############################## | UsbFix V 7.171 | [Clean]
User: Jaroslav (Administrator) # POKOJIK
Updated 18/05/2014 by El Desaparecido - SosVirus
Started at 08:47:49 | 06/07/2014
Website :
http://www.en.usbfix.net/
Changelog :
http://www.en.usbfix.net/changelog/
Support :
http://en.kioskea.net/forum/viruses-security-7
Upload Malware :
http://www.sosvirus.net/upload_malware.php
Contact :
http://www.en.usbfix.net/contact/
PC: ASRock (G41M-S3)
CPU: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
RAM -> [Total : 3518 Mo| Free : 1946 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 8.0.6001.19401
WB: Google Chrome : 35.0.1916.153
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: AVG AntiVirus Free Edition 2014 [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: AVG AntiVirus Free Edition 2014 [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]
C:\ (%SystemDrive%) -> Fixed drive # 239 Gb (48 Mb free - 20%) [System] # NTFS
D:\ -> Fixed drive # 227 Gb (125 Mb free - 55%) [Data] # NTFS
E:\ -> CD-ROM
J:\ -> CD-ROM
K:\ -> CD-ROM
L:\ -> CD-ROM
M:\ -> CD-ROM
N:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [PENDRIVE] # FAT32
O:\ -> Removable drive # 2 Gb (2 Mb free - 99%) [] # FAT
################## | Stopped processes |
C:\Windows\System32\atiesrxx.exe (ID: 1292|ParentID: 932)
C:\Windows\System32\SLsvc.exe (ID: 1548|ParentID: 932)
C:\Windows\System32\atieclxx.exe (ID: 1620|ParentID: 1292|SYSTEM)
C:\Windows\explorer.exe (ID: 124|ParentID: 1988|Jaroslav)
C:\Windows\System32\spoolsv.exe (ID: 468|ParentID: 932|SYSTEM)
C:\Windows\System32\taskeng.exe (ID: 480|ParentID: 1356|SYSTEM)
C:\Windows\System32\taskeng.exe (ID: 2136|ParentID: 1356|Jaroslav)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 2304|ParentID: 932|SYSTEM)
C:\Program Files\AVG\AVG2014\avgwdsvc.exe (ID: 2352|ParentID: 932|SYSTEM)
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (ID: 2388|ParentID: 932|SYSTEM)
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (ID: 2976|ParentID: 932|SYSTEM)
C:\Windows\System32\IoctlSvc.exe (ID: 3056|ParentID: 932|SYSTEM)
C:\Windows\System32\SearchIndexer.exe (ID: 3208|ParentID: 932|SYSTEM)
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (ID: 3328|ParentID: 2744|Jaroslav)
C:\Windows\System32\WUDFHost.exe (ID: 3348|ParentID: 1344|LOCAL SERVICE)
C:\Program Files\QuickTime\QTTask.exe (ID: 3804|ParentID: 124|Jaroslav)
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (ID: 3812|ParentID: 124|Jaroslav)
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (ID: 3820|ParentID: 124|Jaroslav)
C:\Windows\RtHDVCpl.exe (ID: 3956|ParentID: 124|Jaroslav)
C:\Program Files\AVG\AVG2014\avgui.exe (ID: 3972|ParentID: 124|Jaroslav)
C:\Windows\ehome\ehtray.exe (ID: 3980|ParentID: 124|Jaroslav)
C:\Program Files\DAEMON Tools Lite\DTLite.exe (ID: 3992|ParentID: 124|Jaroslav)
C:\Program Files\Steam\Steam.exe (ID: 4000|ParentID: 124|Jaroslav)
C:\Program Files\Skype\Phone\Skype.exe (ID: 4032|ParentID: 124|Jaroslav)
C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe (ID: 4052|ParentID: 124|Jaroslav)
C:\Program Files\RALINK\Common\RaUI.exe (ID: 2280|ParentID: 124|Jaroslav)
C:\Windows\ehome\ehmsas.exe (ID: 3156|ParentID: 1108|Jaroslav)
C:\Program Files\Common Files\Steam\SteamService.exe (ID: 1796|ParentID: 932|SYSTEM)
C:\Windows\System32\SearchProtocolHost.exe (ID: 5052|ParentID: 3208|SYSTEM)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3112|ParentID: 124|Jaroslav)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4276|ParentID: 3112|Jaroslav)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5728|ParentID: 3112|Jaroslav)
################## | Autorun |
N:\tmpB549.lnk -> N:\Hack.vbs - (SHA1: 1C89BDD497F06B6A93CFD24B95717A57495FA7FE)
N:\Hack.lnk -> N:\bygnssroft.vbs -
VirusTotal - (
1/
53)
N:\maya2.lnk -> N:\Hack.vbs - (SHA1: 1C89BDD497F06B6A93CFD24B95717A57495FA7FE)
N:\fatii.lnk -> N:\zineb.vbs - (SHA1: 1C89BDD497F06B6A93CFD24B95717A57495FA7FE)
N:\swjykewdjn.lnk -> N:\zineb.vbs - (SHA1: 1C89BDD497F06B6A93CFD24B95717A57495FA7FE)
N:\tmpC06C.lnk -> N:\tmpC1C1.tmp.vbs - (SHA1: E800BE94FAEBF520FD6600AB0AB55AAF64F65BC6)
N:\cqxqjtcyil.lnk -> N:\mifwnxrkkw.vbs - (SHA1: 857220001D97B15B8F96F2406EC5A8CD567555DD)
N:\tmpD563.lnk -> N:\zineb.vbs - (SHA1: 1C89BDD497F06B6A93CFD24B95717A57495FA7FE)
################## | Generic Research |
Deleted ! C:\Users\Jaroslav\AppData\Roaming\tmpB549.tmp.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bygnssroft.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cqxqjtcyil.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ojxerkoomt.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swjykewdjn.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp1286.tmp.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD563.tmp.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF72A.tmp.vbs
Not deleted ! N:\ojxerkoomt.vbs
Not deleted ! N:\tmpC1C1.tmp.vbs
Not deleted ! N:\cqxqjtcyil.vbs
Not deleted ! N:\tmp1286.tmp.vbs
Not deleted ! N:\swjykewdjn.vbs
Not deleted ! N:\bygnssroft.vbs
Not deleted ! N:\zineb.vbs
Not deleted ! N:\tmpD563.tmp.vbs
Not deleted ! N:\fatii.vbs
Not deleted ! N:\mifwnxrkkw.vbs
Not deleted ! N:\sbmevtjvqr.vbs
Not deleted ! N:\tmpF72A.tmp.vbs
Not deleted ! N:\tmpC06C.tmp.vbs
Not deleted ! N:\zypkinsgzm.vbs
Not deleted ! N:\tmpB549.tmp.vbs
Not deleted ! N:\maya2.vbs
Not deleted ! N:\Hack.vbs
Not deleted ! O:\tmpC1C1.tmp.vbs
Not deleted ! O:\mifwnxrkkw.vbs
Not deleted ! O:\zineb.vbs
Not deleted ! O:\cc.vbs
Not deleted ! O:\fatii.vbs
Not deleted ! O:\Hack.vbs
Not deleted ! O:\tmpB549.tmp.vbs
Not deleted ! O:\tmpC06C.tmp.vbs
Not deleted ! O:\ojxerkoomt.vbs
Not deleted ! O:\tmpF72A.tmp.vbs
Not deleted ! O:\swjykewdjn.vbs
Not deleted ! O:\tmp1286.tmp.vbs
Not deleted ! O:\tmpD563.tmp.vbs
Not deleted ! O:\sbmevtjvqr.vbs
Not deleted ! O:\bygnssroft.vbs
Not deleted ! O:\cqxqjtcyil.vbs
Not deleted ! O:\zypkinsgzm.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\bygnssroft.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\cqxqjtcyil.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\ojxerkoomt.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\swjykewdjn.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\tmp1286.tmp.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\tmpD563.tmp.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\tmpF72A.tmp.vbs
Deleted ! C:\ProgramData\startup.exe.tmp
Not deleted ! O:\cc.lnk
Not deleted ! D:\backups\backup-20140702-214257-158-cqxqjtcyil.vbs
Not deleted ! D:\backups\backup-20140702-214257-273-bygnssroft.vbs
Not deleted ! D:\backups\backup-20140702-214258-475-sbmevtjvqr.vbs
Not deleted ! D:\backups\backup-20140702-214258-788-ojxerkoomt.vbs
Not deleted ! D:\backups\backup-20140702-214259-118-tmpB549.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214259-615-tmp1286.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214259-808-swjykewdjn.vbs
Not deleted ! D:\backups\backup-20140702-214300-225-tmpD563.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214300-420-tmpC06C.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214300-779-tmpF72A.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214531-922-bygnssroft.vbs
Not deleted ! D:\backups\backup-20140702-214532-228-cqxqjtcyil.vbs
Not deleted ! D:\backups\backup-20140702-214533-148-ojxerkoomt.vbs
Not deleted ! D:\backups\backup-20140702-214533-959-swjykewdjn.vbs
Not deleted ! D:\backups\backup-20140702-214533-980-sbmevtjvqr.vbs
Not deleted ! D:\backups\backup-20140702-214534-155-tmpF72A.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214534-255-tmpC06C.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214534-397-tmpB549.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214534-665-tmpD563.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214534-725-tmp1286.tmp.vbs
Not deleted ! D:\backups\backup-20140702-215927-125-tmpC06C.tmp.vbs
Not deleted ! D:\backups\backup-20140702-215927-186-tmpD563.tmp.vbs
Not deleted ! D:\backups\backup-20140702-215927-187-cqxqjtcyil.vbs
Not deleted ! D:\backups\backup-20140702-215927-244-bygnssroft.vbs
Not deleted ! D:\backups\backup-20140702-215927-471-tmpF72A.tmp.vbs
Not deleted ! D:\backups\backup-20140702-215927-635-tmp1286.tmp.vbs
Not deleted ! D:\backups\backup-20140705-122933-233-tmpB549.tmp.vbs
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKCU\Software\1115e276bce63bb876700897eec682be
Deleted ! HKCU\Software\13603a3924dbc6e34aad317c792bf777
Deleted ! HKCU\Software\1ff6f5599bec1de4679ea3986dedecbb
Deleted ! HKCU\Software\2083d7476bfa49d1d0a23c1521b17b1c
Deleted ! HKCU\Software\2876100a7a65146307ea64b38e8168b2
Deleted ! HKCU\Software\377f7af313f50051964a6a79266dd3f2
Deleted ! HKCU\Software\39d3f79b4647f591e9ed75c0ea686ce1
Deleted ! HKCU\Software\41adef35193af9c7dfa0d83d104fd4b2
Deleted ! HKCU\Software\4e87631609bc3b779afba9d966c8a46e
Deleted ! HKCU\Software\556ae9a87b9d03fc308da55a41fb2051
Deleted ! HKCU\Software\5720e0f0e5439773eb3f8f3c8e4682e2
Deleted ! HKCU\Software\5d132a58c964d93f0e2c5d3677b77dd0
Deleted ! HKCU\Software\620c405a1996ebad6b722a94ff64a3ab
Deleted ! HKCU\Software\6ce7fe29bbde9dda95a2682dafb589c8
Deleted ! HKCU\Software\767fe7a709b339c6654ee9f7d63b6741
Deleted ! HKCU\Software\78af3a6e36d915e3a7f07b4445f20a4e
Deleted ! HKCU\Software\85447ceae0c0ccbb7e9bfb18336e64e2
Deleted ! HKCU\Software\b43cd96410700cc6f304ef9ae8269bf9
Deleted ! HKCU\Software\e2c7788d8bbe87e19f4a16c516739d31
Deleted ! HKCU\Software\e97ce85fd98bfdae556d0283229fe1d5
Deleted ! HKCU\Software\ea1cb9e83f6b246592fd5c5f5c8a4403
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|bygnssroft
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|cqxqjtcyil
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|ojxerkoomt
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|swjykewdjn
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|tmp1286
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|tmpD563
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|tmpF72A
Deleted ! HKCU|di
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{07ee5ac0-54e9-11e1-8f34-806e6f6e6963}
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{610af009-c222-11df-b0f5-002421aade90}
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{803aecc5-ec9a-11e2-8d65-806e6f6e6963}
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{b924d119-2e47-11e3-a0c8-bc5ff4032359}
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{bd14658f-11e3-11e0-943d-002421aade90}
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{e51e307e-a88e-11df-9e47-002421aade90}
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [ehTray.exe] C:\Windows\ehome\ehTray.exe
04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKCU\..\Run : [Steam] "C:\Program Files\Steam\steam.exe" -silent
04 - HKCU\..\Run : [AVG-Secure-Search-Update_0614a] C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe /PROMPT /mid=9eb46cab341847d2941b6d16b2e7caaa-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0614a
04 - HKLM\..\Run : [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
04 - HKLM\..\Run : [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [RtHDVCpl] RtHDVCpl.exe
04 - HKLM\..\Run : [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\..\Run : [ehTray.exe] C:\Windows\ehome\ehTray.exe
04 - HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\..\Run : [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\..\Run : [Steam] "C:\Program Files\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\..\Run : [AVG-Secure-Search-Update_0614a] C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe /PROMPT /mid=9eb46cab341847d2941b6d16b2e7caaa-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0614a
################## | UsbFix - Information |
UsbFix has detected on your computer, an infection which a Keylogger function.
After cleaning with UsbFix, please modify all your passwords.
If you made purchases on Internet,
please contact your bank to enviseager an opposition on your bank card.
Info (Fr) :
http://www.sosvirus.net/infection-dinihou-vous-explique-son-fonctionnement-t4852.html
Info (Fr) :
http://www.sosvirus.net/les-infections-via-usb-t4948.html
################## | C:\ %SystemDrive% - Fixed drive (NTFS) |
[06/07/2014 - 06:37:24 | N | 22 Ko] - C:\MBAM_1.txt
[06/07/2014 - 07:06:34 | N | 2 Ko] - C:\MBAM_2.txt
[06/07/2014 - 07:39:00 | N | 1 Ko] - C:\MBAM_3.txt
[06/07/2014 - 08:20:33 | N | 1 Ko] - C:\avenger.txt
[18/09/2006 - 23:43:37 | N | 0 Ko] - C:\config.sys
[14/09/2009 - 17:55:08 | RASH | 0 Ko] - C:\IO.SYS
[14/09/2009 - 17:55:08 | RASH | 0 Ko] - C:\MSDOS.SYS
[06/07/2014 - 08:20:52 | ASH | 3910032 Ko] - C:\pagefile.sys
[12/06/2009 - 21:49:41 | N | 0 Ko] - C:\RHDSetup.log
[09/09/2012 - 09:46:14 | N | 0 Ko] - C:\user.js
[03/09/2009 - 15:22:14 | SHD] - C:\$Recycle.Bin
[18/09/2006 - 23:43:36 | A | 0 Ko] - C:\autoexec.bat
[08/06/2009 - 17:02:24 | RAS | 8 Ko] - C:\BOOTSECT.BAK
[21/01/2008 - 04:32:31 | D] - C:\PerfLogs
[10/04/2009 - 23:36:38 | RASH | 325 Ko] - C:\bootmgr
[08/06/2009 - 16:43:13 | SHD] - C:\Boot
[12/06/2009 - 21:48:30 | D] - C:\Intel
[03/09/2009 - 15:09:47 | SHD] - C:\Documents and Settings
[04/09/2009 - 09:46:13 | RHD] - C:\MSOCache
[21/04/2013 - 19:02:19 | D] - C:\tp
[22/06/2013 - 16:52:48 | D] - C:\Temp
[30/11/2013 - 14:28:52 | D] - C:\asasins 2
[15/05/2014 - 15:15:48 | D] - C:\Users
[02/07/2014 - 18:55:09 | D] - C:\$AVG
[03/07/2014 - 20:46:46 | D] - C:\Games
[05/07/2014 - 07:12:07 | D] - C:\Windows
[05/07/2014 - 12:31:31 | D] - C:\rsit
[05/07/2014 - 18:04:31 | SHD] - C:\System Volume Information
[06/07/2014 - 07:25:11 | D] - C:\Program Files
[06/07/2014 - 08:21:18 | D] - C:\Avenger
[06/07/2014 - 08:46:33 | D] - C:\UsbFix
[06/07/2014 - 08:51:11 | HD] - C:\ProgramData
################## | D:\ - Fixed drive (NTFS) |
[05/07/2014 - 07:37:29 | N | 9 Ko] - D:\hijackthis.log
[02/07/2014 - 18:46:26 | N | 146868 Ko |
VirusTotal - (0/36)] - D:\avg_free_x86_all_2014_4569a7320.exe
[02/07/2014 - 21:27:11 | N | 380 Ko |
VirusTotal - (
1/
54)] - D:\HijackThis.exe
[05/07/2014 - 12:21:29 | N | 764 Ko |
VirusTotal - (
3/
48)] - D:\RSIT.exe
[05/07/2014 - 14:52:02 | N | 10044 Ko |
VirusTotal - (0/54)] - D:\mbam-setup-1.75.0.1300.exe
[06/07/2014 - 08:18:47 | N | 714 Ko |
VirusTotal - (
8/
54)] - D:\avenger.exe
[06/07/2014 - 08:43:35 | N | 2979 Ko |
VirusTotal - (
3/
54)] - D:\UsbFix-7.171.exe
[03/09/2009 - 15:34:03 | SHD] - D:\$RECYCLE.BIN
[02/07/2014 - 20:49:11 | N | 757 Ko] - D:\Autorun Shortcut USB_Virus_Remover V1.0.5.exe.7z
[04/09/2009 - 18:13:24 | D] - D:\MRAVENCI
[04/09/2009 - 18:14:52 | D] - D:\moorhuhn
[04/09/2009 - 18:16:03 | D] - D:\KOULOVANÁ
[04/09/2009 - 18:16:35 | D] - D:\Funny Furries 2 Xmas
[04/09/2009 - 18:26:12 | D] - D:\ÚDRŽBA
[04/09/2009 - 18:28:15 | D] - D:\Noid'99
[05/09/2009 - 07:14:52 | D] - D:\LIDULA
[15/10/2009 - 17:45:04 | D] - D:\PŘEBRAT A SMAZAT
[15/01/2010 - 20:17:49 | D] - D:\POKUS
[09/02/2010 - 18:23:03 | D] - D:\POŠTA
[28/12/2010 - 12:50:58 | D] - D:\Mafia 1
[19/03/2012 - 19:41:20 | D] - D:\reslists
[19/03/2012 - 19:41:20 | D] - D:\mediabrowser
[19/03/2012 - 19:41:20 | D] - D:\gldrv
[27/03/2012 - 16:57:59 | D] - D:\Mirror´s Edge
[07/05/2012 - 11:23:40 | D] - D:\Program Files
[12/05/2012 - 08:42:38 | D] - D:\java
[27/06/2012 - 23:53:58 | D] - D:\TeamSpeak3
[19/09/2012 - 17:34:30 | D] - D:\1MOJE
[19/09/2012 - 18:30:50 | D] - D:\FOTKY
[19/09/2012 - 18:39:30 | D] - D:\MP3
[21/12/2012 - 20:39:10 | D] - D:\Mafie2
[02/03/2013 - 11:54:59 | SHD] - D:\System Volume Information
[31/03/2013 - 16:13:46 | D] - D:\Lego Star Wars - The Complete Saga
[24/05/2013 - 17:12:52 | D] - D:\Metro 2033
[24/05/2013 - 17:29:34 | D] - D:\metro
[10/06/2013 - 16:17:03 | D] - D:\StepMania
[22/06/2013 - 17:17:16 | D] - D:\Oblivion
[23/06/2013 - 11:55:02 | D] - D:\Mafia 2 CZ
[06/07/2013 - 09:58:17 | D] - D:\platform
[21/08/2013 - 14:52:47 | D] - D:\db07c335984b887d14e03dbb
[26/10/2013 - 15:07:17 | D] - D:\nelze smazat 1
[15/12/2013 - 12:59:48 | D] - D:\asasins
[27/06/2014 - 19:28:18 | D] - D:\HyperCam3
[03/07/2014 - 21:57:05 | D] - D:\$AVG
[05/07/2014 - 12:29:33 | D] - D:\backups
################## | N:\ - Removable drive (FAT32) |
[27/06/2014 - 14:29:50 | N | 29 Ko |
VirusTotal - (0/52)] - N:\mifwnxrkkw.vbs
[28/06/2014 - 13:09:44 | N | 29 Ko |
VirusTotal - (0/52)] - N:\zypkinsgzm.vbs
[28/06/2014 - 18:01:54 | N | 29 Ko |
VirusTotal - (0/52)] - N:\Hack.vbs
[28/06/2014 - 18:30:36 | N | 29 Ko |
VirusTotal - (0/52)] - N:\fatii.vbs
[28/06/2014 - 18:32:48 | N | 179 Ko |
VirusTotal - (0/52)] - N:\tmpC06C.tmp.vbs
[28/06/2014 - 18:56:46 | N | 179 Ko |
VirusTotal - (0/52)] - N:\tmpB549.tmp.vbs
[28/06/2014 - 19:30:18 | N | 29 Ko |
VirusTotal - (0/52)] - N:\zineb.vbs
[28/06/2014 - 20:31:52 | N | 170 Ko |
VirusTotal - (0/52)] - N:\tmpC1C1.tmp.vbs
[29/06/2014 - 15:08:00 | N | 29 Ko |
VirusTotal - (0/52)] - N:\tmpD563.tmp.vbs
[29/06/2014 - 15:19:44 | N | 29 Ko |
VirusTotal - (0/52)] - N:\swjykewdjn.vbs
[29/06/2014 - 15:20:14 | N | 29 Ko |
VirusTotal - (0/52)] - N:\ojxerkoomt.vbs
[29/06/2014 - 15:20:16 | N | 29 Ko |
VirusTotal - (0/52)] - N:\tmp1286.tmp.vbs
[29/06/2014 - 15:27:56 | N | 29 Ko |
VirusTotal - (0/52)] - N:\bygnssroft.vbs
[29/06/2014 - 15:43:50 | N | 29 Ko |
VirusTotal - (0/52)] - N:\cqxqjtcyil.vbs
[29/06/2014 - 17:15:56 | N | 29 Ko |
VirusTotal - (0/52)] - N:\tmpF72A.tmp.vbs
[29/06/2014 - 17:32:24 | N | 29 Ko |
VirusTotal - (0/52)] - N:\sbmevtjvqr.vbs
[02/07/2014 - 21:50:48 | N | 29 Ko |
VirusTotal - (0/52)] - N:\maya2.vbs
[02/07/2014 - 21:59:46 | N | 1 Ko] - N:\tmpB549.lnk
[02/07/2014 - 21:59:46 | N | 1 Ko] - N:\Hack.lnk
[02/07/2014 - 21:59:48 | N | 1 Ko] - N:\maya2.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\fatii.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\swjykewdjn.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\tmpC06C.lnk
[02/07/2014 - 21:59:52 | N | 0 Ko] - N:\mifwnxrkkw.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\cqxqjtcyil.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\tmpD563.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\tmpF72A.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\zypkinsgzm.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\bygnssroft.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\zineb.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\ojxerkoomt.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\tmp1286.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\tmpC1C1.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\sbmevtjvqr.lnk
################## | O:\ - Removable drive (FAT) |
[27/06/2014 - 14:29:50 | N | 29 Ko |
VirusTotal - (0/52)] - O:\mifwnxrkkw.vbs
[27/06/2014 - 20:52:30 | N | 14 Ko |
VirusTotal - (0/52)] - O:\cc.vbs
[28/06/2014 - 13:09:44 | N | 29 Ko |
VirusTotal - (0/52)] - O:\zypkinsgzm.vbs
[28/06/2014 - 18:01:54 | N | 29 Ko |
VirusTotal - (0/52)] - O:\Hack.vbs
[28/06/2014 - 18:30:36 | N | 29 Ko |
VirusTotal - (0/52)] - O:\fatii.vbs
[28/06/2014 - 18:32:48 | N | 179 Ko |
VirusTotal - (0/52)] - O:\tmpC06C.tmp.vbs
[28/06/2014 - 18:56:46 | N | 179 Ko |
VirusTotal - (0/52)] - O:\tmpB549.tmp.vbs
[28/06/2014 - 19:30:18 | N | 29 Ko |
VirusTotal - (0/52)] - O:\zineb.vbs
[28/06/2014 - 20:31:52 | N | 170 Ko |
VirusTotal - (0/52)] - O:\tmpC1C1.tmp.vbs
[29/06/2014 - 15:08:00 | N | 29 Ko |
VirusTotal - (0/52)] - O:\tmpD563.tmp.vbs
[29/06/2014 - 15:19:44 | N | 29 Ko |
VirusTotal - (0/52)] - O:\swjykewdjn.vbs
[29/06/2014 - 15:20:14 | N | 29 Ko |
VirusTotal - (0/52)] - O:\ojxerkoomt.vbs
[29/06/2014 - 15:20:16 | N | 29 Ko |
VirusTotal - (0/52)] - O:\tmp1286.tmp.vbs
[29/06/2014 - 15:27:56 | N | 29 Ko |
VirusTotal - (0/52)] - O:\bygnssroft.vbs
[29/06/2014 - 15:43:50 | N | 29 Ko |
VirusTotal - (0/52)] - O:\cqxqjtcyil.vbs
[29/06/2014 - 17:15:56 | N | 29 Ko |
VirusTotal - (0/52)] - O:\tmpF72A.tmp.vbs
[29/06/2014 - 17:32:24 | N | 29 Ko |
VirusTotal - (0/52)] - O:\sbmevtjvqr.vbs
[02/07/2014 - 21:03:06 | N | 1 Ko] - O:\LAN_Vista64_Vista(6218)(G41).lnk
[02/07/2014 - 21:03:06 | N | 1 Ko] - O:\System Volume Information.lnk
[02/07/2014 - 21:03:14 | N | 1 Ko] - O:\swjykewdjn.lnk
[02/07/2014 - 21:03:14 | N | 1 Ko] - O:\tmp1286.lnk
[02/07/2014 - 21:03:16 | N | 1 Ko] - O:\tmpC06C.lnk
[02/07/2014 - 21:03:16 | N | 1 Ko] - O:\tmpD563.lnk
[02/07/2014 - 21:03:16 | N | 1 Ko] - O:\cc.lnk
[02/07/2014 - 21:03:16 | N | 1 Ko] - O:\ojxerkoomt.lnk
[02/07/2014 - 21:03:16 | N | 1 Ko] - O:\tmpC1C1.lnk
[02/07/2014 - 21:03:18 | N | 0 Ko] - O:\Hack.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\tmpF72A.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\tmpB549.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\fatii.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\sbmevtjvqr.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\mifwnxrkkw.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\zineb.lnk
[10/07/2009 - 09:57:44 | D] - O:\LAN_Vista64_Vista(6218)(G41)
[15/06/2014 - 12:04:56 | SHD] - O:\System Volume Information
################## | Vaccin |
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
N:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
O:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |
Zapoj do PC všechny používané USB klíče (flashky, ext. disky apod.)
Máš na těch fleškách nějaká důležitá osobní data? raději bych je zálohoval a flešky formátoval 
Ten OTM se mi nedařilo spustit, místo toho vždycky zmizel, tak jsem ho stáhnul a hned překopčil na plochu, spustil jako administrátor, kopnul tam ten skript a hle - objevila se mi tapeta na ploše a jinak z ní vše zmizelo. NIc se nestalo, tudíž není ani log.