Skryté položky na USB kľúči

Zpráva

M95M · #1 Příspěvek od **M95M** » 03 pro 2012 17:01

Potrebujem pomoc s mojím USB kľúčom, dostal sa mi tam vírus, ktorý označil všetky zložky na ňom ako skryté. Snažil som sa ich odkryť, ale nemal som k nim prístup (iba čítať). Vírus mi zmazal ESET. Pri ďalšom vložení USB, boli položky viditeľné iba v Total Commanderi. Pri ďalšom vložení kľúča už neboli v žiadnom programe viditeľné. Bohužiaľ som zo začiatku nemal čas zálohovať tie súbory a teraz sa k nim nemám ako dostať. USB je plné, ale takmer všetko je skryté. Prosím Vás o pomoc, potrebujem súrne tie súbory, čo na ňom boli a nemám sa k nim ako dostať. Ak existuje nejaký prehliadač, cez ktorý by som to skopíroval, alebo ak by ste ma odkázali na inú tému, bol by som Vám vďačný.

#2 Příspěvek od **vyosek** » 03 pro 2012 17:25

Zdravim

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

M95M · #3 Příspěvek od **M95M** » 03 pro 2012 18:37

Po prebehnutí programu USBFix sa vytvorili na USB kľúči zástupcovia zložiek a dá sa medzi nimi prechádzať. Myslím že na zálohovanie to zatial stačí, potom ho formátujem. Ďakujem za pomoc

Obrázek

RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Milan at 2012-12-03 18:26:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (59%) free of 29 GB
Total RAM: 503 MB (34% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\8sgd80al.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.110 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-01-12 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-01-12 688218]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-07-15 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-07-15 118784]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-03-07 77824]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2012-11-17 102400]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-07-15 344064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Flat Out 2\flatout2.exe"="E:\Flat Out 2\flatout2.exe:*:Enabled:flatout2"
"C:\Documents and Settings\Milan\Desktop\Counter-Strike\hl.exe"="C:\Documents and Settings\Milan\Desktop\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-12-03 18:26:39 ----D---- C:\Program Files\trend micro
2012-12-03 18:26:38 ----D---- C:\rsit
2012-11-29 18:40:33 ----D---- C:\Documents and Settings\Milan\Application Data\vlc
2012-11-29 18:36:49 ----D---- C:\Program Files\VideoLAN
2012-11-27 20:09:13 ----D---- C:\Documents and Settings\Milan\Application Data\Macromedia
2012-11-27 20:09:11 ----D---- C:\Documents and Settings\Milan\Application Data\Adobe
2012-11-27 20:07:57 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-11-25 17:30:56 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2012-11-25 17:30:55 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2012-11-25 17:30:55 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2012-11-25 17:30:54 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2012-11-25 17:30:54 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2012-11-25 17:30:53 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2012-11-25 17:30:53 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2012-11-25 17:30:52 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2012-11-25 17:30:52 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2012-11-25 17:30:52 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2012-11-25 17:30:51 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2012-11-25 17:30:51 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2012-11-25 17:30:50 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2012-11-25 17:30:50 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2012-11-25 17:30:49 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2012-11-25 17:30:49 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2012-11-25 17:30:49 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2012-11-25 17:30:48 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2012-11-25 17:30:48 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2012-11-25 17:30:47 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2012-11-25 17:30:47 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2012-11-25 17:30:46 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2012-11-25 17:30:46 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2012-11-25 17:30:46 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2012-11-25 17:30:45 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2012-11-25 17:30:45 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2012-11-25 17:30:44 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2012-11-25 17:30:44 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2012-11-25 17:30:44 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2012-11-25 17:30:43 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2012-11-25 17:30:43 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2012-11-25 17:30:42 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2012-11-25 17:30:42 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2012-11-25 17:30:42 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2012-11-25 17:30:41 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2012-11-25 17:30:40 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2012-11-25 17:30:40 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2012-11-25 17:30:39 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2012-11-25 17:30:39 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2012-11-25 17:30:39 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2012-11-25 17:30:38 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2012-11-25 17:30:37 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2012-11-25 17:30:37 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2012-11-25 17:30:36 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2012-11-25 17:30:36 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2012-11-25 17:30:35 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2012-11-25 17:30:35 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2012-11-25 17:30:35 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2012-11-25 17:30:34 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2012-11-25 17:30:34 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2012-11-25 17:30:34 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2012-11-25 17:30:34 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2012-11-25 17:30:33 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2012-11-25 17:30:33 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2012-11-25 17:30:30 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2012-11-25 17:30:25 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2012-11-25 17:30:25 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2012-11-25 17:30:22 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2012-11-25 17:30:21 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2012-11-25 17:30:19 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2012-11-25 17:30:18 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2012-11-25 17:30:17 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2012-11-25 17:30:17 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2012-11-25 17:30:17 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2012-11-25 17:30:16 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2012-11-25 17:30:16 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2012-11-25 17:30:15 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2012-11-25 17:30:15 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2012-11-25 17:30:13 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2012-11-25 17:30:12 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2012-11-25 17:30:11 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2012-11-25 17:30:11 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2012-11-25 17:30:11 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2012-11-25 17:30:10 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2012-11-25 17:30:10 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2012-11-25 17:30:09 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2012-11-25 17:30:08 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2012-11-25 17:30:07 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2012-11-25 17:30:04 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2012-11-25 17:29:35 ----D---- C:\WINDOWS\Logs
2012-11-25 16:58:09 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2012-11-24 10:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2012-11-24 10:39:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219-v2$
2012-11-20 20:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2012-11-20 20:54:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2012-11-20 20:54:17 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2012-11-20 20:53:55 ----D---- C:\WINDOWS\WBEM
2012-11-20 20:52:28 ----HDC---- C:\WINDOWS\ie8
2012-11-20 20:51:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2012-11-20 20:51:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2012-11-20 20:51:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2012-11-20 20:51:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2012-11-20 20:51:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2012-11-20 20:51:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2012-11-20 20:51:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2012-11-20 20:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2012-11-20 20:51:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2012-11-20 20:50:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2012-11-20 20:50:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-11-20 20:50:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-11-20 20:50:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-11-20 20:50:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2012-11-20 20:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-11-20 20:50:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2012-11-20 20:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2012-11-20 20:49:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2012-11-20 20:49:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2012-11-20 20:49:43 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2012-11-20 20:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2012-11-20 20:49:29 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2012-11-20 20:49:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2012-11-20 20:49:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-11-20 20:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2012-11-20 20:49:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2012-11-20 20:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2012-11-20 20:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2012-11-20 20:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2012-11-20 20:48:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2012-11-20 20:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-11-20 20:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2012-11-20 20:48:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
2012-11-20 20:48:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2012-11-20 20:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2012-11-20 20:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2012-11-20 20:47:54 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2012-11-20 20:47:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2012-11-20 20:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2012-11-20 20:47:38 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2012-11-20 20:47:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2510581$
2012-11-20 20:47:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2012-11-20 20:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2012-11-20 20:47:13 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2012-11-20 20:47:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2012-11-20 20:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2012-11-20 20:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2012-11-20 20:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2012-11-20 20:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2012-11-20 20:46:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2012-11-20 20:46:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2012-11-20 20:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2012-11-20 20:46:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-11-20 20:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2012-11-20 20:45:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2756822$
2012-11-20 20:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2012-11-20 20:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2012-11-20 20:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2012-11-20 20:45:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2012-11-20 20:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2012-11-20 20:45:04 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2012-11-20 20:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2012-11-20 20:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2012-11-20 20:44:47 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2012-11-20 20:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2012-11-20 20:44:36 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2012-11-20 20:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2507618$
2012-11-20 20:44:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-11-20 20:44:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2012-11-20 20:44:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2012-11-20 20:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2012-11-20 20:43:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2012-11-20 20:43:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-11-20 20:43:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2012-11-20 20:43:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2012-11-20 20:43:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2012-11-20 20:43:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2012-11-20 20:43:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2012-11-20 20:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2012-11-20 20:42:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2012-11-20 20:42:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2012-11-20 20:42:44 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2012-11-20 20:42:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2012-11-20 20:42:34 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2012-11-20 20:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2012-11-20 20:42:21 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2012-11-20 20:42:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135-v2$
2012-11-20 20:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2012-11-20 20:42:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2012-11-20 20:41:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2012-11-20 20:41:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$
2012-11-20 20:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2761226$
2012-11-20 20:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2012-11-20 20:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2012-11-20 20:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2012-11-20 20:41:04 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2012-11-20 20:40:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2744842$
2012-11-20 20:40:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2544521$
2012-11-20 20:40:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2012-11-20 20:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2012-11-20 20:40:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2012-11-20 20:40:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2012-11-20 20:40:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2012-11-20 20:40:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-11-20 20:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-11-20 20:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2012-11-20 20:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2012-11-20 20:39:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2012-11-20 20:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2012-11-20 20:32:20 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2012-11-20 20:20:39 ----N---- C:\WINDOWS\system32\browserchoice.exe
2012-11-20 18:49:09 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-11-20 18:47:56 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2012-11-20 17:57:17 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2012-11-20 17:57:12 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2012-11-19 19:41:10 ----D---- C:\WINDOWS\system32\PreInstall
2012-11-19 19:41:09 ----N---- C:\WINDOWS\system32\spmsg.dll
2012-11-19 19:41:09 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2012-11-19 19:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2012-11-19 19:41:07 ----HD---- C:\WINDOWS\$hf_mig$
2012-11-19 18:17:00 ----ASH---- C:\hiberfil.sys
2012-11-19 17:58:50 ----D---- C:\Program Files\Google
2012-11-17 19:40:52 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2012-11-17 19:40:36 ----A---- C:\WINDOWS\system32\drivers\USBSTOR.SYS
2012-11-17 19:33:37 ----SHD---- C:\RECYCLER
2012-11-17 18:54:34 ----D---- C:\Documents and Settings\Milan\Application Data\Mozilla
2012-11-17 18:54:27 ----D---- C:\Documents and Settings\All Users\Application Data\Mozilla
2012-11-17 18:54:26 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-11-17 18:54:20 ----D---- C:\Program Files\Mozilla Firefox
2012-11-17 17:48:02 ----RHD---- C:\Documents and Settings\All Users\Application Data\Atheros
2012-11-17 17:47:22 ----A---- C:\WINDOWS\system32\drivers\athuw.sys
2012-11-17 17:47:22 ----A---- C:\WINDOWS\system32\athuw.sys
2012-11-17 17:47:19 ----HD---- C:\Program Files\InstallShield Installation Information
2012-11-17 17:46:26 ----D---- C:\Documents and Settings\All Users\Application Data\TP-LINK
2012-11-17 17:39:54 ----D---- C:\Documents and Settings\Milan\Application Data\Identities
2012-11-17 17:39:47 ----HD---- C:\Program Files\Uninstall Information
2012-11-17 17:39:35 ----ASH---- C:\Documents and Settings\Milan\Application Data\desktop.ini
2012-11-17 17:39:33 ----SD---- C:\Documents and Settings\Milan\Application Data\Microsoft
2012-11-17 17:37:29 ----D---- C:\WINDOWS\SoftwareDistribution
2012-11-17 17:37:27 ----D---- C:\WINDOWS\Prefetch
2012-11-17 17:37:26 ----SD---- C:\WINDOWS\system32\Microsoft
2012-11-17 17:37:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-11-17 17:35:57 ----AS---- C:\WINDOWS\bootstat.dat
2012-11-17 17:32:33 ----D---- C:\WINDOWS\system32\xircom
2012-11-17 17:32:33 ----D---- C:\Program Files\xerox
2012-11-17 17:32:33 ----D---- C:\Program Files\microsoft frontpage
2012-11-17 17:32:04 ----RASH---- C:\MSDOS.SYS
2012-11-17 17:32:04 ----RASH---- C:\IO.SYS
2012-11-17 17:32:04 ----A---- C:\WINDOWS\control.ini
2012-11-17 17:32:04 ----A---- C:\CONFIG.SYS
2012-11-17 17:32:04 ----A---- C:\AUTOEXEC.BAT
2012-11-17 17:31:44 ----A---- C:\WINDOWS\OEWABLog.txt
2012-11-17 17:31:38 ----A---- C:\WINDOWS\system32\mapi32.dll
2012-11-17 17:30:12 ----RD---- C:\WINDOWS\Offline Web Pages
2012-11-17 17:30:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-11-17 17:29:55 ----HD---- C:\Program Files\WindowsUpdate
2012-11-17 17:29:27 ----D---- C:\WINDOWS\system32\DirectX
2012-11-17 17:29:22 ----A---- C:\WINDOWS\system32\atrace.dll
2012-11-17 17:29:19 ----A---- C:\WINDOWS\system32\desktop.ini
2012-11-17 17:29:19 ----A---- C:\WINDOWS\desktop.ini
2012-11-17 17:29:12 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2012-11-17 17:29:11 ----A---- C:\WINDOWS\system32\acctres.dll
2012-11-17 17:29:10 ----D---- C:\Program Files\Common Files\Services
2012-11-17 17:29:08 ----SD---- C:\WINDOWS\Tasks
2012-11-17 17:29:08 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2012-11-17 17:29:07 ----D---- C:\Program Files\Common Files\MSSoap
2012-11-17 17:29:02 ----D---- C:\WINDOWS\srchasst
2012-11-17 17:29:01 ----D---- C:\WINDOWS\system32\Macromed
2012-11-17 17:28:58 ----A---- C:\WINDOWS\system32\wuweb.dll
2012-11-17 17:28:58 ----A---- C:\WINDOWS\system32\wups.dll
2012-11-17 17:28:58 ----A---- C:\WINDOWS\system32\wucltui.dll
2012-11-17 17:28:58 ----A---- C:\WINDOWS\system32\wuauserv.dll
2012-11-17 17:28:58 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2012-11-17 17:28:58 ----A---- C:\WINDOWS\system32\wuaueng.dll
2012-11-17 17:28:58 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2012-11-17 17:28:58 ----A---- C:\WINDOWS\system32\wuauclt.exe
2012-11-17 17:28:58 ----A---- C:\WINDOWS\system32\wuapi.dll
2012-11-17 17:28:57 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2012-11-17 17:28:57 ----A---- C:\WINDOWS\system32\qmgr.dll
2012-11-17 17:28:57 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2012-11-17 17:28:57 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2012-11-17 17:28:57 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2012-11-17 17:28:53 ----D---- C:\Program Files\Movie Maker
2012-11-17 17:28:34 ----A---- C:\WINDOWS\system32\safrslv.dll
2012-11-17 17:28:34 ----A---- C:\WINDOWS\system32\safrdm.dll
2012-11-17 17:28:34 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2012-11-17 17:28:34 ----A---- C:\WINDOWS\system32\racpldlg.dll
2012-11-17 17:28:26 ----A---- C:\WINDOWS\system32\fltMc.exe
2012-11-17 17:28:26 ----A---- C:\WINDOWS\system32\fltlib.dll
2012-11-17 17:28:26 ----A---- C:\WINDOWS\system32\drivers\fltMgr.sys
2012-11-17 17:28:24 ----D---- C:\WINDOWS\system32\Restore
2012-11-17 17:28:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2012-11-17 17:28:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2012-11-17 17:28:24 ----A---- C:\WINDOWS\system32\srclient.dll
2012-11-17 17:28:24 ----A---- C:\WINDOWS\system32\drivers\sr.sys
2012-11-17 17:28:23 ----A---- C:\WINDOWS\system32\mnmdd.dll
2012-11-17 17:28:23 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2012-11-17 17:28:23 ----A---- C:\WINDOWS\system32\ils.dll
2012-11-17 17:28:22 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2012-11-17 17:28:22 ----A---- C:\WINDOWS\system32\msconf.dll
2012-11-17 17:28:22 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2012-11-17 17:28:17 ----D---- C:\Program Files\NetMeeting
2012-11-17 17:28:17 ----A---- C:\WINDOWS\system32\msoert2.dll
2012-11-17 17:28:16 ----A---- C:\WINDOWS\system32\msoeacct.dll
2012-11-17 17:28:14 ----A---- C:\WINDOWS\system32\inetres.dll
2012-11-17 17:28:13 ----A---- C:\WINDOWS\system32\inetcomm.dll
2012-11-17 17:28:09 ----D---- C:\Program Files\Outlook Express
2012-11-17 17:28:09 ----A---- C:\WINDOWS\system32\schedsvc.dll
2012-11-17 17:28:09 ----A---- C:\WINDOWS\system32\mstinit.exe
2012-11-17 17:28:09 ----A---- C:\WINDOWS\system32\mstask.dll
2012-11-17 17:28:08 ----A---- C:\WINDOWS\system32\icwphbk.dll
2012-11-17 17:28:08 ----A---- C:\WINDOWS\system32\icwdial.dll
2012-11-17 17:28:07 ----A---- C:\WINDOWS\system32\isign32.dll
2012-11-17 17:28:07 ----A---- C:\WINDOWS\system32\inetcfg.dll
2012-11-17 17:27:57 ----D---- C:\Program Files\Common Files\System
2012-11-17 17:27:53 ----D---- C:\Program Files\Internet Explorer
2012-11-17 17:27:16 ----A---- C:\WINDOWS\system32\emptyregdb.dat
2012-11-17 17:27:01 ----D---- C:\Program Files\ComPlus Applications
2012-11-17 17:26:57 ----A---- C:\WINDOWS\vbaddin.ini
2012-11-17 17:26:57 ----A---- C:\WINDOWS\vb.ini
2012-11-17 17:26:50 ----D---- C:\WINDOWS\Registration
2012-11-17 17:26:38 ----D---- C:\Program Files\Windows Media Player
2012-11-17 17:26:38 ----D---- C:\Program Files\Online Services
2012-11-17 17:26:28 ----D---- C:\Program Files\Messenger
2012-11-17 17:26:25 ----D---- C:\Program Files\MSN Gaming Zone
2012-11-17 17:26:25 ----A---- C:\WINDOWS\system32\write.exe
2012-11-17 17:26:17 ----A---- C:\WINDOWS\system32\sndvol32.exe
2012-11-17 17:26:17 ----A---- C:\WINDOWS\system32\hticons.dll
2012-11-17 17:26:17 ----A---- C:\WINDOWS\system32\avwav.dll
2012-11-17 17:26:17 ----A---- C:\WINDOWS\system32\avmeter.dll
2012-11-17 17:26:16 ----A---- C:\WINDOWS\system32\winchat.exe
2012-11-17 17:26:16 ----A---- C:\WINDOWS\system32\avtapi.dll
2012-11-17 17:26:10 ----A---- C:\WINDOWS\system32\sol.exe
2012-11-17 17:26:10 ----A---- C:\WINDOWS\system32\charmap.exe
2012-11-17 17:26:10 ----A---- C:\WINDOWS\system32\getuname.dll
2012-11-17 17:26:10 ----A---- C:\WINDOWS\system32\calc.exe
2012-11-17 17:26:09 ----A---- C:\WINDOWS\system32\winmine.exe
2012-11-17 17:26:09 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2012-11-17 17:26:09 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2012-11-17 17:26:09 ----A---- C:\WINDOWS\system32\tslabels.ini
2012-11-17 17:26:09 ----A---- C:\WINDOWS\system32\tskill.exe
2012-11-17 17:26:09 ----A---- C:\WINDOWS\system32\reset.exe
2012-11-17 17:26:09 ----A---- C:\WINDOWS\system32\mshearts.exe
2012-11-17 17:26:09 ----A---- C:\WINDOWS\system32\freecell.exe
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\tscon.exe
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\shadow.exe
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\rwinsta.exe
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\regini.exe
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\qwinsta.exe
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\qappsrv.exe
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\msg.exe
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\logoff.exe
2012-11-17 17:26:08 ----A---- C:\WINDOWS\system32\cdmodem.dll
2012-11-17 17:26:02 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2012-11-17 17:25:42 ----D---- C:\Program Files\MSN
2012-11-17 17:25:40 ----A---- C:\WINDOWS\system32\accwiz.exe
2012-11-17 17:25:39 ----A---- C:\WINDOWS\system32\sndrec32.exe
2012-11-17 17:25:39 ----A---- C:\WINDOWS\system32\mplay32.exe
2012-11-17 17:25:38 ----A---- C:\WINDOWS\system32\hypertrm.dll
2012-11-17 17:25:37 ----D---- C:\Program Files\Windows NT
2012-11-17 17:25:37 ----A---- C:\WINDOWS\system32\mspaint.exe
2012-11-17 17:25:36 ----A---- C:\WINDOWS\system32\clipbrd.exe
2012-11-17 17:25:35 ----A---- C:\WINDOWS\system32\spider.exe
2012-11-17 17:25:34 ----D---- C:\WINDOWS\system32\en-US
2012-11-17 17:25:34 ----A---- C:\WINDOWS\system32\drivers\tdtcp.sys
2012-11-17 17:25:34 ----A---- C:\WINDOWS\system32\drivers\tdpipe.sys
2012-11-17 17:25:34 ----A---- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-11-17 17:25:33 ----A---- C:\WINDOWS\system32\tsgqec.dll
2012-11-17 17:25:33 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2012-11-17 17:25:33 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2012-11-17 17:25:32 ----A---- C:\WINDOWS\system32\aaclient.dll
2012-11-17 17:25:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2012-11-17 17:25:30 ----A---- C:\WINDOWS\system32\mstsc.exe
2012-11-17 17:25:29 ----A---- C:\WINDOWS\system32\sessmgr.exe
2012-11-17 17:25:29 ----A---- C:\WINDOWS\system32\remotepg.dll
2012-11-17 17:25:29 ----A---- C:\WINDOWS\system32\rdshost.exe
2012-11-17 17:25:29 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2012-11-17 17:25:29 ----A---- C:\WINDOWS\system32\rdchost.dll
2012-11-17 17:25:28 ----A---- C:\WINDOWS\system32\termsrv.dll
2012-11-17 17:25:28 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2012-11-17 17:25:28 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2012-11-17 17:25:28 ----A---- C:\WINDOWS\system32\rdpclip.exe
2012-11-17 17:25:28 ----A---- C:\WINDOWS\system32\qprocess.exe
2012-11-17 17:25:27 ----D---- C:\WINDOWS\system32\MsDtc
2012-11-17 17:25:27 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2012-11-17 17:25:27 ----A---- C:\WINDOWS\system32\icaapi.dll
2012-11-17 17:25:27 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2012-11-17 17:25:26 ----A---- C:\WINDOWS\system32\mtxoci.dll
2012-11-17 17:25:26 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2012-11-17 17:25:25 ----A---- C:\WINDOWS\system32\xolehlp.dll
2012-11-17 17:25:25 ----A---- C:\WINDOWS\system32\msdtctm.dll
2012-11-17 17:25:25 ----A---- C:\WINDOWS\system32\msdtclog.dll
2012-11-17 17:25:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2012-11-17 17:25:23 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2012-11-17 17:25:23 ----A---- C:\WINDOWS\system32\mtxex.dll
2012-11-17 17:25:23 ----A---- C:\WINDOWS\system32\mtxdm.dll
2012-11-17 17:25:23 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2012-11-17 17:25:22 ----D---- C:\WINDOWS\system32\Com
2012-11-17 17:25:22 ----A---- C:\WINDOWS\system32\stclient.dll
2012-11-17 17:25:22 ----A---- C:\WINDOWS\system32\comrepl.dll
2012-11-17 17:25:22 ----A---- C:\WINDOWS\system32\comaddin.dll
2012-11-17 17:25:22 ----A---- C:\WINDOWS\system32\colbact.dll
2012-11-17 17:25:21 ----A---- C:\WINDOWS\system32\clbcatex.dll
2012-11-17 17:25:21 ----A---- C:\WINDOWS\system32\catsrvps.dll
2012-11-17 17:25:20 ----A---- C:\WINDOWS\system32\catsrvut.dll
2012-11-17 17:25:20 ----A---- C:\WINDOWS\system32\catsrv.dll
2012-11-17 17:25:19 ----A---- C:\WINDOWS\system32\comuid.dll
2012-11-17 17:25:19 ----A---- C:\WINDOWS\system32\comsvcs.dll
2012-11-17 17:25:18 ----A---- C:\WINDOWS\system32\comsnap.dll
2012-11-17 17:25:18 ----A---- C:\WINDOWS\system32\clbcatq.dll
2012-11-17 17:25:06 ----A---- C:\WINDOWS\system32\servdeps.dll
2012-11-17 17:25:06 ----A---- C:\WINDOWS\system32\mmfutil.dll
2012-11-17 17:25:06 ----A---- C:\WINDOWS\system32\licwmi.dll
2012-11-17 17:25:05 ----A---- C:\WINDOWS\system32\cmprops.dll
2012-11-17 17:25:01 ----A---- C:\WINDOWS\system32\drivers\rdpdr.sys
2012-11-17 17:25:00 ----A---- C:\WINDOWS\system32\drivers\termdd.sys
2012-11-17 15:54:39 ----D---- C:\WINDOWS\Minidump
2012-11-17 15:27:14 ----RA---- C:\WINDOWS\system32\igfxres.dll
2012-11-17 15:24:51 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-11-17 11:04:06 ----A---- C:\log.txt
2012-11-17 11:03:23 ----A---- C:\WINDOWS\system32\drivers\splitter.sys
2012-11-17 11:03:20 ----A---- C:\WINDOWS\system32\drivers\wdmaud.sys
2012-11-17 11:03:16 ----A---- C:\WINDOWS\system32\drivers\DMusic.sys
2012-11-17 11:03:13 ----A---- C:\WINDOWS\system32\drivers\swmidi.sys
2012-11-17 11:03:08 ----A---- C:\WINDOWS\system32\drivers\aec.sys
2012-11-17 11:03:06 ----D---- C:\Documents and Settings\Milan\Application Data\WinRAR
2012-11-17 11:03:05 ----A---- C:\WINDOWS\system32\drivers\kmixer.sys
2012-11-17 11:03:03 ----A---- C:\WINDOWS\system32\drivers\drmkaud.sys
2012-11-17 11:03:01 ----A---- C:\WINDOWS\system32\drivers\sysaudio.sys
2012-11-17 11:02:58 ----D---- C:\Program Files\WinRAR
2012-11-17 11:02:56 ----A---- C:\WINDOWS\system32\drivers\MSKSSRV.sys
2012-11-17 11:02:54 ----A---- C:\WINDOWS\system32\drivers\MSPQM.sys
2012-11-17 11:02:50 ----A---- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2012-11-17 11:02:13 ----A---- C:\WINDOWS\system32\ksuser.dll
2012-11-17 11:02:13 ----A---- C:\WINDOWS\system32\drivers\portcls.sys
2012-11-17 11:02:10 ----A---- C:\WINDOWS\system32\drivers\drmk.sys
2012-11-17 11:02:00 ----N---- C:\WINDOWS\system32\ChCfg.exe
2012-11-17 11:02:00 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2012-11-17 11:02:00 ----A---- C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2012-11-17 11:02:00 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2012-11-17 11:01:58 ----N---- C:\WINDOWS\alcupd.exe
2012-11-17 11:01:58 ----N---- C:\WINDOWS\alcrmv.exe
2012-11-17 11:01:58 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\igfxzoom.exe
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\igfxtray.exe
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\igfxress.dll
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\igfxhk.dll
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\igfxext.exe
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\igfxexps.dll
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\igfxdo.dll
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\ialmrem.dll
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\ialmgicd.dll
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\ialmgdev.dll
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\iAlmCoIn_v3865.dll
2012-11-17 11:01:06 ----RA---- C:\WINDOWS\system32\hkcmd.exe
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\oemdspif.dll
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\igfxpph.dll
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\igfxeud.dll
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\igfxdiag.exe
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\igfxdgps.dll
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\igfxdev.dll
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\ialmrnt5.dll
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\ialmdnt5.dll
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\ialmdev5.dll
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\ialmdd5.dll
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\hccutils.dll
2012-11-17 11:01:05 ----RA---- C:\WINDOWS\system32\drivers\ialmnt5.sys
2012-11-17 10:46:58 ----D---- C:\WINDOWS\ATK0100
2012-11-17 10:46:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-11-17 10:46:06 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2012-11-17 10:46:06 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2012-11-17 10:46:06 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2012-11-17 10:46:06 ----A---- C:\WINDOWS\system32\drivers\SynTP.sys
2012-11-17 10:46:05 ----D---- C:\Program Files\Synaptics
2012-11-17 10:46:05 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2012-11-17 10:46:05 ----A---- C:\WINDOWS\system32\SynCOM.dll
2012-11-17 10:45:57 ----D---- C:\Program Files\Common Files\InstallShield
2012-11-17 09:49:39 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2012-11-17 09:43:52 ----A---- C:\WINDOWS\system32\drivers\USBDrv.sys
2012-11-17 09:23:46 ----A---- C:\WINDOWS\system32\h323log.txt
2012-11-17 09:19:25 ----A---- C:\WINDOWS\system32\drivers\audstub.sys
2012-11-17 09:18:50 ----A---- C:\WINDOWS\system32\drivers\redbook.sys
2012-11-17 09:18:31 ----A---- C:\WINDOWS\system32\irmon.dll
2012-11-17 09:18:31 ----A---- C:\WINDOWS\system32\irftp.exe
2012-11-17 09:18:31 ----A---- C:\WINDOWS\system32\drivers\rasirda.sys
2012-11-17 09:18:31 ----A---- C:\WINDOWS\system32\drivers\irda.sys
2012-11-17 09:18:30 ----A---- C:\WINDOWS\system32\wshirda.dll
2012-11-17 09:18:29 ----A---- C:\WINDOWS\system32\drivers\irsir.sys
2012-11-17 09:18:08 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2012-11-17 09:17:53 ----A---- C:\WINDOWS\system32\drivers\enum1394.sys
2012-11-17 09:17:45 ----A---- C:\WINDOWS\system32\drivers\compbatt.sys
2012-11-17 09:17:44 ----A---- C:\WINDOWS\system32\drivers\battc.sys
2012-11-17 09:17:43 ----A---- C:\WINDOWS\system32\drivers\CmBatt.sys
2012-11-17 09:17:31 ----A---- C:\WINDOWS\system32\drivers\intelide.sys
2012-11-17 09:17:26 ----A---- C:\WINDOWS\system32\usbui.dll
2012-11-17 09:16:00 ----A---- C:\WINDOWS\imsins.BAK
2012-11-17 09:15:57 ----SHD---- C:\WINDOWS\Installer
2012-11-17 09:15:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-11-17 09:15:55 ----D---- C:\Program Files\Common Files\ODBC
2012-11-17 09:15:55 ----A---- C:\WINDOWS\ODBCINST.INI
2012-11-17 09:15:50 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-11-17 09:15:49 ----RD---- C:\Program Files
2012-11-17 09:15:49 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-11-17 09:15:49 ----D---- C:\Program Files\Common Files
2012-11-17 09:15:45 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2012-11-17 09:15:45 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2012-11-17 09:15:44 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbdur.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbdru.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2012-11-17 09:15:42 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2012-11-17 09:15:40 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2012-11-17 09:15:39 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2012-11-17 09:15:39 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2012-11-17 09:15:39 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2012-11-17 09:15:39 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2012-11-17 09:15:39 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2012-11-17 09:15:39 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2012-11-17 09:15:37 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2012-11-17 09:15:37 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2012-11-17 09:15:37 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2012-11-17 09:15:37 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2012-11-17 09:15:37 ----RA---- C:\WINDOWS\system32\kbdest.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdro.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2012-11-17 09:15:35 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2012-11-17 09:15:28 ----A---- C:\WINDOWS\system32\spxcoins.dll
2012-11-17 09:15:28 ----A---- C:\WINDOWS\system32\irclass.dll
2012-11-17 09:15:28 ----A---- C:\WINDOWS\system32\dgsetup.dll
2012-11-17 09:15:28 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2012-11-17 09:15:27 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2012-11-17 09:15:25 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2012-11-17 09:15:25 ----A---- C:\WINDOWS\TASKMAN.EXE
2012-11-17 09:15:25 ----A---- C:\WINDOWS\system32\drivers\irenum.sys
2012-11-17 09:15:24 ----A---- C:\WINDOWS\system32\batt.dll
2012-11-17 09:15:23 ----A---- C:\WINDOWS\NOTEPAD.EXE
2012-11-17 09:15:22 ----A---- C:\WINDOWS\system32\storprop.dll
2012-11-17 09:15:11 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2012-11-17 09:15:06 ----RA---- C:\WINDOWS\SET8.tmp
2012-11-17 09:15:02 ----RA---- C:\WINDOWS\SET4.tmp
2012-11-17 09:15:00 ----RA---- C:\WINDOWS\SET3.tmp
2012-11-17 09:14:52 ----D---- C:\WINDOWS\system32\CatRoot2
2012-11-17 09:14:52 ----D---- C:\WINDOWS\system32\CatRoot
2012-11-17 09:14:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2012-11-17 09:14:09 ----A---- C:\WINDOWS\setuplog.txt
2012-11-17 09:14:03 ----D---- C:\Documents and Settings
2012-11-17 09:14:02 ----SHD---- C:\System Volume Information
2012-11-17 09:14:01 ----A---- C:\WINDOWS\system32\FNTCACHE.DAT
2012-11-17 09:13:05 ----SH---- C:\boot.ini
2012-11-17 09:09:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-11-17 09:09:08 ----RSD---- C:\WINDOWS\Fonts
2012-11-17 09:09:08 ----RD---- C:\WINDOWS\Web
2012-11-17 09:09:08 ----HD---- C:\WINDOWS\inf
2012-11-17 09:09:08 ----D---- C:\WINDOWS\WinSxS
2012-11-17 09:09:08 ----D---- C:\WINDOWS\twain_32
2012-11-17 09:09:08 ----D---- C:\WINDOWS\Temp
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\wins
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\wbem
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\usmt
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\spool
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\ShellExt
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\Setup
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\scripting
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\ras
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\oobe
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\npp
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\mui
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\inetsrv
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\IME
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\icsxml
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\ias
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\export
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\en
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\drivers\etc
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\drivers\disdn
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\drivers
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\dhcp
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\config
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\3com_dmi
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\3076
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\2052
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\1054
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\1042
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\1041
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\1037
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\1033
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\1031
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\1028
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32\1025
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system32
2012-11-17 09:09:08 ----D---- C:\WINDOWS\system
2012-11-17 09:09:08 ----D---- C:\WINDOWS\security
2012-11-17 09:09:08 ----D---- C:\WINDOWS\Resources
2012-11-17 09:09:08 ----D---- C:\WINDOWS\repair
2012-11-17 09:09:08 ----D---- C:\WINDOWS\Provisioning
2012-11-17 09:09:08 ----D---- C:\WINDOWS\pchealth
2012-11-17 09:09:08 ----D---- C:\WINDOWS\PeerNet
2012-11-17 09:09:08 ----D---- C:\WINDOWS\Network Diagnostic
2012-11-17 09:09:08 ----D---- C:\WINDOWS\mui
2012-11-17 09:09:08 ----D---- C:\WINDOWS\msapps
2012-11-17 09:09:08 ----D---- C:\WINDOWS\msagent
2012-11-17 09:09:08 ----D---- C:\WINDOWS\Media
2012-11-17 09:09:08 ----D---- C:\WINDOWS\L2Schemas
2012-11-17 09:09:08 ----D---- C:\WINDOWS\java
2012-11-17 09:09:08 ----D---- C:\WINDOWS\ime
2012-11-17 09:09:08 ----D---- C:\WINDOWS\Help
2012-11-17 09:09:08 ----D---- C:\WINDOWS\ehome
2012-11-17 09:09:08 ----D---- C:\WINDOWS\Driver Cache
2012-11-17 09:09:08 ----D---- C:\WINDOWS\Debug
2012-11-17 09:09:08 ----D---- C:\WINDOWS\Cursors
2012-11-17 09:09:08 ----D---- C:\WINDOWS\Connection Wizard
2012-11-17 09:09:08 ----D---- C:\WINDOWS\Config
2012-11-17 09:09:08 ----D---- C:\WINDOWS\AppPatch
2012-11-17 09:09:08 ----D---- C:\WINDOWS\addins
2012-11-17 09:09:08 ----D---- C:\WINDOWS
2012-11-17 09:09:08 ----ASH---- C:\pagefile.sys

======List of files/folders modified in the last 1 month======

2012-11-17 17:32:04 ----A---- C:\WINDOWS\win.ini
2012-11-17 17:31:16 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2012-11-17 09:15:48 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-03-07 2310272]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\DOCUME~1\Milan\MYDOCU~1\PREBER~1\ATK_XP~1\ASNDIS5.SYS []
R3 BCM43XX;ASUS 802.11 - ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-07-15 724221]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2012-11-17 5632]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-01-12 185824]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 AR9271;Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athuw.sys [2011-07-28 1763584]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbUDisc;usbUDisc; C:\WINDOWS\system32\DRIVERS\USBDrv.sys [2012-11-19 13824]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-19 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 250808]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-11-19 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-24 115168]

-----------------EOF-----------------

USB FIX:

############################## | UsbFix V 7.096 | [Deletion]

User: Milan (Administrator) # NOTAS
Updated 15/08/2012 by El Desaparecido
Started at 18:27:09 | 03/12/2012

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: ASUSTeK Computer Inc. (A3L ) (X86-based PC) # Notebook
CPU: Intel(R) Celeron(R) M processor 1400MHz (1400)
RAM -> [Total : 503 | Free : 291]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 28 Gb (17 Mb free - 59%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 7 Gb (209 Mb free - 3%) [USB] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (700)
C:\WINDOWS\system32\csrss.exe (764)
C:\WINDOWS\system32\winlogon.exe (788)
C:\WINDOWS\system32\services.exe (832)
C:\WINDOWS\system32\lsass.exe (844)
C:\WINDOWS\system32\svchost.exe (992)
C:\WINDOWS\system32\svchost.exe (1072)
C:\WINDOWS\System32\svchost.exe (1112)
C:\WINDOWS\system32\svchost.exe (1156)
C:\WINDOWS\system32\svchost.exe (1348)
C:\WINDOWS\Explorer.EXE (1604)
C:\WINDOWS\system32\spoolsv.exe (1824)
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (200)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (228)
C:\WINDOWS\system32\igfxtray.exe (240)
C:\WINDOWS\system32\hkcmd.exe (180)
C:\WINDOWS\SOUNDMAN.EXE (272)
C:\WINDOWS\ATK0100\HControl.exe (736)
C:\WINDOWS\system32\ctfmon.exe (740)
C:\WINDOWS\system32\svchost.exe (452)
C:\WINDOWS\system32\wuauclt.exe (1720)
C:\WINDOWS\system32\wscntfy.exe (1736)
C:\WINDOWS\System32\alg.exe (2336)
C:\WINDOWS\ATK0100\ATKOSD.exe (2696)
C:\WINDOWS\system32\wbem\wmiprvse.exe (2192)
C:\UsbFix\Go.exe (2496)

################## | Stopped processes |

Stopped! C:\WINDOWS\Explorer.EXE (1604)
Stopped! C:\WINDOWS\system32\spoolsv.exe (1824)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (200)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (228)
Stopped! C:\WINDOWS\system32\igfxtray.exe (240)
Stopped! C:\WINDOWS\system32\hkcmd.exe (180)
Stopped! C:\WINDOWS\SOUNDMAN.EXE (272)
Stopped! C:\WINDOWS\ATK0100\HControl.exe (736)
Stopped! C:\WINDOWS\system32\ctfmon.exe (740)
Stopped! C:\WINDOWS\system32\wuauclt.exe (1720)
Stopped! C:\WINDOWS\system32\wscntfy.exe (1736)
Stopped! C:\WINDOWS\System32\alg.exe (2336)
Stopped! C:\WINDOWS\ATK0100\ATKOSD.exe (2696)

################## | Files # Infected Folders |

Deleted ! E:\Igo.lnk
Deleted ! E:\LOST.DIR.lnk
Deleted ! E:\Pokus.lnk
Deleted ! E:\Tor Browser.lnk
Deleted ! E:\Counter-Strike.lnk
Deleted ! E:\Flat Out 2.lnk
Deleted ! E:\Informa.lnk
Deleted ! E:\Zaloha.lnk
Deleted ! C:\Recycler\S-1-5-21-220523388-73586283-1177238915-1003
Deleted ! E:\Recycler\desktop.ini
Deleted ! E:\Recycler\f5399233.exe

(!) Temporary files deleted.

################## | Registry |

################## | Mountpoints2 |

################## | Listing |

[17/11/2012 - 17:32:04 | N | 0] C:\AUTOEXEC.BAT
[17/11/2012 - 17:23:51 | N | 211] C:\boot.ini
[17/11/2012 - 17:32:04 | N | 0] C:\CONFIG.SYS
[17/11/2012 - 17:39:32 | D ] C:\Documents and Settings
[03/12/2012 - 18:24:43 | ASH | 527290368] C:\hiberfil.sys
[17/11/2012 - 17:32:04 | N | 0] C:\IO.SYS
[19/11/2012 - 18:57:32 | N | 9125] C:\log.txt
[17/11/2012 - 17:32:04 | N | 0] C:\MSDOS.SYS
[13/04/2008 - 22:13:04 | N | 47564] C:\NTDETECT.COM
[14/04/2008 - 00:01:44 | N | 250048] C:\ntldr
[03/12/2012 - 18:24:41 | ASH | 792723456] C:\pagefile.sys
[03/12/2012 - 18:26:39 | D ] C:\Program Files
[03/12/2012 - 18:28:20 | SHD ] C:\RECYCLER
[03/12/2012 - 18:26:46 | D ] C:\rsit
[17/11/2012 - 17:37:30 | SHD ] C:\System Volume Information
[03/12/2012 - 18:28:20 | D ] C:\UsbFix
[03/12/2012 - 18:28:21 | A | 3177] C:\UsbFix.txt
[29/11/2012 - 16:23:39 | D ] C:\WINDOWS
[12/11/2012 - 19:59:44 | D ] E:\Igo
[03/12/2012 - 18:25:12 | HD ] E:\RECYCLER
[16/11/2012 - 08:24:44 | D ] E:\LOST.DIR
[17/11/2012 - 09:43:20 | D ] E:\Pokus
[27/10/2012 - 20:50:36 | D ] E:\Tor Browser
[20/11/2012 - 13:10:08 | N | 23921701] E:\tor-browser-2.2.39-5_en-US.exe
[24/11/2012 - 10:52:02 | N | 77523031] E:\installer_r21-windows.exe
[24/11/2012 - 15:40:48 | D ] E:\Counter-Strike
[25/11/2012 - 16:09:24 | D ] E:\Flat Out 2
[24/11/2012 - 10:46:04 | N | 15780622] E:\f5d7000v8_ww_2.00.09.exe
[18/10/2012 - 16:54:12 | D ] E:\Informa
[10/11/2012 - 11:04:28 | D ] E:\Zaloha

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_NOTAS.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.

################## | E.O.F |

M95M · #4 Příspěvek od **M95M** » 03 pro 2012 19:12

Všetky zástupci boli Esetom zmazané.
V druhom počítači mám eset, v tomto nemám žiadny antivír kvôli nedostatku RAM. Nedá sa mi ani naformátovať, kvôli tomu, že ho používa iný proces. Prosím Vás pozrite RSIT, či tam nieje vírus.

#5 Příspěvek od **vyosek** » 03 pro 2012 19:15

Nechte flash disky pripojeny

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

M95M · #6 Příspěvek od **M95M** » 03 pro 2012 20:05

na USB kľúči sa vytvorili súbory s názvom f5399233.exe (na google som našiel popis, že je to vírus) a Desktop.inf , kt. zakaždým vymaže eset. Ale zakaždým sa tam znova nakopírujú.

tu je log z ComboFixu:

ComboFix 12-12-02.01 - Milan 03.12.2012 19:31:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.328 [GMT 1:00]
Running from: c:\documents and settings\Milan\My Documents\Preberanie\ComboFix.exe
* Created a new restore point
.
/wow section not completed
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 17:39 . 2012-12-03 17:39 -------- d-----w- C:\totalcmd
2012-12-03 17:27 . 2012-12-03 17:32 -------- d-----w- C:\UsbFix
2012-12-03 17:26 . 2012-12-03 17:26 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 17:31 . 2012-12-03 17:31 221117 ----a-w- C:\UsbFix_Upload_Me_NOTAS.zip
2012-11-17 10:00 . 2005-02-17 22:07 5632 ----a-w- c:\windows\system32\drivers\ATKACPI.sys
2012-10-22 08:37 . 2008-04-14 00:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2008-04-14 04:42 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-24 17:50 . 2012-11-17 17:54 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-12 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-12 688218]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-15 118784]
"SoundMan"="SOUNDMAN.EXE" [2005-03-07 77824]
"HControl"="c:\windows\ATK0100\HControl.exe" [2012-11-17 102400]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Flat Out 2\\flatout2.exe"=
"c:\\Documents and Settings\\Milan\\Desktop\\Counter-Strike\\hl.exe"=
.
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [17.11.2012 17:47 1763584]
S3 usbUDisc;usbUDisc;c:\windows\system32\drivers\USBDrv.sys [17.11.2012 9:43 13824]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 19:07]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-19 16:58]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-19 16:58]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.12.1
FF - ProfilePath - c:\documents and settings\Milan\Application Data\Mozilla\Firefox\Profiles\8sgd80al.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Ÿ - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-03 19:39
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Vqyuyp = c:\documents and settings\Milan\Application Data\Vqyuyp.exe
.
scanning hidden files ...
.
.
c:\documents and settings\Milan\Application Data\Vqyuyp.exe 282624 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3544)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-12-03 19:44:02
ComboFix-quarantined-files.txt 2012-12-03 18:43
.
Pre-Run: 15 079 931 904 bytes free
Post-Run: 15 121 534 976 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 7BC2CA92784A9F213FF56621847425F7

#7 Příspěvek od **vyosek** » 03 pro 2012 20:10

Jelikoz je i samotne PC zavirovane, tak se i zaliska ta fleska - poresime PC a pak i flash disk

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Collect::
c:\documents and settings\Milan\Application Data\Vqyuyp.exe 
C:\WINDOWS\fonts\desktop.ini

Rootkit::
c:\documents and settings\Milan\Application Data\Vqyuyp.exe 

Registry::
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Vqyuyp"=-

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

M95M · #8 Příspěvek od **M95M** » 03 pro 2012 20:34

Nový log z ComboFixu:

ComboFix 12-12-02.01 - Milan 03.12.2012 20:17:13.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.349 [GMT 1:00]
Running from: c:\documents and settings\Milan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Milan\Desktop\CFScript.txt
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\documents and settings\Milan\Application Data\Vqyuyp.exe
file zipped: c:\windows\fonts\desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 17:39 . 2012-12-03 17:39 -------- d-----w- C:\totalcmd
2012-12-03 17:27 . 2012-12-03 17:32 -------- d-----w- C:\UsbFix
2012-12-03 17:26 . 2012-12-03 17:26 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-03 17:31 . 2012-12-03 17:31 221117 ----a-w- C:\UsbFix_Upload_Me_NOTAS.zip
2012-11-17 10:00 . 2005-02-17 22:07 5632 ----a-w- c:\windows\system32\drivers\ATKACPI.sys
2012-10-22 08:37 . 2008-04-14 00:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2008-04-14 04:42 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-24 17:50 . 2012-11-17 17:54 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-12 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-12 688218]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-15 118784]
"SoundMan"="SOUNDMAN.EXE" [2005-03-07 77824]
"HControl"="c:\windows\ATK0100\HControl.exe" [2012-11-17 102400]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Flat Out 2\\flatout2.exe"=
"c:\\Documents and Settings\\Milan\\Desktop\\Counter-Strike\\hl.exe"=
.
S3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [17.11.2012 17:47 1763584]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\Milan\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Milan\LOCALS~1\Temp\CFcatchme.sys [?]
S3 usbUDisc;usbUDisc;c:\windows\system32\drivers\USBDrv.sys [17.11.2012 9:43 13824]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-27 19:07]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-19 16:58]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-19 16:58]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.12.1
FF - ProfilePath - c:\documents and settings\Milan\Application Data\Mozilla\Firefox\Profiles\8sgd80al.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Vqyuyp - c:\documents and settings\Milan\Application Data\Vqyuyp.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-03 20:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4008)
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-12-03 20:33:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-03 19:33
ComboFix2.txt 2012-12-03 18:44
.
Pre-Run: 15 197 544 448 bytes free
Post-Run: 15 191 011 328 bytes free
.
- - End Of File - - B64D349B9859D241CD0F6FE9655C79B3

#9 Příspěvek od **vyosek** » 03 pro 2012 20:35

Nyni spustte znovu USBFix a volbu delete

M95M · #10 Příspěvek od **M95M** » 03 pro 2012 20:46

Konečne to funguje tak, ako má. Ďakujem za ochotu.
Dáte mi tu link na odinštalovanie combofixu?

############################## | UsbFix V 7.096 | [Deletion]

User: Milan (Administrator) # NOTAS
Updated 15/08/2012 by El Desaparecido
Started at 20:40:38 | 03/12/2012

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: ASUSTeK Computer Inc. (A3L ) (X86-based PC) # Notebook
CPU: Intel(R) Celeron(R) M processor 1400MHz (1400)
RAM -> [Total : 503 | Free : 122]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 28 Gb (15 Mb free - 53%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 7 Gb (209 Mb free - 3%) [USB] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (704)
C:\WINDOWS\system32\winlogon.exe (792)
C:\WINDOWS\system32\services.exe (836)
C:\WINDOWS\system32\lsass.exe (848)
C:\WINDOWS\system32\svchost.exe (996)
C:\WINDOWS\System32\svchost.exe (1112)
C:\WINDOWS\system32\spoolsv.exe (1788)
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (1672)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1688)
C:\WINDOWS\system32\igfxtray.exe (1700)
C:\WINDOWS\system32\hkcmd.exe (1888)
C:\WINDOWS\SOUNDMAN.EXE (1904)
C:\WINDOWS\system32\wscntfy.exe (692)
C:\WINDOWS\explorer.exe (4008)
C:\Program Files\Mozilla Firefox\firefox.exe (2680)
C:\Program Files\Mozilla Firefox\plugin-container.exe (2108)
C:\UsbFix\Go.exe (2052)

################## | Stopped processes |

Stopped! C:\WINDOWS\system32\spoolsv.exe (1788)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (1672)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1688)
Stopped! C:\WINDOWS\system32\igfxtray.exe (1700)
Stopped! C:\WINDOWS\system32\hkcmd.exe (1888)
Stopped! C:\WINDOWS\SOUNDMAN.EXE (1904)
Stopped! C:\WINDOWS\system32\wscntfy.exe (692)
Stopped! C:\WINDOWS\explorer.exe (4008)
Stopped! C:\Program Files\Mozilla Firefox\firefox.exe (2680)
Stopped! C:\Program Files\Mozilla Firefox\plugin-container.exe (2108)

################## | Files # Infected Folders |

Deleted ! E:\Igo.lnk
Deleted ! E:\LOST.DIR.lnk
Deleted ! E:\Pokus.lnk
Deleted ! E:\Tor Browser.lnk
Deleted ! E:\Counter-Strike.lnk
Deleted ! E:\Flat Out 2.lnk
Deleted ! E:\Informa.lnk
Deleted ! E:\Zaloha.lnk
Deleted ! C:\Recycler\S-1-5-21-220523388-73586283-1177238915-1003

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |

################## | Listing |

[17/11/2012 - 17:32:04 | N | 0] C:\AUTOEXEC.BAT
[03/12/2012 - 18:31:27 | RAD ] C:\Autorun.inf
[17/11/2012 - 17:23:51 | N | 211] C:\Boot.bak
[03/12/2012 - 19:29:00 | N | 327] C:\boot.ini
[03/12/2012 - 19:28:59 | D ] C:\cmdcons
[03/08/2004 - 23:00:00 | N | 260272] C:\cmldr
[03/12/2012 - 20:33:05 | N | 5367] C:\ComboFix.txt
[17/11/2012 - 17:32:04 | N | 0] C:\CONFIG.SYS
[17/11/2012 - 17:39:32 | D ] C:\Documents and Settings
[03/12/2012 - 20:28:48 | ASH | 527290368] C:\hiberfil.sys
[17/11/2012 - 17:32:04 | N | 0] C:\IO.SYS
[19/11/2012 - 18:57:32 | N | 9125] C:\log.txt
[17/11/2012 - 17:32:04 | N | 0] C:\MSDOS.SYS
[13/04/2008 - 22:13:04 | N | 47564] C:\NTDETECT.COM
[14/04/2008 - 00:01:44 | N | 250048] C:\ntldr
[03/12/2012 - 20:28:47 | ASH | 792723456] C:\pagefile.sys
[03/12/2012 - 18:26:39 | D ] C:\Program Files
[03/12/2012 - 20:33:08 | D ] C:\Qoobox
[03/12/2012 - 20:41:35 | SHD ] C:\RECYCLER
[03/12/2012 - 18:26:46 | D ] C:\rsit
[17/11/2012 - 17:37:30 | SHD ] C:\System Volume Information
[03/12/2012 - 18:39:22 | D ] C:\totalcmd
[03/12/2012 - 20:41:35 | D ] C:\UsbFix
[03/12/2012 - 20:44:30 | A | 2958] C:\UsbFix.txt
[03/12/2012 - 18:31:33 | N | 221117] C:\UsbFix_Upload_Me_NOTAS.zip
[03/12/2012 - 20:33:07 | D ] C:\WINDOWS
[12/11/2012 - 19:59:44 | D ] E:\Igo
[16/11/2012 - 08:24:44 | D ] E:\LOST.DIR
[17/11/2012 - 09:43:20 | D ] E:\Pokus
[03/12/2012 - 18:31:34 | D ] E:\Autorun.inf
[27/10/2012 - 20:50:36 | D ] E:\Tor Browser
[20/11/2012 - 13:10:08 | N | 23921701] E:\tor-browser-2.2.39-5_en-US.exe
[24/11/2012 - 10:52:02 | N | 77523031] E:\installer_r21-windows.exe
[24/11/2012 - 15:40:48 | D ] E:\Counter-Strike
[25/11/2012 - 16:09:24 | D ] E:\Flat Out 2
[24/11/2012 - 10:46:04 | N | 15780622] E:\f5d7000v8_ww_2.00.09.exe
[18/10/2012 - 16:54:12 | D ] E:\Informa
[10/11/2012 - 11:04:28 | D ] E:\Zaloha

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_NOTAS.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.

################## | E.O.F |

#11 Příspěvek od **vyosek** » 03 pro 2012 20:48

Tak co USB, uz funguje?

M95M · #12 Příspěvek od **M95M** » 03 pro 2012 20:49

funguje, už som si spravil aj zálohu tých vecí

#13 Příspěvek od **vyosek** » 03 pro 2012 20:51

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Skryté položky na USB kľúči

Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči

Re: Skryté položky na USB kľúči