Další autorun.inf

Zpráva

#16 Příspěvek od **Caroprd111** » 01 bře 2011 19:33

Ok, poprosím o logy z OTL.

lancer_bobek · #17 Příspěvek od **lancer_bobek** » 01 bře 2011 19:47

OTL.txt

OTL logfile created on: 1.3.2011 19:21:47 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\HASH\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,33 Gb Total Space | 53,60 Gb Free Space | 39,03% Space Free | Partition Type: NTFS
Drive F: | 973,63 Mb Total Space | 607,94 Mb Free Space | 62,44% Space Free | Partition Type: FAT
Drive G: | 175,68 Mb Total Space | 76,94 Mb Free Space | 43,80% Space Free | Partition Type: FAT
Drive H: | 596,17 Gb Total Space | 312,90 Gb Free Space | 52,49% Space Free | Partition Type: NTFS
Drive I: | 14,91 Gb Total Space | 14,82 Gb Free Space | 99,41% Space Free | Partition Type: NTFS
Drive J: | 3,72 Gb Total Space | 0,01 Gb Free Space | 0,16% Space Free | Partition Type: FAT32

Computer Name: HASH-PC | User Name: HASH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.03.01 19:17:25 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\HASH\Desktop\OTL.exe
PRC - [2010.01.04 17:59:46 | 000,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
PRC - [2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 14:18:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.17 21:34:16 | 001,392,128 | ---- | M] (Marek Jasinski - www.FreeCommander.com) -- C:\Program Files\FreeCommander\FreeCommander.exe
PRC - [2007.03.14 03:43:44 | 000,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2006.12.14 16:53:28 | 000,192,512 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2006.11.09 14:37:52 | 000,086,016 | ---- | M] () -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2006.08.29 09:26:32 | 000,241,664 | ---- | M] () -- C:\Program Files\Launch Manager\OSDCtrl.exe
PRC - [2005.07.25 13:36:40 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe

========== Modules (SafeList) ==========

MOD - [2011.03.01 19:17:25 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\HASH\Desktop\OTL.exe
MOD - [2009.04.11 14:18:14 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.02.22 22:24:58 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV - [2011.02.22 22:24:58 | 000,497,008 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2011.02.22 22:24:58 | 000,345,352 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010.11.08 17:40:56 | 000,715,440 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011.03.01 18:01:56 | 000,738,816 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\ttwzzs.sys -- (ttwzzs)
DRV - [2011.02.22 22:25:36 | 000,283,152 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmwfp.sys -- (tmwfp)
DRV - [2011.02.22 22:25:36 | 000,146,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmlwf.sys -- (tmlwf)
DRV - [2011.02.22 22:25:36 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010.07.30 18:29:10 | 000,249,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2010.07.30 18:29:00 | 000,036,432 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2010.07.30 18:06:08 | 001,331,512 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2010.07.19 19:03:10 | 000,059,472 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010.07.19 19:03:00 | 000,051,792 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010.07.19 19:02:54 | 000,163,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009.12.14 19:01:43 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.09.26 18:04:10 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.02.01 10:55:10 | 000,690,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2154561694-2073593054-3152204118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-2154561694-2073593054-3152204118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2154561694-2073593054-3152204118-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2011.02.22 23:21:41 | 000,000,000 | ---D | M]

[2010.11.24 18:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HASH\AppData\Roaming\Mozilla\Extensions
[2010.11.24 18:44:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HASH\AppData\Roaming\Mozilla\Extensions\LIGHTCOMP-TAHITI

O1 HOSTS File: ([2011.03.01 18:03:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe ()
O4 - HKU\S-1-5-21-2154561694-2073593054-3152204118-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2154561694-2073593054-3152204118-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2154561694-2073593054-3152204118-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2154561694-2073593054-3152204118-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2154561694-2073593054-3152204118-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Export do &Tahiti - C:\Program Files\LightComp Tahiti 5\iehelper.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\HASH\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\HASH\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.02.28 20:10:51 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011.02.28 20:10:54 | 000,000,000 | RHSD | M] - F:\Autorun.inf -- [ FAT ]
O32 - AutoRun File - [2011.02.28 20:10:54 | 000,000,000 | RHSD | M] - G:\Autorun.inf -- [ FAT ]
O32 - AutoRun File - [2011.02.28 20:10:52 | 000,000,000 | R--D | M] - H:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011.02.28 20:10:52 | 000,000,000 | RHSD | M] - I:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011.02.28 20:10:54 | 000,000,000 | RHSD | M] - J:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.wmv3 - C:\Windows\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yvu9 - C:\Windows\System32\iyvu9_32.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.03.01 19:17:47 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\HASH\Desktop\OTL.exe
[2011.03.01 18:15:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.03.01 18:15:17 | 000,000,000 | ---D | C] -- C:\Users\HASH\AppData\Local\temp
[2011.03.01 18:03:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011.03.01 17:43:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.28 20:10:51 | 000,000,000 | R--D | C] -- C:\Autorun.inf
[2011.02.28 19:45:26 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011.02.28 19:35:12 | 001,224,471 | ---- | C] (C_XX & El Desaparecido) -- C:\Users\HASH\Desktop\UsbFix.exe
[2011.02.28 18:36:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.28 18:36:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.28 18:36:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.28 18:36:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.28 18:31:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.28 13:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.02.26 18:38:31 | 001,331,512 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\vsapint.sys
[2011.02.26 18:38:31 | 000,249,424 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmxpflt.sys
[2011.02.26 18:38:30 | 000,036,432 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmpreflt.sys
[2011.02.22 23:35:37 | 000,000,000 | ---D | C] -- C:\Users\HASH\AppData\Local\Trend Micro
[2011.02.22 23:21:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Trend Micro
[2011.02.22 23:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Internet Security Pro
[2011.02.22 23:18:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2011.02.22 23:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.02.22 22:25:36 | 000,283,152 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys
[2011.02.22 22:25:36 | 000,163,408 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011.02.22 22:25:36 | 000,146,448 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys
[2011.02.22 22:25:36 | 000,089,872 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2011.02.22 22:25:36 | 000,059,472 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmactmon.sys
[2011.02.22 22:25:36 | 000,051,792 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmevtmgr.sys
[2011.02.22 22:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2011.02.22 22:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\Launch Manager
[2011.02.20 22:21:01 | 000,000,000 | RHSD | C] -- C:\Users\HASH\Microsoft-Update-Service-8-8586-7578-5800
[2011.02.20 15:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O2 Mobilni internet
[2011.02.20 15:26:03 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2011.02.20 15:26:03 | 000,113,152 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011.02.20 15:26:03 | 000,101,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011.02.20 15:26:03 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011.02.20 15:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\O2 Mobilni internet
[2011.02.15 17:10:13 | 000,738,816 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\ttwzzs.sys
[2011.02.05 23:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Illusion Softworks
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.03.01 19:23:01 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.03.01 19:17:25 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\HASH\Desktop\OTL.exe
[2011.03.01 18:09:25 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.01 18:09:25 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.01 18:03:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.03.01 18:03:34 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.01 18:03:32 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.01 18:03:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.01 18:03:06 | 1877,196,800 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.01 18:01:56 | 000,738,816 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\ttwzzs.sys
[2011.03.01 18:01:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.03.01 16:59:22 | 000,433,760 | ---- | M] () -- C:\Users\HASH\Desktop\slevomat_210211.pdf
[2011.02.28 21:05:42 | 000,001,251 | ---- | M] () -- C:\CF-Submit.htm
[2011.02.28 20:10:54 | 000,093,824 | ---- | M] () -- C:\UsbFix_Upload_Me_HASH-PC.zip
[2011.02.28 19:35:00 | 001,224,471 | ---- | M] (C_XX & El Desaparecido) -- C:\Users\HASH\Desktop\UsbFix.exe
[2011.02.28 19:28:25 | 000,339,991 | ---- | M] () -- C:\Users\HASH\Desktop\RSIT.exe
[2011.02.28 18:29:22 | 004,276,861 | R--- | M] () -- C:\Users\HASH\Desktop\ComboFix.exe
[2011.02.27 16:56:15 | 000,095,232 | ---- | M] () -- C:\Users\HASH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.22 23:18:53 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro Internet Security Pro.lnk
[2011.02.22 22:25:36 | 000,283,152 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmwfp.sys
[2011.02.22 22:25:36 | 000,146,448 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmlwf.sys
[2011.02.22 22:25:36 | 000,089,872 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmtdi.sys
[2011.02.20 15:27:21 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\O2 Mobilni internet.lnk
[2011.02.19 13:09:02 | 000,048,128 | ---- | M] () -- C:\Users\HASH\Desktop\Osobni finance od 112010.db
[2011.02.13 22:45:14 | 000,002,037 | ---- | M] () -- C:\Users\HASH\Desktop\Google Chrome.lnk
[2011.02.02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.03.01 19:23:01 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.03.01 16:59:39 | 000,433,760 | ---- | C] () -- C:\Users\HASH\Desktop\slevomat_210211.pdf
[2011.02.28 21:05:42 | 000,001,251 | ---- | C] () -- C:\CF-Submit.htm
[2011.02.28 19:51:20 | 000,093,824 | ---- | C] () -- C:\UsbFix_Upload_Me_HASH-PC.zip
[2011.02.28 19:28:40 | 000,339,991 | ---- | C] () -- C:\Users\HASH\Desktop\RSIT.exe
[2011.02.28 18:36:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.28 18:36:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.28 18:36:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.28 18:36:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.28 18:36:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.28 18:29:39 | 004,276,861 | R--- | C] () -- C:\Users\HASH\Desktop\ComboFix.exe
[2011.02.22 23:18:53 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro Internet Security Pro.lnk
[2011.02.22 23:10:02 | 1877,196,800 | -HS- | C] () -- C:\hiberfil.sys
[2011.02.21 19:44:36 | 000,048,128 | ---- | C] () -- C:\Users\HASH\Desktop\Osobni finance od 112010.db
[2011.02.20 15:27:21 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\O2 Mobilni internet.lnk
[2010.10.24 22:04:24 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2010.01.19 10:51:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009.12.15 12:13:30 | 000,024,206 | ---- | C] () -- C:\Users\HASH\AppData\Roaming\UserTile.png
[2009.12.14 19:11:23 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.14 15:19:50 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2009.10.12 18:49:55 | 000,095,232 | ---- | C] () -- C:\Users\HASH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.12 08:46:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.04.11 14:18:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.11 14:18:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.11 14:18:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2007.09.26 23:07:02 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2007.03.10 12:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.02.06 01:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,252,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.02.25 19:09:38 | 000,774,144 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010.01.16 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Ashampoo
[2009.12.14 19:07:28 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\DAEMON Tools Lite
[2011.02.18 19:35:55 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\foobar2000
[2009.12.15 13:31:20 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Foxit
[2010.11.07 19:23:56 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Foxit Software
[2009.12.23 23:24:18 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\FreeCommander
[2010.10.19 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\HypoKalk
[2010.09.13 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\ICQ
[2010.11.05 10:25:41 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Leadertech
[2010.11.24 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\LightComp
[2010.01.12 20:47:41 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Mp3 Editor for Free
[2009.12.15 12:13:30 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\PeerNetworking
[2010.12.08 17:47:20 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\VitySoft
[2011.03.01 18:01:52 | 000,032,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.04.11 14:18:04 | 001,233,920 | ---- | M] (Microsoft Corporation)
"WindowsWelcomeCenter" = rundll32.exe oobefldr.dll,ShowWelcomeCenter
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.21 03:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation)
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup -- [2004.06.16 06:03:26 | 000,221,184 | ---- | M] (InstallShield Software Corporation)
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe -- [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation)

< >

< MD5 for: AGP440.SYS >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\agp440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 14:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 14:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 14:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 14:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 14:18:39 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 14:18:39 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.21 03:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 14:18:00 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.11 14:18:00 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.11 14:18:00 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.04.11 14:18:34 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\ERDNT\cache\cryptsvc.dll
[2009.04.11 14:18:34 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\System32\cryptsvc.dll
[2009.04.11 14:18:34 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2008.01.21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008.01.21 03:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

< MD5 for: FASTFAT.SYS >
[2009.04.11 14:18:26 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=1E9B9A70D332103C52995E957DC09EF8 -- C:\Windows\System32\drivers\fastfat.sys
[2009.04.11 14:18:26 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=1E9B9A70D332103C52995E957DC09EF8 -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6002.18005_none_b09ea48c5485f42b\fastfat.sys

< MD5 for: HAL.DLL >
[2009.04.11 14:18:00 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 10:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.21 03:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\drivers\isapnp.sys
[2008.01.21 03:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008.01.21 03:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.21 03:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.21 03:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.01.21 03:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\ERDNT\cache\lsass.exe
[2008.01.21 03:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\System32\lsass.exe
[2008.01.21 03:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe

< MD5 for: NDIS.SYS >
[2009.04.11 14:18:16 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\ERDNT\cache\ndis.sys
[2009.04.11 14:18:16 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 14:18:16 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 14:18:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 14:18:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 14:18:21 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< MD5 for: NTFS.SYS >
[2009.04.11 14:18:16 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\ERDNT\cache\ntfs.sys
[2009.04.11 14:18:16 | 001,083,880 | ---- | M] (Společnost Microsoft) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\System32\drivers\ntfs.sys
[2009.04.11 14:18:16 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys

< MD5 for: NVRAID.SYS >
[2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.04.11 14:18:47 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 14:18:47 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 14:18:47 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.04.11 14:18:46 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\ERDNT\cache\services.exe
[2009.04.11 14:18:46 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009.04.11 14:18:46 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SMSS.EXE >
[2009.04.11 14:18:15 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009.04.11 14:18:15 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe

< MD5 for: SPOOLSV.EXE >
[2009.04.11 14:18:39 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\ERDNT\cache\spoolsv.exe
[2009.04.11 14:18:39 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\System32\spoolsv.exe
[2009.04.11 14:18:39 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.01.21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008.01.21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.04.11 14:19:10 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\ERDNT\cache\tcpip.sys
[2009.04.11 14:19:10 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\System32\drivers\tcpip.sys
[2009.04.11 14:19:10 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 14:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 14:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 14:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\ERDNT\cache\ws2_32.dll
[2008.01.21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008.01.21 03:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2006.11.02 10:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP3.DLL
[2006.11.02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2003.06.19 01:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2009.12.15 13:38:36 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\cs-CZ\LMPRTPRC.DLL.mui
[2009.04.12 22:48:39 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\en-US\LMPRTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /5 >
[2011.03.01 18:01:56 | 000,738,816 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\ttwzzs.sys

< %systemroot%\system32\drivers\*.sys /X >
[2006.10.01 22:10:35 | 000,328,162 | ---- | M] () -- C:\Windows\System32\drivers\ativcaxx.cpa
[2006.10.01 22:10:35 | 000,000,929 | ---- | M] () -- C:\Windows\System32\drivers\ativcaxx.vp
[2006.10.01 22:10:35 | 000,002,096 | ---- | M] () -- C:\Windows\System32\drivers\ativokxx.vp
[2006.10.01 22:10:35 | 000,002,096 | ---- | M] () -- C:\Windows\System32\drivers\ativpkxx.vp
[2006.10.15 22:11:08 | 000,034,656 | ---- | M] () -- C:\Windows\System32\drivers\ativvpxx.vp
[2006.09.18 22:26:46 | 003,440,660 | ---- | M] () -- C:\Windows\System32\drivers\gm.dls
[2006.09.18 22:26:46 | 000,000,646 | ---- | M] () -- C:\Windows\System32\drivers\gmreadme.txt
[2008.01.21 03:23:51 | 000,000,003 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2009.10.12 19:06:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.12.14 19:01:43 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\system32\*.* /5 >
[2011.03.01 18:03:32 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.01 18:03:34 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.01 18:09:25 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.01 18:09:25 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.01 18:09:25 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >
[2009.04.11 15:08:12 | 023,552,000 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2009.04.11 15:07:55 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2009.04.11 15:08:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2009.12.14 17:42:36 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Adobe
[2010.01.16 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Ashampoo
[2010.12.14 19:27:20 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Corel
[2009.12.14 19:07:28 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\DAEMON Tools Lite
[2011.02.18 19:35:55 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\foobar2000
[2009.12.15 13:31:20 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Foxit
[2010.11.07 19:23:56 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Foxit Software
[2009.12.23 23:24:18 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\FreeCommander
[2010.01.26 18:13:42 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\GRETECH
[2010.10.19 19:02:55 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\HypoKalk
[2010.09.13 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\ICQ
[2009.10.12 08:54:17 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Identities
[2010.01.21 19:49:25 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\InstallShield
[2010.11.05 10:25:41 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Leadertech
[2010.11.24 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\LightComp
[2009.12.14 17:42:36 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Macromedia
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Media Center Programs
[2011.02.28 18:46:00 | 000,000,000 | --SD | M] -- C:\Users\HASH\AppData\Roaming\Microsoft
[2010.11.24 18:44:55 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Mozilla
[2010.01.12 20:47:41 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\Mp3 Editor for Free
[2009.12.15 12:13:30 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\PeerNetworking
[2010.12.08 17:47:20 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\VitySoft
[2010.08.18 17:35:32 | 000,000,000 | ---D | M] -- C:\Users\HASH\AppData\Roaming\WinRAR

< %APPDATA%\*.* >
[2011.02.15 17:20:43 | 000,000,000 | -H-- | M] () -- C:\Users\HASH\AppData\Roaming\fLFGjmeheC.txt
[2009.12.15 12:13:30 | 000,024,206 | ---- | M] () -- C:\Users\HASH\AppData\Roaming\UserTile.png

< %APPDATA%\*.exe /s >
[2007.03.22 11:46:40 | 000,126,976 | ---- | M] () -- C:\Users\HASH\AppData\Roaming\GRETECH\GomPlayer\GrLauncher.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2
"IGDSearcherDLL" = bitsigd.dll -- [2009.04.11 14:18:33 | 000,031,744 | ---- | M] (Microsoft Corporation)
"StateIndex" = 0
"ridt100413" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.03.01 19:23:01 | 000,000,512 | ---- | M] () MD5=077C6D0A11D68B47775627F2FA2C8D59 -- C:\PhysicalMBR.bin
[1 C:\*.tmp files -> C:\*.tmp -> ]

< End of report >

lancer_bobek · #18 Příspěvek od **lancer_bobek** » 01 bře 2011 19:47

EXTRAS.txt

OTL Extras logfile created on: 1.3.2011 19:21:47 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Users\HASH\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,33 Gb Total Space | 53,60 Gb Free Space | 39,03% Space Free | Partition Type: NTFS
Drive F: | 973,63 Mb Total Space | 607,94 Mb Free Space | 62,44% Space Free | Partition Type: FAT
Drive G: | 175,68 Mb Total Space | 76,94 Mb Free Space | 43,80% Space Free | Partition Type: FAT
Drive H: | 596,17 Gb Total Space | 312,90 Gb Free Space | 52,49% Space Free | Partition Type: NTFS
Drive I: | 14,91 Gb Total Space | 14,82 Gb Free Space | 99,41% Space Free | Partition Type: NTFS
Drive J: | 3,72 Gb Total Space | 0,01 Gb Free Space | 0,16% Space Free | Partition Type: FAT32

Computer Name: HASH-PC | User Name: HASH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2154561694-2073593054-3152204118-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A200126-A43F-401E-9A50-B02AA45027CE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{10732CEF-9B5D-4642-8ECA-CA817EEB1788}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20C6EF4C-DBD9-4849-8C78-9509E8165D60}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{25A57852-A841-4E54-AE96-BFB25475FDBD}" = lport=137 | protocol=17 | dir=in | app=system |
"{42DEA6D6-A86B-40A1-9500-E8B8F027C30A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58A0539F-185B-4D04-95DE-2B8324B34CF3}" = rport=445 | protocol=6 | dir=out | app=system |
"{60C3A25C-B058-4DDF-A407-34A2D49F13F9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{68C4EFA5-B9DF-49DF-86CE-1E1D5A343FB4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{76DBE6E8-8A53-4BC7-A0C0-8C3D75763581}" = lport=445 | protocol=6 | dir=in | app=system |
"{8DDA427B-839F-47AE-B208-B506431198EB}" = lport=139 | protocol=6 | dir=in | app=system |
"{A283B48C-4B9A-4C0D-8171-4209A71E69FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A610AABF-7C29-4F55-BDBC-2DA1B7845B62}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B46E9D1C-F1CB-4CA0-AC8D-57F1ADFD5B1F}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C5F05E2E-6587-4AF6-85DB-05333A97A21E}" = rport=138 | protocol=17 | dir=out | app=system |
"{DE35894F-D8CF-4F67-81D8-1A80E3739AAD}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB8F0B75-B6CE-4772-91CB-6363BB0025B4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F0160583-1A32-47E3-82D6-744759701C62}" = lport=138 | protocol=17 | dir=in | app=system |
"{F68A631F-3E69-4C41-A529-2ECE6DD40C00}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060A292F-9AEC-4447-BFB4-7185ED485FEB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4372D529-4816-4051-A81C-1BA358ED811D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E429167-3B87-49A9-B4D7-FDB14491E1A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6A670558-62E5-46C1-8EE2-E39A5BA7A1E9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6DCECF25-3C55-49C0-B7E7-3BFB99F92B55}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{6ED76C25-1CCB-4B85-91AA-AB8079A38305}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{964E5BC3-D890-40FE-9B99-D0D2C436179C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{1439E8CB-D507-4BF4-B253-20DA1451FCA4}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{31BA99DC-D8DB-4AE8-B24B-35438ABF107E}C:\users\public\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\users\public\age of empires ii\empires2.exe |
"TCP Query User{4A28A3B6-B0F1-47A9-81E8-488A5DE71892}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{75421859-B058-490F-AE80-85107BC5A2A7}C:\program files\ea sports\superbike\superbike.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\superbike\superbike.exe |
"TCP Query User{A2139A97-92E9-4A8E-B603-B6274D7B9FF0}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\czech\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\czech\setup.exe |
"TCP Query User{AF351DC7-DA46-4C0D-8517-4F88E10B7EC2}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C2B8D9DC-27D8-49A8-B68B-8DD45FB4F2B7}C:\users\public\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\public\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{D6E12616-00E8-4CBF-91B1-91412DADC422}C:\game\rtcw\return to castle wolfenstein\wolfmp.exe" = protocol=6 | dir=in | app=c:\game\rtcw\return to castle wolfenstein\wolfmp.exe |
"TCP Query User{DD824AB2-861F-4369-A050-2F56FF159B6C}C:\game\df\dfbhdlc.exe" = protocol=6 | dir=in | app=c:\game\df\dfbhdlc.exe |
"TCP Query User{E4199838-5297-4862-9198-9A77426485B7}C:\game\hd\hd2.exe" = protocol=6 | dir=in | app=c:\game\hd\hd2.exe |
"UDP Query User{02046B3A-870C-4463-B278-2205E4DEF747}C:\users\public\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\users\public\age of empires ii\empires2.exe |
"UDP Query User{13DF5FC5-5268-4A7E-8A81-FBA9732A16D1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{1F004EA7-CB18-41DC-966C-1FFFA211D385}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{66430354-9009-4240-8C31-DA7760B12CB3}C:\game\hd\hd2.exe" = protocol=17 | dir=in | app=c:\game\hd\hd2.exe |
"UDP Query User{85AB8D2D-35A0-4FE0-BCF5-664280CE58C7}C:\users\public\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\public\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{920A8519-40CA-48FB-9600-788079EE20A2}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\czech\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\czech\setup.exe |
"UDP Query User{A46369AA-B2A7-43A9-9026-019E09673A64}C:\game\df\dfbhdlc.exe" = protocol=17 | dir=in | app=c:\game\df\dfbhdlc.exe |
"UDP Query User{A881816D-1C7C-4014-87E7-8B8264E8FB64}C:\game\rtcw\return to castle wolfenstein\wolfmp.exe" = protocol=17 | dir=in | app=c:\game\rtcw\return to castle wolfenstein\wolfmp.exe |
"UDP Query User{BF1E8726-A4E6-42B1-942C-2F802EE61494}C:\program files\ea sports\superbike\superbike.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\superbike\superbike.exe |
"UDP Query User{C952D0DC-D719-434C-9123-F5B6313D2B68}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6164D2E7-986B-42F5-B3A6-64D5E53FB889}" = Delta Force Black Hawk Down Team Sabre
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{8842825B-C865-40D3-89FD-A48A942195B4}" = Wireless LAN Driver
"{8FE54D21-8254-4CCF-AEE0-066496AE43F4}" = Delta Force - Black Hawk Down
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{998C31A1-0FE0-4C33-877C-C6DA1376B24D}" = Hypoteční kalkulačka
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro
"{A9F493F9-6E30-4E44-ABE7-33EDA40A0820}" = LightComp Tahiti 5.5.2
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.4
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"CCleaner" = CCleaner
"foobar2000" = foobar2000 v1.0
"Foxit Reader" = Foxit Reader
"FreeCommander_is1" = FreeCommander 2009.02
"freeOCR.net1_is1" = FreeOCR.net v2.1
"GOM Player" = GOM Player
"Indeo® Software" = Indeo® Software
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Mp3 Editor for Free_is1" = Mp3 Editor for Free v5.2.7 Build 79
"O2 Mobilni internet" = O2 Mobilni internet
"Usbfix" = Usbfix By C_XX & El Desaparecido
"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2154561694-2073593054-3152204118-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#19 Příspěvek od **Caroprd111** » 01 bře 2011 20:15

Pokračujte podle návodu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 V PC mějte pořád všechna vyměnitelná zařízení.

lancer_bobek · #20 Příspěvek od **lancer_bobek** » 02 bře 2011 06:53

Automatická kontrola: dokončeno před 4 hod. (události: 112, objekty: 999442, čas: 05:17:46)
1.3.2011 20:27:10 Úloha byla spuštěna
1.3.2011 20:39:29 Zjištěno: IM-Worm.Win32.Yahos.xr C:\UsbFix_Upload_Me_HASH-PC.zip/UsbFix_Upload_Me/C/Users/HASH/VSPVSAVDAV.exe.vir
1.3.2011 20:39:31 Odstraněno: IM-Worm.Win32.Yahos.xr C:\UsbFix_Upload_Me_HASH-PC.zip/UsbFix_Upload_Me/C/Users/HASH/VSPVSAVDAV.exe.vir
1.3.2011 20:51:29 Zjištěno: Trojan-Downloader.Win32.Small.anfu C:\Documents and Settings\HASH\Documents\PC DOMA\NOTEBOOK\Hudba\Silvestr hudba\atomix-virtual-dj-professional-5.0-rev5.rar/Atomix Virtual DJ Professional 5.0 rev5/Virtual dj 5 Keygen/keygen.exe
1.3.2011 20:51:29 Neošetřeno: Trojan-Downloader.Win32.Small.anfu C:\Documents and Settings\HASH\Documents\PC DOMA\NOTEBOOK\Hudba\Silvestr hudba\atomix-virtual-dj-professional-5.0-rev5.rar/Atomix Virtual DJ Professional 5.0 rev5/Virtual dj 5 Keygen/keygen.exe Zápis není podporován
1.3.2011 20:55:23 Zjištěno: HackTool.Win32.BruteForce.it C:\Documents and Settings\HASH\Documents\PC DOMA\NOTEBOOK\Lilusovo\textove\GameParkSetup11021.exe/data0001
1.3.2011 20:56:02 Odstraněno: HackTool.Win32.BruteForce.it C:\Documents and Settings\HASH\Documents\PC DOMA\NOTEBOOK\Lilusovo\textove\GameParkSetup11021.exe
1.3.2011 21:17:07 Zjištěno: Backdoor.Win32.Hupigon.mcuc C:\Program Files\WinRAR\Zip.SFX
1.3.2011 21:17:37 Odstraněno: Backdoor.Win32.Hupigon.mcuc C:\Program Files\WinRAR\Zip.SFX
1.3.2011 21:18:50 Zjištěno: Trojan-Downloader.Win32.Refroso.cnv C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/81whdyo.exe
1.3.2011 21:18:51 Odstraněno: Trojan-Downloader.Win32.Refroso.cnv C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/81whdyo.exe
1.3.2011 21:18:51 Zjištěno: Trojan.Win32.Diple.epu C:\Qoobox\Quarantine\C\Users\HASH\xvlof.exe.vir
1.3.2011 21:18:51 Zjištěno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/i6jufq4ci.exe
1.3.2011 21:18:51 Odstraněno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/i6jufq4ci.exe
1.3.2011 21:18:51 Zjištěno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/inyjkfl6.exe
1.3.2011 21:18:51 Odstraněno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/inyjkfl6.exe
1.3.2011 21:18:51 Zjištěno: Trojan.Win32.Pincav.ayxv C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\juzjf.exe.ren.vir
1.3.2011 21:18:51 Zjištěno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/nijo86a3w1.exe
1.3.2011 21:18:51 Odstraněno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/nijo86a3w1.exe
1.3.2011 21:18:51 Zjištěno: Trojan-Downloader.Win32.Refroso.cnu C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/te2v5b03i.exe
1.3.2011 21:18:51 Odstraněno: Trojan-Downloader.Win32.Refroso.cnu C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/te2v5b03i.exe
1.3.2011 21:18:51 Zjištěno: Trojan.Win32.Diple.epu C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/xvlof.exe.ren
1.3.2011 21:18:51 Odstraněno: Trojan.Win32.Diple.epu C:\Qoobox\Quarantine\[4]-Submit_2011-02-28_21.05.32.zip/xvlof.exe.ren
1.3.2011 21:18:52 Zjištěno: Trojan.Win32.VBKrypt.bmdt C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\minnal.exe.vir
1.3.2011 21:19:23 Odstraněno: Trojan.Win32.Diple.epu C:\Qoobox\Quarantine\C\Users\HASH\xvlof.exe.vir
1.3.2011 21:19:23 Zjištěno: Trojan-Downloader.Win32.Refroso.cnv C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81whdyo.exe.vir
1.3.2011 21:19:23 Odstraněno: Trojan.Win32.Pincav.ayxv C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\juzjf.exe.ren.vir
1.3.2011 21:19:23 Zjištěno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i6jufq4ci.exe.vir
1.3.2011 21:19:24 Odstraněno: Trojan.Win32.VBKrypt.bmdt C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\minnal.exe.vir
1.3.2011 21:19:24 Zjištěno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inyjkfl6.exe.vir
1.3.2011 21:19:25 Odstraněno: Trojan-Downloader.Win32.Refroso.cnv C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\81whdyo.exe.vir
1.3.2011 21:19:25 Zjištěno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nijo86a3w1.exe.vir
1.3.2011 21:19:25 Odstraněno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\i6jufq4ci.exe.vir
1.3.2011 21:19:26 Zjištěno: Trojan-Downloader.Win32.Refroso.cnu C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\te2v5b03i.exe.vir
1.3.2011 21:19:26 Odstraněno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\inyjkfl6.exe.vir
1.3.2011 21:19:27 Zjištěno: Backdoor.Win32.Poison.cfyr C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\x3ironobhlcw1vrejgmvcb1zy32bz2sb2\svcnost.exe.vir
1.3.2011 21:19:27 Odstraněno: Trojan-Downloader.Win32.Pher.hgl C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nijo86a3w1.exe.vir
1.3.2011 21:19:27 Zjištěno: Backdoor.Win32.Poison.cgca C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\xfznlgljfuqzpjtydnm2jnhvcmkma2td2\svcnost.exe.vir
1.3.2011 21:19:27 Odstraněno: Trojan-Downloader.Win32.Refroso.cnu C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\te2v5b03i.exe.vir
1.3.2011 21:19:28 Zjištěno: Backdoor.Win32.Poison.cfyr C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\xodgblavjvlvxpdzrseio1ciy1pmebcw2\svcnost.exe.vir
1.3.2011 21:19:29 Odstraněno: Backdoor.Win32.Poison.cfyr C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\x3ironobhlcw1vrejgmvcb1zy32bz2sb2\svcnost.exe.vir
1.3.2011 21:19:29 Zjištěno: Backdoor.Win32.Poison.cgca C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\xqovcskxewp3zzbnjdfbbwrodtvywtgs2\svcnost.exe.vir
1.3.2011 21:19:29 Odstraněno: Backdoor.Win32.Poison.cgca C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\xfznlgljfuqzpjtydnm2jnhvcmkma2td2\svcnost.exe.vir
1.3.2011 21:19:30 Odstraněno: Backdoor.Win32.Poison.cfyr C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\xodgblavjvlvxpdzrseio1ciy1pmebcw2\svcnost.exe.vir
1.3.2011 21:19:32 Odstraněno: Backdoor.Win32.Poison.cgca C:\Qoobox\Quarantine\C\Users\HASH\AppData\Roaming\xqovcskxewp3zzbnjdfbbwrodtvywtgs2\svcnost.exe.vir
1.3.2011 21:19:34 Zjištěno: IM-Worm.Win32.Yahos.xr C:\UsbFix\Quarantine\C\Users\HASH\VSPVSAVDAV.exe.vir
1.3.2011 21:19:35 Odstraněno: IM-Worm.Win32.Yahos.xr C:\UsbFix\Quarantine\C\Users\HASH\VSPVSAVDAV.exe.vir
1.3.2011 21:25:56 Zjištěno: Trojan-Downloader.Win32.Small.anfu C:\Users\HASH\Documents\PC DOMA\NOTEBOOK\Hudba\Silvestr hudba\atomix-virtual-dj-professional-5.0-rev5.rar/Atomix Virtual DJ Professional 5.0 rev5/Virtual dj 5 Keygen/keygen.exe
1.3.2011 21:25:56 Neošetřeno: Trojan-Downloader.Win32.Small.anfu C:\Users\HASH\Documents\PC DOMA\NOTEBOOK\Hudba\Silvestr hudba\atomix-virtual-dj-professional-5.0-rev5.rar/Atomix Virtual DJ Professional 5.0 rev5/Virtual dj 5 Keygen/keygen.exe Zápis není podporován
1.3.2011 21:36:39 Zjištěno: Rootkit.Win32.Bubnix.dvr C:\Windows\System32\drivers\ttwzzs.sys
1.3.2011 21:37:15 Odstraněno: Rootkit.Win32.Bubnix.dvr C:\Windows\System32\drivers\ttwzzs.sys
1.3.2011 22:12:55 Zjištěno: Trojan.Win32.Diple.epu G:\luckasta\tamanten.exe
1.3.2011 22:13:07 Odstraněno: Trojan.Win32.Diple.epu G:\luckasta\tamanten.exe
1.3.2011 22:28:56 Zjištěno: Trojan.Win32.BHO.beks H:\!!-=HUDBA=-\-=MIX=-\!!!VYPALIT!!!\-=HUDBA=-\SAMPLE\Traktor DJ Studio 2.53\Setup.exe/WISE0004.BIN
1.3.2011 22:30:00 Zjištěno: Trojan.Win32.BHO.beks H:\!!-=HUDBA=-\-=MIX=-\!!!VYPALIT!!!\-=HUDBA=-\SAMPLE\Traktor DJ Studio 2.53\Setup.exe/WISE0008.BIN
1.3.2011 22:30:46 Odstraněno: Trojan.Win32.BHO.beks H:\!!-=HUDBA=-\-=MIX=-\!!!VYPALIT!!!\-=HUDBA=-\SAMPLE\Traktor DJ Studio 2.53\Setup.exe
1.3.2011 22:31:17 Zjištěno: Trojan-Downloader.Win32.Small.anfu H:\!!-=HUDBA=-\-=MIX=-\Silvestr hudba\atomix-virtual-dj-professional-5.0-rev5.rar/Atomix Virtual DJ Professional 5.0 rev5/Virtual dj 5 Keygen/keygen.exe
1.3.2011 22:31:17 Neošetřeno: Trojan-Downloader.Win32.Small.anfu H:\!!-=HUDBA=-\-=MIX=-\Silvestr hudba\atomix-virtual-dj-professional-5.0-rev5.rar/Atomix Virtual DJ Professional 5.0 rev5/Virtual dj 5 Keygen/keygen.exe Zápis není podporován
1.3.2011 23:07:13 Zjištěno: Trojan.Win32.Vapsup.aecz H:\-=KARAOKE=-\Atomix Virtual DJ 5 0 R7 [With Effects] [h33t] [dinguskull]\Plugins[dinguskull]\Video Effects[dinguskull].rar/StripClub.dll
1.3.2011 23:07:13 Neošetřeno: Trojan.Win32.Vapsup.aecz H:\-=KARAOKE=-\Atomix Virtual DJ 5 0 R7 [With Effects] [h33t] [dinguskull]\Plugins[dinguskull]\Video Effects[dinguskull].rar/StripClub.dll Zápis není podporován
1.3.2011 23:09:57 Zjištěno: Backdoor.Win32.Hupigon.mcuc H:\-=PROGRAMY=-\wrar392cz.exe/Zip.SFX
1.3.2011 23:10:14 Odstraněno: Backdoor.Win32.Hupigon.mcuc H:\-=PROGRAMY=-\wrar392cz.exe
1.3.2011 23:15:48 Zjištěno: Exploit.Win32.MS05-016.h H:\-=PROGRAMY=-\NAVIGACE\TomTom7\Aktivator_map_nejen_pro_TT_7_9xx_v37.rar/Aktivator_map_nejen_pro_TT_7_9xx_v37/Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher/ttsystem_Patcher/Patcher.exe
1.3.2011 23:15:48 Neošetřeno: Exploit.Win32.MS05-016.h H:\-=PROGRAMY=-\NAVIGACE\TomTom7\Aktivator_map_nejen_pro_TT_7_9xx_v37.rar/Aktivator_map_nejen_pro_TT_7_9xx_v37/Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher/ttsystem_Patcher/Patcher.exe Zápis není podporován
1.3.2011 23:16:44 Zjištěno: Exploit.Win32.MS05-016.h H:\-=PROGRAMY=-\NAVIGACE\TomTom7\Aktivator_map_nejen_pro_TT_7_9xx_v37\Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher\ttsystem_Patcher\Patcher.exe
1.3.2011 23:16:56 Odstraněno: Exploit.Win32.MS05-016.h H:\-=PROGRAMY=-\NAVIGACE\TomTom7\Aktivator_map_nejen_pro_TT_7_9xx_v37\Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher\ttsystem_Patcher\Patcher.exe
1.3.2011 23:27:24 Zjištěno: Exploit.Win32.MS05-016.h H:\-=PROGRAMY=-\NAVIGACE - notebook\TomTom7\Aktivator_map_nejen_pro_TT_7_9xx_v37.rar/Aktivator_map_nejen_pro_TT_7_9xx_v37/Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher/ttsystem_Patcher/Patcher.exe
1.3.2011 23:27:24 Neošetřeno: Exploit.Win32.MS05-016.h H:\-=PROGRAMY=-\NAVIGACE - notebook\TomTom7\Aktivator_map_nejen_pro_TT_7_9xx_v37.rar/Aktivator_map_nejen_pro_TT_7_9xx_v37/Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher/ttsystem_Patcher/Patcher.exe Zápis není podporován
1.3.2011 23:33:11 Zjištěno: Exploit.Win32.MS05-016.h H:\-=PROGRAMY=-\NAVIGACE - notebook\TomTom7\Aktivator_map_nejen_pro_TT_7_9xx_v37\Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher\ttsystem_Patcher\Patcher.exe
1.3.2011 23:33:28 Odstraněno: Exploit.Win32.MS05-016.h H:\-=PROGRAMY=-\NAVIGACE - notebook\TomTom7\Aktivator_map_nejen_pro_TT_7_9xx_v37\Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher\ttsystem_Patcher\Patcher.exe
2.3.2011 0:10:08 Zjištěno: HackTool.Win32.BruteForce.ix H:\-=SKOLA=-\SKOLA_2\GameParkSetup1008.exe/data0001
2.3.2011 0:10:28 Odstraněno: HackTool.Win32.BruteForce.ix H:\-=SKOLA=-\SKOLA_2\GameParkSetup1008.exe
2.3.2011 0:11:40 Zjištěno: Trojan.Win32.Diple.epu H:\luckasta\tamanten.exe
2.3.2011 0:11:52 Odstraněno: Trojan.Win32.Diple.epu H:\luckasta\tamanten.exe
2.3.2011 0:11:53 Zjištěno: Trojan-Downloader.Win32.Small.hsg H:\System Volume Information\_restore{DEEF0CF0-4050-47EF-AA3B-2F72AB673874}\RP232\A0044178.exe/adv.exe/PE_Patch.Upolyx/UPX
2.3.2011 0:11:54 Odstraněno: Trojan-Downloader.Win32.Small.hsg H:\System Volume Information\_restore{DEEF0CF0-4050-47EF-AA3B-2F72AB673874}\RP232\A0044178.exe
2.3.2011 0:14:52 Zjištěno: Trojan-Downloader.Java.Agent.hx H:\ZALOHA DISK\C\Documents and Settings\lancer_bobek\Local Settings\Temp\jar_cache513.tmp/bpac/a.class
2.3.2011 0:14:53 Odstraněno: Trojan-Downloader.Java.Agent.hx H:\ZALOHA DISK\C\Documents and Settings\lancer_bobek\Local Settings\Temp\jar_cache513.tmp/bpac/a.class
2.3.2011 0:14:53 Zjištěno: Trojan-Downloader.Java.OpenConnection.cg H:\ZALOHA DISK\C\Documents and Settings\lancer_bobek\Local Settings\Temp\jar_cache513.tmp/bpac/KAVS.class
2.3.2011 0:14:53 Odstraněno: Trojan-Downloader.Java.OpenConnection.cg H:\ZALOHA DISK\C\Documents and Settings\lancer_bobek\Local Settings\Temp\jar_cache513.tmp/bpac/KAVS.class
2.3.2011 0:34:13 Zjištěno: Trojan-SMS.WinCE.Redoc.r H:\ZALOHA DISK\D\-=DOWNLOAD=-\DOKUMENTY\MioPocket_2.0_Release_32.7z/MioPocket_2.0_Release_32/MioAutoRun/Skin/GSThemes/showmio.exe
2.3.2011 0:34:13 Neošetřeno: Trojan-SMS.WinCE.Redoc.r H:\ZALOHA DISK\D\-=DOWNLOAD=-\DOKUMENTY\MioPocket_2.0_Release_32.7z/MioPocket_2.0_Release_32/MioAutoRun/Skin/GSThemes/showmio.exe Zápis není podporován
2.3.2011 0:34:26 Zjištěno: Trojan-SMS.WinCE.Redoc.r H:\ZALOHA DISK\D\-=DOWNLOAD=-\DOKUMENTY\MioPocket_2.0_R41.7z/MioPocket 2.0 R41/MioAutoRun/Skin/GSThemes/showmio.exe
2.3.2011 0:34:26 Neošetřeno: Trojan-SMS.WinCE.Redoc.r H:\ZALOHA DISK\D\-=DOWNLOAD=-\DOKUMENTY\MioPocket_2.0_R41.7z/MioPocket 2.0 R41/MioAutoRun/Skin/GSThemes/showmio.exe Zápis není podporován
2.3.2011 0:35:28 Zjištěno: Trojan-SMS.WinCE.Redoc.r H:\ZALOHA DISK\D\-=DOWNLOAD=-\DOKUMENTY\MioPocket 2.0 Release 46.zip/MioPocket 2.0 Release 46/MioAutoRun/Skin/GSThemes/showmio.exe
2.3.2011 0:35:50 Zjištěno: Trojan-SMS.WinCE.Redoc.r H:\ZALOHA DISK\D\-=DOWNLOAD=-\DOKUMENTY\MioPocket_3.0_Release_47.zip/MioPocket 3.0 Release 47/MioAutoRun/Skin/GSThemes/showmio.exe
2.3.2011 0:35:52 Odstraněno: Trojan-SMS.WinCE.Redoc.r H:\ZALOHA DISK\D\-=DOWNLOAD=-\DOKUMENTY\MioPocket 2.0 Release 46.zip/MioPocket 2.0 Release 46/MioAutoRun/Skin/GSThemes/showmio.exe
2.3.2011 0:36:20 Odstraněno: Trojan-SMS.WinCE.Redoc.r H:\ZALOHA DISK\D\-=DOWNLOAD=-\DOKUMENTY\MioPocket_3.0_Release_47.zip/MioPocket 3.0 Release 47/MioAutoRun/Skin/GSThemes/showmio.exe
2.3.2011 0:38:19 Zjištěno: Trojan-SMS.WinCE.Redoc.r H:\ZALOHA DISK\D\-=DOWNLOAD=-\DOKUMENTY\moov_unlock.zip/MOOV_UNLOCK/MioAutoRun/Skin/GSThemes/showmio.exe
2.3.2011 0:38:35 Odstraněno: Trojan-SMS.WinCE.Redoc.r H:\ZALOHA DISK\D\-=DOWNLOAD=-\DOKUMENTY\moov_unlock.zip/MOOV_UNLOCK/MioAutoRun/Skin/GSThemes/showmio.exe
2.3.2011 0:46:20 Zjištěno: Trojan-Downloader.Win32.Small.anfu H:\ZALOHA DISK\D\-=DOWNLOAD=-\PROGRAMY\atomix-virtual-dj-professional-5.0-rev5.rar/Atomix Virtual DJ Professional 5.0 rev5/Virtual dj 5 Keygen/keygen.exe
2.3.2011 0:46:20 Neošetřeno: Trojan-Downloader.Win32.Small.anfu H:\ZALOHA DISK\D\-=DOWNLOAD=-\PROGRAMY\atomix-virtual-dj-professional-5.0-rev5.rar/Atomix Virtual DJ Professional 5.0 rev5/Virtual dj 5 Keygen/keygen.exe Zápis není podporován
2.3.2011 0:58:40 Zjištěno: Trojan.Win32.Vapsup.aecz H:\ZALOHA DISK\D\-=DOWNLOAD=-\PROGRAMY\Atomix Virtual DJ 5 0 R7 [With Effects] [h33t] [dinguskull]\Plugins[dinguskull]\Video Effects[dinguskull].rar/StripClub.dll
2.3.2011 0:58:40 Neošetřeno: Trojan.Win32.Vapsup.aecz H:\ZALOHA DISK\D\-=DOWNLOAD=-\PROGRAMY\Atomix Virtual DJ 5 0 R7 [With Effects] [h33t] [dinguskull]\Plugins[dinguskull]\Video Effects[dinguskull].rar/StripClub.dll Zápis není podporován
2.3.2011 1:12:29 Zjištěno: Trojan-Dropper.Win32.Agent.dolb H:\ZALOHA DISK\D\-=DOWNLOAD=-\PROGRAMY\SLOVNIKY\Eurotran\Eurotranslator03.ISO/KEYGEN.EXE
2.3.2011 1:12:29 Neošetřeno: Trojan-Dropper.Win32.Agent.dolb H:\ZALOHA DISK\D\-=DOWNLOAD=-\PROGRAMY\SLOVNIKY\Eurotran\Eurotranslator03.ISO/KEYGEN.EXE Zápis není podporován
2.3.2011 1:19:26 Zjištěno: Trojan.Win32.BHO.beks H:\ZALOHA DISK\E\!!!VYPALIT!!!\-=HUDBA=-\DANCE\SAMPLE\Traktor DJ Studio 2.53\Setup.exe/WISE0004.BIN
2.3.2011 1:19:44 Zjištěno: Trojan.Win32.BHO.beks H:\ZALOHA DISK\E\!!!VYPALIT!!!\-=HUDBA=-\DANCE\SAMPLE\Traktor DJ Studio 2.53\Setup.exe/WISE0008.BIN
2.3.2011 1:20:04 Odstraněno: Trojan.Win32.BHO.beks H:\ZALOHA DISK\E\!!!VYPALIT!!!\-=HUDBA=-\DANCE\SAMPLE\Traktor DJ Studio 2.53\Setup.exe
2.3.2011 1:22:47 Zjištěno: not-a-virus:AdWare.Win32.BetterInternet.ahh H:\ZALOHA DISK\E\-=DOWNLOAD=-\!!!VYPALIT!!!\-=PROGRAMY=-\ddr-1.6.exe
2.3.2011 1:23:24 Odstraněno: not-a-virus:AdWare.Win32.BetterInternet.ahh H:\ZALOHA DISK\E\-=DOWNLOAD=-\!!!VYPALIT!!!\-=PROGRAMY=-\ddr-1.6.exe
2.3.2011 1:23:27 Zjištěno: HackTool.Win32.BruteForce.ix H:\ZALOHA DISK\E\-=DOWNLOAD=-\!!!VYPALIT!!!\-=PROGRAMY=-\GameParkSetup1008.exe/data0001
2.3.2011 1:23:28 Odstraněno: HackTool.Win32.BruteForce.ix H:\ZALOHA DISK\E\-=DOWNLOAD=-\!!!VYPALIT!!!\-=PROGRAMY=-\GameParkSetup1008.exe
2.3.2011 1:27:12 Zjištěno: Trojan-Spy.Win32.Agent.ept H:\ZALOHA DISK\E\-=SKOLA=-\GS2\install_cg2p_1_3_1_eval_en-uk.exe/#/Callexinstall
2.3.2011 1:27:35 Odstraněno: Trojan-Spy.Win32.Agent.ept H:\ZALOHA DISK\E\-=SKOLA=-\GS2\install_cg2p_1_3_1_eval_en-uk.exe
2.3.2011 1:35:05 Zjištěno: Trojan-PSW.Win32.Dybalom.lq H:\ZALOHA DISK\E\POCITAC TATKA\Total.Commander.v7.50.Multilingual.WinALL.Cracked-BLiZZARD.rar/tcmd750.exe/data0002
2.3.2011 1:35:05 Neošetřeno: Trojan-PSW.Win32.Dybalom.lq H:\ZALOHA DISK\E\POCITAC TATKA\Total.Commander.v7.50.Multilingual.WinALL.Cracked-BLiZZARD.rar/tcmd750.exe/data0002 Zápis není podporován
2.3.2011 1:38:47 Zjištěno: Trojan.Win32.Diple.epu I:\luckasta\tamanten.exe
2.3.2011 1:38:58 Odstraněno: Trojan.Win32.Diple.epu I:\luckasta\tamanten.exe
2.3.2011 1:44:45 Zjištěno: Trojan.Win32.Diple.epu J:\luckasta\tamanten.exe
2.3.2011 1:44:57 Odstraněno: Trojan.Win32.Diple.epu J:\luckasta\tamanten.exe
2.3.2011 1:44:58 Úloha byla dokončena

lancer_bobek · #21 Příspěvek od **lancer_bobek** » 02 bře 2011 07:16

Jen připomínám, že mi stále nejdou spouštět programy, od posledního proběhnutí Scriptu v ComboFixu. Pouštím je přes pravé tlačitko a spustit jako správce a otevření txt souborů s logem, ktere jako spravce i tak nespustím řeším pres total commander a F3 na souboru

Doufam ze to po restartu zmizi. pocitac mam radeji zaply v kuse

#22 Příspěvek od **Caroprd111** » 02 bře 2011 17:29

Restartujte PC a napište, jak se chová. Vyměnitelné jednotky pokud možno zformátujte.

Obrázek

Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe

Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.

lancer_bobek · #23 Příspěvek od **lancer_bobek** » 02 bře 2011 17:42

POčítač restartován.. Na vyměnitelných médiích zatím nic. Akorát exter obsahuje složky luckasta a RECYCLE.BIN ale jsou prazdne, nic v nich neni.. Mam odinstalovat kaspersky removal?

#24 Příspěvek od **Caroprd111** » 02 bře 2011 17:48

Ano, můžete odinstalovat. Ještě log z CKScaneru.

lancer_bobek · #25 Příspěvek od **lancer_bobek** » 02 bře 2011 18:10

Zde je log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\game\age of empires iii\crack\age3.exe
c:\program files\corel\corel graphics 12\custom data\bumpmap\cracks.cpt
c:\program files\corel\corel graphics 12\custom data\canvas\cracks2c.pcx
c:\program files\corel\corel graphics 12\custom data\tiles\cracks2m.cpt
scanner sequence 3.CA.11
----- EOF -----

#26 Příspěvek od **Caroprd111** » 02 bře 2011 18:49

Problém se spouštěním se už nevyskytuje?

lancer_bobek · #27 Příspěvek od **lancer_bobek** » 02 bře 2011 18:51

Nevyskytuje. Programy jdou všechny spustit korektně.

lancer_bobek · #28 Příspěvek od **lancer_bobek** » 02 bře 2011 19:07

Mohu z externího disku smazat složky luckasta, autorun.inf a RECYCLE.BIN?

#29 Příspěvek od **Caroprd111** » 02 bře 2011 19:22

luckasta můžete smazat. autorun.inf je vakcinace proti další nákaze, doporučuji ponechat. RECYCLE.BIN je systémová složka koše, také ponechat.

Obrázek

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše


:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

:OTL
O4 - HKLM..\RunOnce: [] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

Files:
c:\game\age of empires iii

Klikněte na Opravit, PC se restartuje, log vložte sem.

lancer_bobek · #30 Příspěvek od **lancer_bobek** » 02 bře 2011 19:55

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HASH
->Temp folder emptied: 33888 bytes
->Temporary Internet Files folder emptied: 37571 bytes
->Java cache emptied: 6645536 bytes
->Google Chrome cache emptied: 158045957 bytes
->Flash cache emptied: 1417 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 5858947 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 163,00 mb

VIRY.CZ

Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf

Re: Další autorun.inf