\SOFTWARE | Run : [DAEMON Tools] - "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
HKLM\SOFTWARE | Run : [GrooveMonitor] - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
HKLM\SOFTWARE | Run : [Skytel] - Skytel.exe
HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [AdobeAAMUpdater-1.0] - "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKLM\SOFTWARE | Run : [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\SOFTWARE | Run : [AdobeCS5ServiceManager] - "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
HKLM\SOFTWARE | Run : [egui] - "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1436560887-626234917-1139969595-1000\SOFTWARE | Run : [Google Update] - "C:\Users\MILOŠ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1436560887-626234917-1139969595-1000\SOFTWARE | Run : [ehTray.exe] - C:\Windows\ehome\ehTray.exe
HKU\S-1-5-21-1436560887-626234917-1139969595-1001\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-21-1436560887-626234917-1139969595-1001\SOFTWARE | Run : [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-18\SOFTWARE | Run : [Nokia.PCSync] - D:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\S-1-5-21-1436560887-626234917-1139969595-1001\SOFTWARE | RunOnce : [AcerScrSav] - C:\Windows\Acer\run_NB.exe

################## | Stopped processes |

Stopped! C:\Windows\system32\nvvsvc.exe (992)
Stopped! C:\Windows\system32\SLsvc.exe (1344)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1720)
Stopped! C:\Windows\system32\nvvsvc.exe (1732)
Stopped! C:\Windows\System32\spoolsv.exe (1976)
Stopped! C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (952)
Stopped! C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (1108)
Stopped! C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (1292)
Stopped! C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (1984)
Stopped! C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (1332)
Stopped! C:\Windows\system32\taskeng.exe (2372)
Stopped! C:\Windows\Explorer.EXE (2428)
Stopped! C:\Windows\system32\taskeng.exe (2436)
Stopped! C:\Windows\system32\taskeng.exe (2520)
Stopped! C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2876)
Stopped! C:\Acer\Mobility Center\MobilityService.exe (2892)
Stopped! C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (2928)
Stopped! C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (2996)
Stopped! C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (3048)
Stopped! C:\Windows\system32\PnkBstrA.exe (3088)
Stopped! C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (3232)
Stopped! C:\Windows\system32\SearchIndexer.exe (3328)
Stopped! C:\Windows\system32\DRIVERS\xaudio.exe (3404)
Stopped! C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (3432)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (3764)
Stopped! C:\Windows\System32\alg.exe (4020)
Stopped! C:\Program Files\Windows Defender\MSASCui.exe (880)
Stopped! C:\Windows\RtHDVCpl.exe (2744)
Stopped! C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (940)
Stopped! C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (2272)
Stopped! C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (2784)
Stopped! C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (2776)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2884)
Stopped! C:\Program Files\Launch Manager\QtZgAcer.EXE (1852)
Stopped! C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (124)
Stopped! C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (1680)
Stopped! C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (3504)
Stopped! C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (1428)
Stopped! C:\Program Files\DAEMON Tools\daemon.exe (300)
Stopped! C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (2352)
Stopped! C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (684)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (2316)
Stopped! C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (3848)
Stopped! C:\Windows\ehome\ehtray.exe (2648)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (3884)
Stopped! C:\Windows\ehome\ehmsas.exe (3744)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (4080)
Stopped! C:\Users\MILO~1\AppData\Local\Temp\RtkBtMnt.exe (3176)
Stopped! C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (1900)
Stopped! C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (4220)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (4732)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (4824)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (4856)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (4864)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (4876)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (4916)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (5252)
Stopped! C:\Users\MILOŠ\AppData\Local\Google\Chrome\Application\chrome.exe (5312)
Stopped! C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (5596)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (4084)
Stopped! C:\Windows\System32\WUDFHost.exe (2844)
Stopped! C:\Windows\system32\SearchFilterHost.exe (5236)
Stopped! \\?\C:\Windows\system32\wbem\WMIADAP.EXE (4788)
Stopped! C:\Windows\servicing\TrustedInstaller.exe (3496)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (4156)

################## | Files # Infected Folders |

Deleted ! C:\Users\MILO~1\AppData\Local\Temp\RtkBtMnt.exe
Deleted ! G:\autorun.inf

(!) Temporary files deleted.

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{1156c8f1-0d11-11e0-bf4e-00238b4e6ddf}

################## | Listing |

[08/04/2010 - 11:31:14 | SHD ] C:\$RECYCLE.BIN
[08/04/2010 - 12:18:58 | D ] C:\ACER
[16/12/2010 - 19:23:45 | D ] C:\Autodesk
[18/09/2006 - 22:43:36 | N | 24] C:\autoexec.bat
[26/11/2008 - 07:42:13 | D ] C:\book
[27/03/2013 - 21:49:11 | SHD ] C:\Boot
[11/04/2009 - 07:36:36 | RASH | 333257] C:\bootmgr
[26/11/2008 - 08:16:51 | N | 8192] C:\BOOTSECT.BAK
[08/04/2010 - 12:05:05 | D ] C:\CLSetup
[18/09/2006 - 22:43:37 | N | 10] C:\config.sys
[02/11/2006 - 14:02:03 | SHD ] C:\Documents and Settings
[26/02/2013 - 21:20:28 | D ] C:\Downloads
[04/03/2013 - 18:33:49 | N | 0] C:\END
[25/03/2013 - 09:23:56 | D ] C:\EnergyPlusV7-2-0
[27/03/2013 - 14:47:31 | ASH | 3215843328] C:\hiberfil.sys
[26/11/2008 - 06:30:24 | D ] C:\Intel
[23/03/2013 - 14:45:21 | N | 0] C:\IO.SYS
[08/04/2010 - 12:05:05 | N | 20] C:\Medion.ini
[23/03/2013 - 14:45:21 | N | 0] C:\MSDOS.SYS
[11/04/2010 - 18:48:53 | RHD ] C:\MSOCache
[09/03/2011 - 07:55:56 | D ] C:\NVIDIA
[27/03/2013 - 14:47:29 | ASH | 3529633792] C:\pagefile.sys
[08/04/2010 - 11:57:10 | N | 58] C:\Partition.txt
[21/01/2008 - 03:32:31 | D ] C:\PerfLogs
[26/03/2013 - 20:37:19 | D ] C:\Program Files
[25/03/2013 - 21:05:28 | HD ] C:\ProgramData
[26/11/2008 - 06:37:32 | N | 646] C:\RHDSetup.log
[20/04/2012 - 13:36:50 | D ] C:\Score
[27/03/2013 - 13:44:02 | SHD ] C:\System Volume Information
[25/03/2013 - 15:38:37 | D ] C:\Temp
[27/03/2013 - 14:59:34 | D ] C:\UsbFix
[27/03/2013 - 14:43:31 | N | 8834] C:\UsbFix [Clean 1] MILOŠ-PC.txt
[27/03/2013 - 14:59:56 | A | 11034] C:\UsbFix [Clean 2] MILOŠ-PC.txt
[27/03/2013 - 14:04:42 | N | 3386] C:\UsbFix [Listing 1 ] MILOŠ-PC.txt
[27/03/2013 - 14:07:07 | N | 3459] C:\UsbFix [Listing 2 ] MILOŠ-PC.txt
[27/03/2013 - 14:29:54 | N | 3532] C:\UsbFix [Listing 3 ] MILOŠ-PC.txt
[13/12/2012 - 19:31:25 | D ] C:\Users
[27/03/2013 - 22:04:06 | D ] C:\Windows
[08/04/2010 - 11:31:14 | SHD ] D:\$RECYCLE.BIN
[23/03/2013 - 14:44:19 | D ] D:\Call Of Duty 1 Cz
[25/03/2013 - 20:57:43 | D ] D:\Call of Duty 2
[01/10/2011 - 18:44:18 | D ] D:\Config.Msi
[29/01/2013 - 12:45:30 | D ] D:\DOW
[22/03/2013 - 20:28:51 | D ] D:\FILMY
[17/03/2013 - 22:35:00 | D ] D:\MILOŠ
[18/12/2012 - 17:44:58 | D ] D:\Plocha Veci
[11/03/2013 - 15:23:21 | D ] D:\Stavební fyzika 2010
[08/03/2010 - 23:53:42 | SHD ] D:\System Volume Information
[18/03/2013 - 21:46:47 | D ] D:\Tomb Raider 9 CZ (2013)
[26/03/2013 - 19:34:30 | RASH | 2953] G:\desktop.ini
[26/03/2013 - 19:34:30 | D ] G:\ 

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://sosvirus.org |

Stiahni si RSIT z http://images.malwareremoval.com/random/RSIT.exe pre 64 bit verzie http://images.malwareremoval.com/random/RSITx64.exe spusť daj continue chvíľu počkaj dokým sa vygeneruje log keď ho vygeneruje nájdeš ho na C:\rsit\log.txt log vlož sem