Total comander

[milenium0]

Ahoj

Neviem ci to pomoze, kamarat mi dal na dvd minixp pre pripad virov a padu windowsu,ak som tomu dobre pochopil vyliecit,alebo opravit sa subory nedaju.
Dalo by sa to zkopirovat z toho dvd.

Dakujem s pozdravom

Stano

[milenium0]

Instalacne Cd k windows mam.
Presnejsi nazov mini xp.
Cele dvd sa nazyva hirens boot 9.7
Idem urobit ten proces potom sa urcite ozvem a dufam ze nic nedobabrem.

Zatial

[milenium0]

Posielam log z CF>

ComboFix 10-05-15.03 - Stanley Basta . 05. 2010 13:27:32.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.276 [GMT 2:00]
Running from: c:\documents and settings\Stanley Basta\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Stanley Basta\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\nahrada\wuauclt.exe --> c:\windows\system32\wuauclt.exe
c:\nahrada\userinit.exe --> c:\windows\system32\userinit.exe
c:\nahrada\wscntfy.exe --> c:\windows\system32\wscntfy.exe
c:\nahrada\ctfmon.exe --> c:\windows\system32\ctfmon.exe
c:\nahrada\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-16 to 2010-05-16 )))))))))))))))))))))))))))))))
.

2010-05-16 11:09 . 2010-05-16 11:10 -------- d-----w- C:\Nahrada
2010-05-16 11:00 . 2010-05-16 11:01 -------- d-----w- c:\program files\Crawler
2010-05-16 11:00 . 2010-05-16 11:00 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-05-16 11:00 . 2010-05-16 11:00 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-05-16 11:00 . 2010-05-16 11:00 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-05-16 11:00 . 2010-05-16 11:04 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Spyware Terminator
2010-05-16 11:00 . 2010-05-16 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-05-16 11:00 . 2010-05-16 11:31 -------- d-----w- c:\program files\Spyware Terminator
2010-05-15 17:53 . 2010-05-15 17:53 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\STOPzilla!
2010-05-15 16:56 . 2010-05-15 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-05-15 16:55 . 2010-05-15 16:55 -------- d-----w- c:\program files\Common Files\iS3
2010-05-15 16:55 . 2010-05-15 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-05-15 15:58 . 2010-05-15 22:56 -------- d-----w- C:\totalcmd
2010-05-15 15:58 . 2010-05-15 16:05 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\GHISLER
2010-05-15 11:44 . 2010-05-15 11:47 -------- d-----w- c:\program files\ICQ6.5
2010-05-15 11:12 . 2010-05-15 11:12 126976 ----a-r- c:\documents and settings\Stanley Basta\Application Data\Microsoft\Installer\{750B9AD1-4C63-4143-94C5-6FB304199BAD}\ARPPRODUCTICON.exe
2010-05-15 11:08 . 2010-05-15 11:08 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-15 10:54 . 2010-05-15 11:12 -------- d-----w- c:\program files\Opera
2010-05-15 10:54 . 2010-05-16 07:54 -------- d-----w- c:\program files\DivX
2010-05-14 20:54 . 2010-05-14 20:54 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Lavasoft
2010-05-14 20:53 . 2010-05-15 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-06 17:08 . 2010-05-06 17:08 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\DivX
2010-05-04 20:31 . 2010-05-15 10:54 -------- d-----w- c:\documents and settings\Stanley Basta\Local Settings\Application Data\Google
2010-04-28 20:45 . 2010-04-28 20:45 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\MSN6
2010-04-28 15:29 . 2010-04-28 15:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2010-04-23 09:15 . 2010-05-15 10:55 -------- d-----w- c:\program files\UltraISO
2010-04-23 09:11 . 2010-04-23 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-04-23 09:11 . 2010-05-15 10:55 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-04-22 14:52 . 2010-04-22 14:52 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Ahead
2010-04-22 14:51 . 2003-03-29 13:45 89184 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2010-04-22 14:51 . 2001-07-06 15:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2010-04-22 14:51 . 2001-07-06 11:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2010-04-22 14:51 . 2001-07-06 09:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2010-04-22 14:51 . 2001-06-26 05:15 38912 ----a-w- c:\windows\system32\picn20.dll
2010-04-22 14:51 . 2010-04-22 14:51 -------- d-----w- c:\program files\Common Files\Ahead
2010-04-22 14:51 . 2001-07-09 08:50 163840 ----a-w- c:\windows\system32\NeroCheck.exe
2010-04-22 14:51 . 2010-04-22 14:51 -------- d-----w- c:\program files\Ahead
2010-04-21 07:42 . 2010-04-21 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-15 22:28 . 2010-03-26 11:43 42944 ----a-w- c:\documents and settings\Stanley Basta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-15 17:54 . 2010-03-29 18:01 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\uTorrent
2010-05-15 17:50 . 2010-03-26 15:32 -------- d-----w- c:\program files\uTorrent
2010-05-15 17:47 . 2010-05-15 17:47 568 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-05-15 17:28 . 2010-05-15 16:59 6680 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-15 10:55 . 2010-03-26 10:14 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-15 10:54 . 2010-04-09 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-15 10:29 . 2010-03-26 15:10 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\ICQ
2010-04-09 07:55 . 2010-04-09 07:55 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-04-09 07:48 . 2010-04-09 07:54 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-04-01 16:23 . 2010-04-01 16:23 237568 ----a-w- c:\documents and settings\Stanley Basta\Application Data\bf.exe
2010-04-01 16:23 . 2010-04-01 16:23 237568 ----a-w- c:\documents and settings\Stanley Basta\Application Data\bf.exe
2010-04-01 14:17 . 2010-04-01 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2010-04-01 14:17 . 2010-04-01 14:17 -------- d-----w- c:\program files\GRETECH
2010-04-01 10:00 . 2010-04-01 10:00 -------- d-----w- c:\program files\Microsoft.NET
2010-03-27 18:34 . 2010-03-27 18:34 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\ACD Systems
2010-03-27 18:33 . 2010-03-27 18:33 9856 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-03-27 18:24 . 2010-03-27 18:24 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\InterVideo
2010-03-27 18:24 . 2010-03-27 18:22 -------- d-----w- c:\program files\Common Files\InterVideo
2010-03-27 18:23 . 2010-03-27 18:23 -------- d-----w- c:\program files\InterActual
2010-03-27 18:23 . 2010-03-27 18:23 -------- d-----w- c:\program files\MSXML 4.0
2010-03-27 18:22 . 2010-03-27 18:21 -------- d-----w- c:\program files\InterVideo
2010-03-27 18:22 . 2010-03-26 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 18:22 . 2010-03-27 18:22 -------- d-----w- c:\program files\Creative
2010-03-27 18:16 . 2010-03-27 18:16 -------- d-----w- c:\program files\Disk Explorer Professional 3
2010-03-27 18:14 . 2010-03-27 18:10 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Winamp
2010-03-27 18:12 . 2010-03-27 18:10 -------- d-----w- c:\program files\Winamp
2010-03-27 18:08 . 2010-03-27 18:08 -------- d-----w- c:\program files\Trend Micro
2010-03-27 18:07 . 2010-03-27 18:06 -------- d-----w- c:\program files\AIDA32 - Enterprise System Information
2010-03-27 18:05 . 2010-03-27 18:05 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\AdobeUM
2010-03-27 18:05 . 2010-03-27 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-26 22:04 . 2010-03-26 22:04 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\Media Player Classic
2010-03-26 15:10 . 2010-03-26 15:10 -------- d-----w- c:\program files\ICQ6Toolbar
2010-03-26 15:10 . 2010-03-26 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2010-03-26 12:16 . 2010-03-26 12:15 -------- d-----w- c:\program files\The KMPlayer
2010-03-26 11:49 . 2010-03-26 11:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-26 11:37 . 2010-03-26 09:35 3316 ----a-w- c:\windows\PCHEALTH\HELPCTR\PackageStore\SkuStore.bin
2010-03-26 11:37 . 2010-03-26 09:35 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-26 11:35 . 2010-03-26 09:35 8972 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cntstore.bin
2010-03-26 10:25 . 2010-03-26 10:25 -------- d-----w- c:\program files\ESET
2010-03-26 09:43 . 2010-03-26 09:43 -------- d-----w- c:\documents and settings\Stanley Basta\Application Data\ESET
2010-03-26 09:42 . 2010-03-26 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-03-26 09:36 . 2010-03-26 09:36 -------- d-----w- c:\program files\microsoft frontpage
2010-03-26 09:33 . 2010-03-26 09:33 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2009-08-21 . E9F9CD3C7F2E56505A0AC166580120E3 . 111104 . . [5.4.3790.2180] . . c:\windows\system32\wuauclt.exe
[-] 2004-08-03 . 9332932F3579D326D7F046D692D125B3 . 118272 . . [5.4.3790.2180] . . c:\windows\ServicePackFiles\i386\wuauclt.exe
[-] 2002-08-29 . B7B2508ADAFC608849135756F9450B68 . 146944 . . [5.4.3630.1106] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe

[-] 2009-08-21 . 836F7960362FF95C5D49E40B891F2CFC . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2004-08-03 . DA5551180456E633C90F09235788D463 . 31744 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2002-08-29 . C3ADAA9DCB9CC6E7A23D41843E33EC9A . 29184 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2009-08-21 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-03 . B67BB1B4594EA88CBD7CBA4FEF52C73F . 1039360 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\explorer.exe
[-] 2004-08-03 . 32DB63E7578BEB435D929B9B36E2536C . 1039360 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-08-29 . 22817E22605BC394078313C6B431A2B7 . 1011200 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[-] 2009-08-21 . 93F75FF033BAA186D08115D73BFE3D32 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-03 . B977849F20A4DFBDBD8F57989A1FED96 . 20992 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

[-] 2009-08-21 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-03 . 4A99043FE005301E23D44206CD962053 . 22528 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2002-08-29 . D26E5E192F8B0BD73DEA65957E8599D5 . 20480 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-05-16 3102208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-05-16 2241024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2009-08-21 10:04 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-03-01 10:59 172792 ----a-w- c:\program files\ICQ6.5\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 23:56 1732096 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"d:\\Install\\Total_Commander_v6.01_by_SS-DD\\tc32_v601_pro_activator.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\ESET\\ESET Smart Security\\egui.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9999:TCP"= 9999:TCP:PORT1
"9991:TCP"= 9991:TCP:PORT2
"1013:TCP"= 1013:TCP:BS
"27820:TCP"= 27820:TCP:FD

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [16. 5. 2010 13:00 142592]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21. 12. 2007 8:21 468224]
S4 STOPzilla Local Service;STOPzilla Local Service;c:\program files\STOPzilla!\szntsvc.exe /service "STOPzilla Local Service" --> c:\program files\STOPzilla!\szntsvc.exe [?]
.
.
------- Supplementary Scan -------
.
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-16 13:31
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-05-16 13:34:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-16 11:34
ComboFix2.txt 2010-05-15 22:48

Pre-Run: 22 269 554 688 bytes free
Post-Run: 22 241 263 616 bytes free

- - End Of File - - 990FBAD7D62A1222AF65D11591E14567

tu mam vysledok

[milenium0]

Dal som otestovat opat explore.exe a vyslo toto:

Soubor explorer.exe přijatý 2010.05.16 11:41:44 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.14 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.15 -
Avast 4.8.1351.0 2010.05.16 -
Avast5 5.0.332.0 2010.05.16 -
AVG 9.0.0.787 2010.05.16 -
BitDefender 7.2 2010.05.16 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4858 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.16 -
eSafe 7.0.17.0 2010.05.13 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.15 -
F-Secure 9.0.15370.0 2010.05.15 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.16 -
Ikarus T3.1.1.84.0 2010.05.16 -
Jiangmin 13.0.900 2010.05.15 -
Kaspersky 7.0.0.125 2010.05.16 -
McAfee 5.400.0.1158 2010.05.16 -
McAfee-GW-Edition 2010.1 2010.05.16 -
Microsoft 1.5703 2010.05.16 -
NOD32 5117 2010.05.15 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.16 -
Prevx 3.0 2010.05.16 -
Rising 22.47.06.04 2010.05.16 -
Sophos 4.53.0 2010.05.16 -
Sunbelt 6309 2010.05.16 -
Symantec 20101.1.0.89 2010.05.16 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.16 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.15 -
VirusBuster 5.0.27.0 2010.05.15 -

[milenium0]

Myslite ze to bude v poriadku

[milenium0]

este som otestoval ctfmon.exe:

pripajam log: Soubor ctfmon.exe přijatý 2010.05.16 11:51:28 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.14 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.15 -
Avast 4.8.1351.0 2010.05.16 -
Avast5 5.0.332.0 2010.05.16 -
AVG 9.0.0.787 2010.05.16 -
BitDefender 7.2 2010.05.16 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4858 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.16 -
eSafe 7.0.17.0 2010.05.13 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.15 -
F-Secure 9.0.15370.0 2010.05.15 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.16 -
Ikarus T3.1.1.84.0 2010.05.16 -
Jiangmin 13.0.900 2010.05.15 -
Kaspersky 7.0.0.125 2010.05.16 -
McAfee 5.400.0.1158 2010.05.16 -
McAfee-GW-Edition 2010.1 2010.05.16 -
Microsoft 1.5703 2010.05.16 -
NOD32 5117 2010.05.15 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.16 -
Prevx 3.0 2010.05.16 -
Rising 22.47.06.04 2010.05.16 -
Sophos 4.53.0 2010.05.16 -
Sunbelt 6309 2010.05.16 -
Symantec 20101.1.0.89 2010.05.16 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.16 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.15 -
VirusBuster 5.0.27.0 2010.05.15 -
Rozšiřující informace
File size: 15360 bytes
MD5...: a5baa91475167161dea02ba3c4ca4f59
SHA1..: 17d830b815153c99f89a77371155571bd9a50514
SHA256: 4ef90e04d20982ebdb9d3359788fac5d531bddc8fa68d1364415fdc8c8f14310
ssdeep: 192:WJtGoc4F/MNhlYWpjZC7NpO7MIl8SVPTI7mW7rOi7oLG9lMnMlNgRfcyljrU
FMUF:Ws107NY8MPTIaW7/l9lNgRdJSW781gW
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2e35
timedatestamp.....: 0x41107bfa (Wed Aug 04 06:02:34 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2ab8 0x2c00 6.75 40187d5d4b0b039581448a529e4693ba
.data 0x4000 0x210 0x200 1.07 bd8c5cd346a9f53dc0dbc69260ab2240
.rsrc 0x5000 0x880 0xa00 3.86 32c660509abcbefb521d4bd2b88fe0fc

( 6 imports )
> msvcrt.dll: _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit
> ADVAPI32.dll: RegDeleteValueA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegCreateKeyExA
> KERNEL32.dll: lstrcpynA, lstrlenA, GetSystemDirectoryA, GetSystemWindowsDirectoryA, GetVersionExA, GetACP, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LocalFree, CloseHandle, ResetEvent, OpenEventA, CreateProcessA, lstrcatA, GetSystemInfo, lstrcmpiA, FreeLibrary, LoadLibraryA, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, LocalAlloc, GetProcAddress
> USER32.dll: EnumWindows, GetClassNameA, FindWindowA, PostMessageA, SetTimer, KillTimer, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, GetMessageA, SetWindowPos, LoadCursorA, RegisterClassExA, DefWindowProcA, PostQuitMessage, CreateWindowExA, GetSystemMetrics
> MSCTF.dll: TF_InitSystem, TF_GetGlobalCompartment, TF_InvalidAssemblyListCacheIfExist, TF_InvalidAssemblyListCache, TF_PostAllThreadMsg, TF_CreateCicLoadMutex, TF_UninitSystem
> MSUTB.dll: ClosePopupTipbar, GetPopupTipbar

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: CTF Loader
original name: CTFMON.EXE
internal name: CTFMON
file version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

dufam ze to uz bude v poriadku.

[milenium0]

Prve tri subory ciste a toto mi vypisalo pri poslednom


Soubor imapi.exe přijatý 2010.05.16 12:31:33 (UTC)
Současný stav: Dokončeno
Výsledek: 38/41 (92.69%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 Virus.Win32.Virut!IK
AhnLab-V3 2010.05.16.00 2010.05.15 Win32/Virut.Gen
AntiVir 8.2.1.242 2010.05.14 W32/Virut.Gen
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.15 W32/Virut.gen4
Avast 4.8.1351.0 2010.05.16 Win32:Virtob
Avast5 5.0.332.0 2010.05.16 Win32:Virtob
AVG 9.0.0.787 2010.05.16 Win32/Virut
BitDefender 7.2 2010.05.16 Win32.Virut.M
CAT-QuickHeal 10.00 2010.05.15 W32.Virut.AC
ClamAV 0.96.0.3-git 2010.05.16 W32.Virut-21
Comodo 4858 2010.05.16 Virus.Win32.Virut.BF
DrWeb 5.0.2.03300 2010.05.16 Win32.Virut.35
eSafe 7.0.17.0 2010.05.13 -
eTrust-Vet 35.2.7490 2010.05.15 Win32/Virut.7096
F-Prot 4.5.1.85 2010.05.15 W32/Virut.gen4
F-Secure 9.0.15370.0 2010.05.16 Win32.Virut.M
Fortinet 4.1.133.0 2010.05.16 W32/Virut.J
GData 21 2010.05.16 Win32.Virut.M
Ikarus T3.1.1.84.0 2010.05.16 Virus.Win32.Virut
Jiangmin 13.0.900 2010.05.16 Win32/Virut.ar
Kaspersky 7.0.0.125 2010.05.16 Virus.Win32.Virut.bf
McAfee 5.400.0.1158 2010.05.16 W32/Virut.j
McAfee-GW-Edition 2010.1 2010.05.16 Heuristic.LooksLike.Win32.SuspiciousPE.J
Microsoft 1.5703 2010.05.16 Virus:Win32/Virut.AQ
NOD32 5117 2010.05.15 Win32/Virut.BF
Norman 6.04.12 2010.05.16 W32/Virut.BH
nProtect 2010-05-16.01 2010.05.16 Virus/W32.Virut.K
Panda 10.0.2.7 2010.05.16 W32/Virutas.FG
PCTools 7.0.3.5 2010.05.16 Win32.Virut.Gen.4
Prevx 3.0 2010.05.16 -
Rising 22.47.06.04 2010.05.16 Win32.Agent.bj
Sophos 4.53.0 2010.05.16 W32/Virut-Gen
Sunbelt 6309 2010.05.16 Virus.Win32.Virut.a (v)
Symantec 20101.1.0.89 2010.05.16 W32.Virut.W
TheHacker 6.5.2.0.280 2010.05.14 W32/Virut.gen2
TrendMicro 9.120.0.1004 2010.05.16 PE_VIRUT.SA
TrendMicro-HouseCall 9.120.0.1004 2010.05.16 PE_VIRUT.SA
VBA32 3.12.12.5 2010.05.14 Virus.Win32.Virut.bf
ViRobot 2010.5.15.2318 2010.05.15 Win32.Virut.Gen
VirusBuster 5.0.27.0 2010.05.15 Win32.Virut.Gen.4

[milenium0]

Posielam log prve tri su ciste imapi je nakazeny a posledny je cisty.

Soubor explorer.exe přijatý 2010.05.16 12:43:46 (UTC)
Současný stav: Dokončeno
Výsledek: 0/41 (0%)
Formátované
Vytisknout výsledky Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.16.00 2010.05.15 -
AntiVir 8.2.1.242 2010.05.14 -
Antiy-AVL 2.0.3.7 2010.05.14 -
Authentium 5.2.0.5 2010.05.15 -
Avast 4.8.1351.0 2010.05.16 -
Avast5 5.0.332.0 2010.05.16 -
AVG 9.0.0.787 2010.05.16 -
BitDefender 7.2 2010.05.16 -
CAT-QuickHeal 10.00 2010.05.15 -
ClamAV 0.96.0.3-git 2010.05.16 -
Comodo 4858 2010.05.16 -
DrWeb 5.0.2.03300 2010.05.16 -
eSafe 7.0.17.0 2010.05.13 -
eTrust-Vet 35.2.7490 2010.05.15 -
F-Prot 4.5.1.85 2010.05.15 -
F-Secure 9.0.15370.0 2010.05.16 -
Fortinet 4.1.133.0 2010.05.16 -
GData 21 2010.05.16 -
Ikarus T3.1.1.84.0 2010.05.16 -
Jiangmin 13.0.900 2010.05.16 -
Kaspersky 7.0.0.125 2010.05.16 -
McAfee 5.400.0.1158 2010.05.16 -
McAfee-GW-Edition 2010.1 2010.05.16 -
Microsoft 1.5703 2010.05.16 -
NOD32 5117 2010.05.15 -
Norman 6.04.12 2010.05.16 -
nProtect 2010-05-16.01 2010.05.16 -
Panda 10.0.2.7 2010.05.16 -
PCTools 7.0.3.5 2010.05.16 -
Prevx 3.0 2010.05.16 -
Rising 22.47.06.04 2010.05.16 -
Sophos 4.53.0 2010.05.16 -
Sunbelt 6309 2010.05.16 -
Symantec 20101.1.0.89 2010.05.16 -
TheHacker 6.5.2.0.280 2010.05.14 -
TrendMicro 9.120.0.1004 2010.05.16 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.16 -
VBA32 3.12.12.5 2010.05.14 -
ViRobot 2010.5.15.2318 2010.05.15 -
VirusBuster 5.0.27.0 2010.05.15 -

[milenium0]

Ahoj

Preinstaloval som celz windows,lebo sa to obnovilo.
Posielam log zo spyware terminatora.:

Logfile of Spyware Terminator v2.7.0.260 (db:4.005.018.000)
Scan Time: 18. 5. 2010 21:32:15 length: 1399 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Full_Virus__Spyware_Scan
Scanned Objects: 41584 (Critical:90)
Filter: No System items, No Safe items, No Invalid items

Running Processes
nod32krn.exe [Eset ] : C:\Program Files\Eset\nod32krn.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

Shell Extensions
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\WINDOWS\system32\mmsys.cpl
Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - [Microsoft Corporation] : C:\WINDOWS\system32\shscrap.dll
Microsoft OLE DB Service Component Data Links - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - [Microsoft Corporation] : C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Scheduling UI icon handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - [Microsoft Corporation] : C:\WINDOWS\system32\mstask.dll
Scheduling UI property sheet handler - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - [Microsoft Corporation] : C:\WINDOWS\system32\mstask.dll
Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - [Microsoft Corporation] : C:\WINDOWS\system32\mstask.dll
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - [Microsoft Corporation] : C:\WINDOWS\system32\webcheck.dll
Subscription Mgr - {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} - [Microsoft Corporation] : C:\WINDOWS\system32\webcheck.dll
Subscription Folder - {F5175861-2688-11d0-9C5E-00AA00A45957} - [Microsoft Corporation] : C:\WINDOWS\system32\webcheck.dll
WebCheckWebCrawler - {08165EA0-E946-11CF-9C87-00AA005127ED} - [Microsoft Corporation] : C:\WINDOWS\system32\webcheck.dll
WebCheckChannelAgent - {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} - [Microsoft Corporation] : C:\WINDOWS\system32\webcheck.dll
TrayAgent - {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} - [Microsoft Corporation] : C:\WINDOWS\system32\webcheck.dll
Code Download Agent - {7D559C10-9FE9-11d0-93F7-00AA0059CE02} - [Microsoft Corporation] : C:\WINDOWS\system32\webcheck.dll
ConnectionAgent - {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} - [Microsoft Corporation] : C:\WINDOWS\system32\webcheck.dll
PostAgent - {D8BD2030-6FC9-11D0-864F-00AA006809D9} - [Microsoft Corporation] : C:\WINDOWS\system32\webcheck.dll
WebCheck SyncMgr Handler - {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} - [Microsoft Corporation] : C:\WINDOWS\system32\webcheck.dll
CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\WINDOWS\system32\zipfldr.dll
Channel - {f39a0dc0-9cc8-11d0-a599-00c04fd64433} - [Microsoft Corporation] : C:\WINDOWS\system32\cdfview.dll
Channel Shortcut - {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} - [Microsoft Corporation] : C:\WINDOWS\system32\cdfview.dll
Channel Handler Object - {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} - [Microsoft Corporation] : C:\WINDOWS\system32\cdfview.dll
Channel Menu Handler Object - {f3da0dc0-9cc8-11d0-a599-00c04fd64437} - [Microsoft Corporation] : C:\WINDOWS\system32\cdfview.dll
Channel Shortcut Property Pages - {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} - [Microsoft Corporation] : C:\WINDOWS\system32\cdfview.dll
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - [Microsoft Corporation] : C:\WINDOWS\msagent\agentpsh.dll
Extensions Manager Folder - {692F0339-CBAA-47e6-B5B5-3B84DB604E87} - [Microsoft Corporation] : C:\WINDOWS\system32\extmgr.dll

Shell Service Objects
- {WebCheck} - [Microsoft Corporation] : C:\WINDOWS\system32\webcheck.dll

Protocol Handler
WiaProtocol Class - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - [Microsoft Corporation] : C:\WINDOWS\system32\wiascr.dll

Services
23 - [ATI Technologies Inc.] : C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\DRIVERS\disk.sys
23 - [Microsoft Corp., Veritas Software] : C:\WINDOWS\system32\drivers\dmio.sys
23 - [Microsoft Corp., Veritas Software.] : C:\WINDOWS\system32\drivers\dmload.sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23 - [Eset] : C:\Program Files\Eset\nod32krn.exe
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\drivers\nvax.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\DRIVERS\NVENET.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\drivers\nvapu.sys
23 - [NVIDIA Corporation] : C:\WINDOWS\system32\DRIVERS\nv_agp.sys
23 - [Crawler.com] : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Threat Files
<Backdoor.Rbot.keq> : C:\WINDOWS\system32\ssms.exe
<Heuristics.Broken.Executable> : C:\WINDOWS\ServicePackFiles\i386\update.sys
<Heuristics.Broken.Executable> : C:\WINDOWS\ServicePackFiles\i386\update.sys
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040113.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040113.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040114.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040114.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040115.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040115.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040116.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040116.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040117.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040117.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040118.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040118.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040119.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040119.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040120.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040120.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040121.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040121.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040122.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040122.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040123.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040123.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040124.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040124.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040125.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040125.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040126.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040126.EXE
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040127.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040127.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040128.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040128.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040129.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040129.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040130.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040130.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040131.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040131.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040132.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040132.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040133.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040133.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040134.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040134.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040135.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040135.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040136.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040136.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040137.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040137.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040138.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040138.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040139.exe
<W32.Virut-21> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040139.exe
<Heuristics.Broken.Executable> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040143.exe
<Heuristics.Broken.Executable> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040143.exe
<Heuristics.Broken.Executable> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040144.exe
<Heuristics.Broken.Executable> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040144.exe
<Heuristics.Broken.Executable> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040145.exe
<Heuristics.Broken.Executable> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040145.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040228.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040228.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040229.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040229.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040230.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040230.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040231.EXE
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040231.EXE
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040232.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040232.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040233.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040233.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040234.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040234.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040235.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040235.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040236.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040236.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040238.EXE
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040238.EXE
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040240.EXE
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040240.EXE
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040241.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040241.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040242.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040242.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040243.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040243.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040244.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040244.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040245.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040245.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040246.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040246.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040247.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040247.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040248.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040248.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040249.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040249.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040250.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040250.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040251.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040251.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040252.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040252.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040253.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040253.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040254.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040254.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040255.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040255.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040256.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040256.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040257.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040257.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040258.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040258.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040259.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040259.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040260.exe
<W32.Sality-27> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040260.exe
<W32.Sality-26> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040272.exe
<W32.Sality-26> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040272.exe
<W32.Sality-26> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040274.exe
<W32.Sality-26> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040274.exe
<W32.Sality-26> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040275.exe
<W32.Sality-26> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040275.exe
<W32.Sality-26> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040276.exe
<W32.Sality-26> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040276.exe
<W32.Sality-26> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040277.exe
<W32.Sality-26> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040277.exe
<Heuristics.Encrypted.Zip> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040278.exe
<Heuristics.Encrypted.Zip> : d:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040278.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039081.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039081.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039082.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039082.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039083.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039083.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039084.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039084.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039085.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039085.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039087.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039087.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039090.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039090.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039125.EXE
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039125.EXE
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039128.EXE
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP39\A0039128.EXE
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040261.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040261.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040262.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040262.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040263.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040263.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040264.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040264.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040265.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040265.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040266.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040266.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040267.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040267.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040269.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040269.exe
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040270.EXE
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040270.EXE
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040271.EXE
<W32.Sality-27> : e:\System Volume Information\_restore{DC268709-67B6-4A73-9CE1-C9C0ACD7E312}\RP40\A0040271.EXE

Advanced Files Report
%SYSDIR%\imon.dll [Eset] [NOD32 Antivirus System] MD5=99F34C8575A8F222D48D275653E7C4ED SIZE=270336
%PROGRAMFILES%\Eset\pr_imon.dll MD5=BF47F2EF0C53DEE8D0CF9CF0B5F8D531 SIZE=49152
%PROGRAMFILES%\Eset\nodshex.dll [Eset] [NOD32 Antivirus System] MD5=4F7255E5B2DC38EEED7C4D864B24760D SIZE=57344
%PROGRAMFILES%\Eset\pr_nod32.dll [Eset] [NOD32 Antivirus System] MD5=7FCE05AB1EFCA75AF5C360130EB5F4CB SIZE=20480
%PROGRAMFILES%\Eset\pu_nod32.dll [Eset] [NOD32 Antivirus System] MD5=B73F183DF44956A2210048E82DBB0D85 SIZE=90112
%PROGRAMFILES%\Eset\nod32krn.exe [Eset] [NOD32 Antivirus System] MD5=9B18F31C059C5F061D6C628E0A771EC1 SIZE=495616
%PROGRAMFILES%\Eset\nod32krr.dll [Eset] [NOD32 Antivirus System] MD5=3AE65077854EA96C9039F59F6ACBA4BA SIZE=49152
%PROGRAMFILES%\Eset\ps_amon.dll [Eset] [NOD32 Antivirus System] MD5=846826A744C1F09B77CE57F9323B33FD SIZE=188416
%PROGRAMFILES%\Eset\pr_amon.dll [Eset] [NOD32 Antivirus System] MD5=C3138D0400C37357D0D09921BB1CA74E SIZE=32768
%PROGRAMFILES%\Eset\ps_dmon.dll [Eset] [NOD32 Antivirus System] MD5=4DAB3A374EECED54199042A7F5E4648F SIZE=147456
%PROGRAMFILES%\Eset\pr_dmon.dll MD5=FFF8E5F9233E14AF37B9BA361F6D1655 SIZE=16384
%PROGRAMFILES%\Eset\ps_emon.dll [Eset] [NOD32 Antivirus System] MD5=EEAF4C883E320D9A3A96E0737F04FF96 SIZE=184320
%PROGRAMFILES%\Eset\pr_emon.dll MD5=191801124222BC8DB7A716D246A14B6B SIZE=53248
%PROGRAMFILES%\Eset\ps_nod32.dll [Eset] [NOD32 Antivirus System] MD5=231624AFE8DBB23EA51DFB9DE2B65210 SIZE=159744
%PROGRAMFILES%\Eset\ps_upd.dll [Eset] [NOD32 Antivirus System] MD5=841033E1277AB63E9D5E7C0860EB0297 SIZE=311296
%PROGRAMFILES%\Eset\pr_upd.dll MD5=9AB3344F2E5A638B3CF1923588D6F7B5 SIZE=45056
%SYSDIR%\mmsys.cpl [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=5977C7A155B79B483125BB9816F03ADE SIZE=618496
%SYSDIR%\shscrap.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=4D1D85F73A8C0985F443EFF43383684D SIZE=27648
%COMMONFILES%\System\Ole DB\oledb32.dll [Microsoft Corporation] [Microsoft Data Access Components] MD5=ADE4B6227D22DF66B94C69D13574EC45 SIZE=487424
%SYSDIR%\mstask.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=DAD1CEF1B77539B4EF734A1041CF95ED SIZE=274944
%SYSDIR%\webcheck.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=6501DB5182D5A8C0F1F1707286161D66 SIZE=276480
%SYSDIR%\zipfldr.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=424162325A32183BF65BBAF740209749 SIZE=337920
%SYSDIR%\cdfview.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=DCC373E4039EC42E3830DFFA54D502E9 SIZE=150528
%WINDIR%\msagent\agentpsh.dll [Microsoft Corporation] [Microsoft Agent Property Sheet Handler] MD5=16BF9BE4F2ACC47A42432BB2E07B684C SIZE=24064
%SYSDIR%\extmgr.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=87CFB825E7CDE75425D6A0CC154D416A SIZE=55808
%SYSDIR%\drivers\amon.sys
%SYSDIR%\DRIVERS\ati2mtag.sys [ATI Technologies Inc.] [ATI Radeon WindowsNT Miniport Driver] MD5=8759322FFC1A50569C1E5528EE8026B7 SIZE=701440
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\DRIVERS\disk.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=00CA44E4534865F8A3B64F7C0984BFF0 SIZE=36352
%SYSDIR%\drivers\dmio.sys [Microsoft Corp., Veritas Software] [VERITAS® NT Disk Manager] MD5=F5E7B358A732D09F4BCF2824B88B9E28 SIZE=153344
%SYSDIR%\drivers\dmload.sys [Microsoft Corp., Veritas Software.] [Logical Disk Manager for Windows NT] MD5=E9317282A63CA4D188C0DF5E09C6AC5F SIZE=5888
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\flpydisk.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0DD1DE43115B93F4D85E889D7A86F548 SIZE=20480
%SYSDIR%\msiexec.exe \V
%SYSDIR%\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=469541F8BFD2B32659D5D463A6714BCE SIZE=15488
%SYSDIR%\drivers\nvax.sys [NVIDIA Corporation] [NVIDIA nForce(TM) Audio Driver] MD5=163CD7728440A1901E72E7207FA5877A SIZE=13056
%SYSDIR%\DRIVERS\NVENET.sys [NVIDIA Corporation] [NVENET] MD5=FBE448EFA5484A256528E1D02B959BBC SIZE=80896
%SYSDIR%\drivers\nvapu.sys [NVIDIA Corporation] [NVIDIA nForce(TM) Audio Driver] MD5=F573F587ABED7C750B66AB96143CA1E9 SIZE=241664
%SYSDIR%\DRIVERS\nv_agp.sys [NVIDIA Corporation] [NVIDIA nForce AGP Filter] MD5=DB36442C20793C53B4128EB85F9A3D32 SIZE=13568
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\svchost -k rpcss
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592
%SYSDIR%\wiascr.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=DD469944B09B032E7C7FE85687C2A399 SIZE=75776

End of Report

zo systemu su tam len 3 a jeden je z registrov,hadam to win ten register predycha.

Ostatne dam zmazat

[milenium0]

Ahoj

Dal som skanovat asi 8 krat za sebou az kzm to nebolo uplne ciste vratane usb kluca,ktory pouzivam a externeho disku na ktorom sa tiez nasiel. Dal som odstranit cely program. Teraz to vyzera ze je cisty.
Aspon po opatovnych scanoch nic nenaslo.
Myslim ze tuto kapitolu mozeme uzavriet.
V sobotu sa chystam urobit image aj s oblubenym softwarom,lebo uz ma to instalovanie winu xp nebavi. Vyzera to na kazdy druhy mesiac.

Dakujem pekne za pomoc.

Prajem vam pekny den a vela uspechov.

Nech sa vam dari.

Stano z Presova.