VIRY.CZ

Ahoj Chalani, potreboval by som pomôcť.

Jedná sa o problém s adresárom RECYCLER na USB klúčik mi vždy nakopíruje aj po čerstvom formátovaní USB klúčika na FAT32 adresár RECYCLER a súbor autorun.inf v ktorom sú nejaké znaky. V adresári RECYCLER s náchádza podadresár //S-6-2-84-6840813581-5077771576-562635426-3233 a v ňom *.exe súbor. Prikladám aj Screen z obrazovky. Podotýkam že mám v XP prof. vypnutú funkciu automatického spustenia na všetkých jednotkách. + upravený register.
Po tvrdom vymazaní adresára RECYCLER sa po chvíli znova objaví podadresár s dlhým názvom a v ňom EXE súbor. Dokonca je to horšie pretože potom ako to pomažem sa vytvorí 10 ďalších adresárov s tým istým súborom vo vnútri.
Som už z toho jeleň sakra.

[IMG=http://img338.imageshack.us/img338/5624/kuk1custom.jpg][/IMG]

Uploaded with ImageShack.us

Prikladám LOG z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-01-13 16:51:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (67%) free of 36 GB
Total RAM: 3319 MB (88% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:51:24, on 13. 1. 2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\TurboNote\tbnote.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: TurboNote.lnk = C:\Program Files\TurboNote\tbnote.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6629351531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe

--
End of file - 7404 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-12-27 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-12-27 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-12-27 79856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-03 761948]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2013-01-01 188416]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2013-01-01 983040]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-12 88203]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2013-01-01 512000]
"DrvIcon"=C:\Program Files\Vista Drive Icon\DrvIcon.exe [2008-04-13 49152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"USB Safely Remove"=C:\Program Files\USB Safely Remove\USBSafelyRemove.exe [2013-01-09 3903488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2
"wscsvc"=2
"W32Time"=2
"VSS"=3
"TlntSvr"=3
"srservice"=2
"SkypeUpdate"=2
"SCardSvr"=2
"RemoteRegistry"=2
"ERSvc"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
TurboNote.lnk - C:\Program Files\TurboNote\tbnote.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=3
"Nocmd"=0
"NoDriveTypeAutoRun"=0
"NoAutoUpdate"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\TurboNote\tbnote.exe"="C:\Program Files\TurboNote\tbnote.exe:*:Enabled:TurboNote v3.4"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-01-13 16:51:15 ----D---- C:\Program Files\trend micro
2013-01-13 16:51:14 ----D---- C:\rsit
2013-01-09 08:49:51 ----D---- C:\Documents and Settings\Administrator\Application Data\USBSafelyRemove
2013-01-09 08:49:16 ----D---- C:\Documents and Settings\All Users\Application Data\USBSRService
2013-01-09 08:49:15 ----D---- C:\Program Files\USB Safely Remove
2013-01-03 21:55:34 ----D---- C:\Program Files\Common Files\Designer
2013-01-03 21:55:05 ----D---- C:\WINDOWS\ShellNew
2013-01-03 21:55:01 ----D---- C:\Program Files\Microsoft Office
2013-01-03 20:51:49 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2013-01-03 20:51:49 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2013-01-03 20:51:49 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2013-01-03 20:51:49 ----N---- C:\WINDOWS\system32\pxafs.dll
2013-01-03 20:51:49 ----N---- C:\WINDOWS\system32\drivers\cdralw2k.sys
2013-01-03 20:51:49 ----N---- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2013-01-03 20:51:45 ----D---- C:\Program Files\Winamp
2013-01-02 21:10:47 ----RASHD---- C:\Autorun.inf
2013-01-02 20:11:01 ----D---- C:\Documents and Settings\Administrator\Application Data\IrfanView
2013-01-01 19:31:54 ----SHD---- C:\RECYCLER
2013-01-01 19:27:48 ----N---- C:\MSDOS.SYS
2013-01-01 19:27:48 ----N---- C:\IO.SYS
2013-01-01 19:14:23 ----D---- C:\WINDOWS\temp
2013-01-01 19:09:35 ----A---- C:\WINDOWS\zip.exe
2013-01-01 19:09:35 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-01-01 19:09:35 ----A---- C:\WINDOWS\SWSC.exe
2013-01-01 19:09:35 ----A---- C:\WINDOWS\SWREG.exe
2013-01-01 19:09:35 ----A---- C:\WINDOWS\sed.exe
2013-01-01 19:09:35 ----A---- C:\WINDOWS\PEV.exe
2013-01-01 19:09:35 ----A---- C:\WINDOWS\NIRCMD.exe
2013-01-01 19:09:35 ----A---- C:\WINDOWS\MBR.exe
2013-01-01 19:09:35 ----A---- C:\WINDOWS\grep.exe
2013-01-01 19:08:27 ----SHD---- C:\WINDOWS\CSC
2013-01-01 19:03:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-01-01 18:52:52 ----D---- C:\Qoobox
2013-01-01 17:40:58 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2012-12-31 02:56:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2012-12-31 02:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2012-12-31 01:24:12 ----D---- C:\WINDOWS\ERDNT
2012-12-31 01:21:59 ----D---- C:\Program Files\ERUNT
2012-12-28 13:15:08 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys
2012-12-28 13:15:07 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys
2012-12-28 13:15:06 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys
2012-12-28 13:15:05 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys
2012-12-28 13:15:03 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2012-12-28 13:15:02 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys
2012-12-28 13:15:01 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys
2012-12-28 13:14:54 ----A---- C:\WINDOWS\system32\drivers\USBAUDIO.sys
2012-12-28 13:14:47 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2012-12-28 10:25:29 ----D---- C:\Documents and Settings\All Users\Application Data\IM
2012-12-28 10:24:04 ----D---- C:\Program Files\IncrediMail
2012-12-28 10:24:04 ----D---- C:\Documents and Settings\All Users\Application Data\IncrediMail
2012-12-28 09:33:15 ----D---- C:\WINDOWS\system32\Adobe
2012-12-28 09:32:49 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2012-12-28 09:32:39 ----RD---- C:\Program Files\Skype
2012-12-28 09:32:39 ----D---- C:\Program Files\Common Files\Skype
2012-12-28 09:32:39 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2012-12-28 01:37:33 ----ASH---- C:\pagefile.sys
2012-12-28 01:17:39 ----D---- C:\WINDOWS\pss
2012-12-28 00:37:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2012-12-28 00:37:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2012-12-28 00:37:01 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-27 23:58:15 ----A---- C:\WINDOWS\system32\SYSDRV.DAT
2012-12-27 23:57:41 ----D---- C:\WINDOWS\i386
2012-12-27 21:49:38 ----D---- C:\WINDOWS\system32\appmgmt
2012-12-27 21:44:03 ----D---- C:\Program Files\MSECache
2012-12-27 21:43:35 ----A---- C:\WINDOWS\ODBC.INI
2012-12-27 21:43:13 ----D---- C:\Program Files\Vista Drive Icon
2012-12-27 21:11:29 ----D---- C:\Program Files\FoxitReaderPortable
2012-12-27 21:08:48 ----D---- C:\WINDOWS\Downloaded Installations
2012-12-27 21:04:52 ----D---- C:\Program Files\The KMPlayer
2012-12-27 21:03:14 ----D---- C:\Program Files\CCleaner
2012-12-27 21:00:01 ----A---- C:\WINDOWS\system32\drivers\sptd.sys
2012-12-27 20:59:40 ----D---- C:\Program Files\DAEMON Tools Lite
2012-12-27 20:59:10 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
2012-12-27 20:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2012-12-27 20:53:03 ----D---- C:\Program Files\IrfanView
2012-12-27 20:47:34 ----A---- C:\WINDOWS\system32\drivers\revoflt.sys
2012-12-27 20:47:32 ----D---- C:\Program Files\VS Revo Group
2012-12-27 20:46:51 ----D---- C:\Program Files\Microsoft
2012-12-27 20:43:23 ----D---- C:\Program Files\TurboNote
2012-12-27 20:31:41 ----D---- C:\Documents and Settings\Administrator\Application Data\InterVideo
2012-12-27 20:27:27 ----D---- C:\totalcmd
2012-12-27 20:27:27 ----A---- C:\WINDOWS\UC.PIF
2012-12-27 20:27:27 ----A---- C:\WINDOWS\RAR.PIF
2012-12-27 20:27:27 ----A---- C:\WINDOWS\NOCLOSE.PIF
2012-12-27 20:27:27 ----A---- C:\WINDOWS\LHA.PIF
2012-12-27 20:27:27 ----A---- C:\WINDOWS\ARJ.PIF
2012-12-27 20:26:21 ----D---- C:\Documents and Settings\Administrator\Application Data\Opera
2012-12-27 20:26:15 ----D---- C:\Program Files\Opera
2012-12-27 20:18:21 ----D---- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
2012-12-27 20:17:19 ----D---- C:\WINDOWS\system32\windowspowershell
2012-12-27 20:17:14 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2012-12-27 20:14:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2012-12-27 20:03:51 ----D---- C:\WINDOWS\system32\XPSViewer
2012-12-27 20:03:48 ----D---- C:\Program Files\MSBuild
2012-12-27 20:03:43 ----D---- C:\Program Files\Reference Assemblies
2012-12-27 20:03:12 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2012-12-27 20:03:12 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2012-12-27 20:03:12 ----N---- C:\WINDOWS\system32\prntvpt.dll
2012-12-27 20:03:12 ----D---- C:\5c45a96bfe28effcb33afbb687
2012-12-27 19:56:22 ----A---- C:\Program Files\MicrosoftFixit.IEAddon.exe
2012-12-27 19:48:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$
2012-12-27 19:46:58 ----A---- C:\WINDOWS\system32\MRT.exe
2012-12-27 19:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2012-12-27 19:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2012-12-27 19:46:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2012-12-27 19:46:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2012-12-27 19:46:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2012-12-27 19:45:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219-v2$
2012-12-27 19:45:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135-v2$
2012-12-27 19:45:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$
2012-12-27 19:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2012-12-27 19:45:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2012-12-27 19:45:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
2012-12-27 19:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2012-12-27 19:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2012-12-27 19:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-12-27 19:45:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-12-27 19:45:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-12-27 19:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2012-12-27 19:44:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2012-12-27 19:44:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2012-12-27 19:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2012-12-27 19:44:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-12-27 19:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2646524$
2012-12-27 19:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2012-12-27 19:44:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2012-12-27 19:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-12-27 19:44:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2012-12-27 19:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2012-12-27 19:44:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2012-12-27 19:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2012-12-27 19:43:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2618451$
2012-12-27 19:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2624667$
2012-12-27 19:43:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2012-12-27 19:43:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2012-12-27 19:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2012-12-27 19:43:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2012-12-27 19:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2012-12-27 19:43:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2012-12-27 19:43:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2012-12-27 19:43:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$
2012-12-27 19:43:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2012-12-27 19:43:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2012-12-27 19:43:06 ----D---- C:\WINDOWS\ie8updates
2012-12-27 19:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2012-12-27 19:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2012-12-27 19:42:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2012-12-27 19:42:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2012-12-27 19:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2012-12-27 19:42:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2012-12-27 19:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2012-12-27 19:42:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2012-12-27 19:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2012-12-27 19:42:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2012-12-27 19:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2012-12-27 19:42:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2012-12-27 19:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2012-12-27 19:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2012-12-27 19:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$
2012-12-27 19:41:59 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2012-12-27 19:41:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2012-12-27 19:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2012-12-27 19:41:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2012-12-27 19:41:43 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2012-12-27 19:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2012-12-27 19:41:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2012-12-27 19:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB981322$
2012-12-27 19:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2012-12-27 19:41:26 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2012-12-27 19:41:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2012-12-27 19:41:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2012-12-27 19:41:16 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2012-12-27 19:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2012-12-27 19:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2012-12-27 19:41:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2012-12-27 19:40:59 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2012-12-27 19:40:55 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2012-12-27 19:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2012-12-27 19:40:48 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2012-12-27 19:40:42 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2012-12-27 19:40:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2012-12-27 19:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2012-12-27 19:40:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2012-12-27 19:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2012-12-27 19:40:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2012-12-27 19:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2012-12-27 19:40:15 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2012-12-27 19:40:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2012-12-27 19:40:07 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2012-12-27 19:40:04 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2012-12-27 19:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2012-12-27 19:39:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2012-12-27 19:39:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2012-12-27 19:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2012-12-27 19:39:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2012-12-27 19:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2012-12-27 19:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2012-12-27 19:39:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2012-12-27 19:39:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2012-12-27 19:39:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2012-12-27 19:39:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2012-12-27 19:39:21 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2012-12-27 19:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2012-12-27 19:39:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2012-12-27 19:39:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2012-12-27 19:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2012-12-27 19:37:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2012-12-27 19:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2012-12-27 19:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2012-12-27 19:36:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2012-12-27 19:36:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2012-12-27 19:36:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2012-12-27 19:36:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2012-12-27 19:36:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2012-12-27 19:36:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2012-12-27 19:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2012-12-27 19:32:43 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-12-27 19:29:17 ----N---- C:\WINDOWS\system32\browserchoice.exe
2012-12-27 19:26:27 ----A---- C:\WINDOWS\system32\xpsp4res.dll
2012-12-27 19:16:10 ----D---- C:\WINDOWS\system32\PreInstall
2012-12-27 19:16:08 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2012-12-27 19:13:06 ----A---- C:\WINDOWS\system32\wups2.dll
2012-12-27 19:13:04 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2012-12-27 19:07:20 ----D---- C:\WINDOWS\WBEM
2012-12-27 19:06:55 ----HDC---- C:\WINDOWS\ie8
2012-12-27 19:06:55 ----D---- C:\WINDOWS\system32\sk-SK
2012-12-27 19:06:04 ----N---- C:\WINDOWS\system32\WinFXDocObj.exe
2012-12-27 19:06:04 ----A---- C:\WINDOWS\system32\normaliz.dll
2012-12-27 19:06:04 ----A---- C:\WINDOWS\system32\nlsdl.dll
2012-12-27 19:06:04 ----A---- C:\WINDOWS\system32\msdbg2.dll
2012-12-27 19:06:04 ----A---- C:\WINDOWS\system32\ieudinit.exe
2012-12-27 19:06:04 ----A---- C:\WINDOWS\system32\idndl.dll
2012-12-27 19:06:02 ----N---- C:\WINDOWS\system32\msfeedssync.exe
2012-12-27 19:06:02 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2012-12-27 19:06:02 ----A---- C:\WINDOWS\system32\msfeeds.dll
2012-12-27 19:06:01 ----N---- C:\WINDOWS\system32\ieui.dll
2012-12-27 19:06:01 ----A---- C:\WINDOWS\system32\iertutil.dll
2012-12-27 19:06:00 ----A---- C:\WINDOWS\system32\ieframe.dll
2012-12-27 19:05:58 ----N---- C:\WINDOWS\system32\ieapfltr.dll
2012-12-27 19:05:58 ----N---- C:\WINDOWS\system32\ieapfltr.dat
2012-12-27 19:05:58 ----N---- C:\WINDOWS\system32\icardie.dll
2012-12-27 18:59:04 ----D---- C:\WINDOWS\Prefetch
2012-12-27 18:54:31 ----N---- C:\WINDOWS\system32\msxml6r.dll
2012-12-27 18:54:31 ----A---- C:\WINDOWS\system32\msxml6.dll
2012-12-27 18:54:28 ----N---- C:\WINDOWS\system32\smtpapi.dll
2012-12-27 18:54:28 ----N---- C:\WINDOWS\system32\rwnh.dll
2012-12-27 18:54:28 ----N---- C:\WINDOWS\system32\drivers\irbus.sys
2012-12-27 18:54:28 ----N---- C:\WINDOWS\system32\comsdupd.exe
2012-12-27 18:54:27 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2012-12-27 18:54:27 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2012-12-27 18:54:27 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2012-12-27 18:54:27 ----N---- C:\WINDOWS\system32\aaclient.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\eapsvc.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\eapqec.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\eappprxy.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\eapphost.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\eappgnui.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\eappcfg.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\eapolqec.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\dot3ui.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\dot3svc.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\dot3msm.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\dot3api.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\dimsroam.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\credssp.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\azroles.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\ati3duag.dll
2012-12-27 18:54:26 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\onex.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\napstat.exe
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\napmontr.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\napipsec.dll
2012-12-27 18:54:25 ----N---- C:\WINDOC:\Program Files\IncrediMail\bin\ImpCnt.exeWS\system32\mtxparhd.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\mssha.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\mmcperf.exe
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\kmsvc.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\kbdpash.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2012-12-27 18:54:25 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\wmphoto.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\wlanapi.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\verclsid.exe
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\tzchange.exe
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\tspkg.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\tsgqec.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\slserv.exe
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\slrundll.exe
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\slgen.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\slextspk.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\slcoinst.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\setupn.exe
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\s3gnb.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\rasqec.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\qutil.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\qcliprov.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\qagentrt.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\qagent.dll
2012-12-27 18:54:24 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2012-12-27 18:54:23 ----N---- C:\WINDOWS\slrundll.exe
2012-12-27 18:54:23 ----D---- C:\WINDOWS\system32\scripting
2012-12-27 18:54:23 ----D---- C:\WINDOWS\system32\en-us
2012-12-27 18:54:23 ----D---- C:\WINDOWS\l2schemas
2012-12-27 18:54:23 ----A---- C:\WINDOWS\system32\xmllite.dll
2012-12-27 18:54:22 ----D---- C:\WINDOWS\system32\en
2012-12-27 18:54:22 ----D---- C:\WINDOWS\system32\bits
2012-12-27 18:53:32 ----D---- C:\WINDOWS\ServicePackFiles
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\bthport.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati2mtag.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2012-12-27 18:52:59 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2012-12-27 18:52:59 ----D---- C:\WINDOWS\network diagnostic
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\hidir.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2012-12-27 18:52:58 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2012-12-27 18:52:57 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2012-12-27 18:51:23 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2012-12-27 18:40:39 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2012-12-27 18:26:48 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2012-12-27 18:26:37 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-12-27 18:26:37 ----A---- C:\WINDOWS\system32\deployJava1.dll
2012-12-27 18:26:17 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2012-12-27 18:25:42 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2012-12-27 18:15:17 ----A---- C:\WINDOWS\system32\igfxres.dll
2012-12-27 18:03:42 ----D---- C:\Program Files\Intel
2012-12-27 18:02:54 ----A---- C:\WINDOWS\system32\wmpns.dll
2012-12-27 18:01:56 ----D---- C:\Program Files\Windows Media Connect
2012-12-27 18:01:39 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2012-12-27 18:00:50 ----D---- C:\Program Files\Common Files\TiVo Shared
2012-12-27 18:00:28 ----D---- C:\Program Files\Common Files\SureThing Shared
2012-12-27 18:00:25 ----D---- C:\WINDOWS\system32\DLA
2012-12-27 18:00:25 ----A---- C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2012-12-27 18:00:25 ----A---- C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2012-12-27 18:00:25 ----A---- C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2012-12-27 18:00:25 ----A---- C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2012-12-27 18:00:25 ----A---- C:\WINDOWS\system32\DLAAPI_W.DLL
2012-12-27 18:00:25 ----A---- C:\WINDOWS\DLA.EXE
2012-12-27 18:00:01 ----D---- C:\Program Files\Sonic
2012-12-27 18:00:00 ----D---- C:\Program Files\Common Files\Sonic Shared
2012-12-27 17:59:16 ----D---- C:\Program Files\Common Files\LightScribe
2012-12-27 17:59:00 ----D---- C:\WINDOWS\Hewlett-Packard
2012-12-27 17:57:10 ----A---- C:\WINDOWS\system32\javaws.exe
2012-12-27 17:57:10 ----A---- C:\WINDOWS\system32\javaw.exe
2012-12-27 17:57:10 ----A---- C:\WINDOWS\system32\java.exe
2012-12-27 17:56:44 ----D---- C:\Program Files\Java
2012-12-27 17:56:42 ----D---- C:\Program Files\Common Files\Java
2012-12-27 17:51:00 ----N---- C:\WINDOWS\biwlandrvxpver.dll
2012-12-27 17:50:18 ----N---- C:\WINDOWS\HPNICVersion.dll
2012-12-27 17:50:07 ----D---- C:\Program Files\Broadcom
2012-12-27 17:49:21 ----N---- C:\WINDOWS\system32\agrsmdel.exe
2012-12-27 17:49:21 ----N---- C:\WINDOWS\HPModemVersion.dll
2012-12-27 17:49:17 ----D---- C:\WINDOWS\Options
2012-12-27 17:36:39 ----HD---- C:\WINDOWS\system32\GroupPolicy
2012-12-27 17:36:27 ----A---- C:\WINDOWS\system32\hidserv.dll
2012-12-27 17:36:15 ----A---- C:\WINDOWS\system32\drivers\usbccgp.sys
2012-12-27 17:28:26 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2012-12-27 17:28:24 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2012-12-27 17:24:48 ----D---- C:\Program Files\WIDCOMM
2012-12-27 17:24:04 ----D---- C:\WINDOWS\tiinst
2012-12-27 17:22:15 ----D---- C:\Program Files\Program Shortcuts

======List of files/folders modified in the last 1 month======

2013-01-13 16:51:15 ----D---- C:\Program Files
2013-01-13 16:49:19 ----D---- C:\WINDOWS\system32
2013-01-13 16:49:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-01-13 16:44:53 ----D---- C:\WINDOWS
2013-01-13 11:09:47 ----D---- C:\WINDOWS\system32\CatRoot2
2013-01-13 11:09:34 ----SHD---- C:\System Volume Information
2013-01-13 11:09:34 ----D---- C:\WINDOWS\system32\Restore
2013-01-13 10:59:43 ----D---- C:\WINDOWS\system32\config
2013-01-13 10:56:05 ----SHD---- C:\WINDOWS\Installer
2013-01-13 10:56:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2013-01-13 10:56:05 ----D---- C:\Program Files\Common Files\InstallShield
2013-01-10 23:35:02 ----RSHD---- C:\WINDOWS\system32\dllcache
2013-01-10 23:34:57 ----D---- C:\WINDOWS\system32\drivers
2013-01-03 22:00:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2013-01-03 21:57:38 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2013-01-03 21:55:34 ----D---- C:\Program Files\Common Files
2013-01-03 21:52:38 ----D---- C:\WINDOWS\system
2013-01-03 21:47:35 ----D---- C:\WINDOWS\SoftwareDistribution
2013-01-03 21:46:21 ----N---- C:\boot.ini
2013-01-03 21:46:21 ----A---- C:\WINDOWS\win.ini
2013-01-03 21:46:21 ----A---- C:\WINDOWS\system.ini
2013-01-03 21:39:04 ----HD---- C:\Program Files\InstallShield Installation Information
2013-01-03 21:38:21 ----SD---- C:\WINDOWS\Tasks
2013-01-03 21:37:46 ----D---- C:\Program Files\Hewlett-Packard
2013-01-02 21:09:18 ----D---- C:\Program Files\Internet Explorer
2013-01-02 16:07:50 ----HD---- C:\WINDOWS\inf
2013-01-01 19:15:11 ----D---- C:\WINDOWS\system32\drivers\etc
2013-01-01 19:12:52 ----D---- C:\WINDOWS\AppPatch
2013-01-01 19:12:02 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2013-01-01 19:06:21 ----D---- C:\Program Files\Outlook Express
2013-01-01 17:40:54 ----HD---- C:\WINDOWS\$hf_mig$
2012-12-31 03:06:34 ----D---- C:\Program Files\Windows Media Player
2012-12-31 03:06:01 ----D---- C:\Program Files\Movie Maker
2012-12-28 10:34:08 ----D---- C:\WINDOWS\SMINST
2012-12-28 10:24:11 ----RSD---- C:\WINDOWS\Fonts
2012-12-28 09:33:18 ----D---- C:\WINDOWS\WinSxS
2012-12-28 01:39:34 ----D---- C:\WINDOWS\Debug
2012-12-28 00:12:58 ----RSD---- C:\WINDOWS\assembly
2012-12-28 00:12:41 ----D---- C:\WINDOWS\Microsoft.NET
2012-12-27 23:57:36 ----RD---- C:\WINDOWS\Web
2012-12-27 23:57:36 ----D---- C:\WINDOWS\twain_32
2012-12-27 23:57:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2012-12-27 23:57:26 ----D---- C:\WINDOWS\system32\ras
2012-12-27 23:57:15 ----D---- C:\WINDOWS\system32\mui
2012-12-27 23:57:14 ----D---- C:\WINDOWS\system32\msmq
2012-12-27 23:57:12 ----D---- C:\WINDOWS\system32\MsDtc
2012-12-27 23:57:11 ----D---- C:\WINDOWS\system32\Macromed
2012-12-27 23:57:11 ----D---- C:\WINDOWS\system32\IME
2012-12-27 23:57:11 ----D---- C:\WINDOWS\system32\icsxml
2012-12-27 23:57:11 ----D---- C:\WINDOWS\system32\ias
2012-12-27 23:57:05 ----D---- C:\WINDOWS\system32\DirectX
2012-12-27 23:57:01 ----D---- C:\WINDOWS\system32\1060
2012-12-27 23:57:01 ----D---- C:\WINDOWS\system32\1051
2012-12-27 23:57:01 ----D---- C:\WINDOWS\system32\1033
2012-12-27 23:55:56 ----D---- C:\WINDOWS\Resources
2012-12-27 23:55:56 ----D---- C:\WINDOWS\repair
2012-12-27 23:55:49 ----D---- C:\WINDOWS\RegisteredPackages
2012-12-27 23:55:48 ----D---- C:\WINDOWS\Provisioning
2012-12-27 23:55:23 ----RD---- C:\WINDOWS\Offline Web Pages
2012-12-27 23:55:23 ----D---- C:\WINDOWS\pchealth
2012-12-27 23:54:48 ----D---- C:\WINDOWS\msapps
2012-12-27 23:54:37 ----D---- C:\WINDOWS\java
2012-12-27 23:53:36 ----D---- C:\WINDOWS\Cursors
2012-12-27 23:53:25 ----HD---- C:\WINDOWS\$NtUninstallKB896256$
2012-12-27 23:53:24 ----HD---- C:\WINDOWS\$NtUninstallKB912919$
2012-12-27 23:53:24 ----HD---- C:\WINDOWS\$NtUninstallKB896358$
2012-12-27 23:53:24 ----HD---- C:\WINDOWS\$NtUninstallKB892559$
2012-12-27 23:53:24 ----HD---- C:\WINDOWS\$NtUninstallKB888239$
2012-12-27 23:53:24 ----HD---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2012-12-27 23:53:24 ----HD---- C:\WINDOWS\$NtUninstallKB885855$
2012-12-27 23:53:24 ----HD---- C:\WINDOWS\$NtUninstallKB883667$
2012-12-27 23:53:23 ----HD---- C:\WINDOWS\$NtUninstallKB908519$
2012-12-27 23:53:23 ----HD---- C:\WINDOWS\$NtUninstallKB896727$
2012-12-27 23:53:22 ----HD---- C:\WINDOWS\$NtUninstallKB913446$
2012-12-27 23:53:22 ----HD---- C:\WINDOWS\$NtUninstallKB912436$
2012-12-27 23:53:22 ----HD---- C:\WINDOWS\$NtUninstallKB911927$
2012-12-27 23:53:22 ----HD---- C:\WINDOWS\$NtUninstallKB904706$
2012-12-27 23:53:22 ----HD---- C:\WINDOWS\$NtUninstallKB889673$
2012-12-27 23:53:22 ----HD---- C:\WINDOWS\$NtUninstallKB885884$
2012-12-27 23:53:22 ----HD---- C:\WINDOWS\$NtUninstallKB885464$
2012-12-27 23:53:22 ----HD---- C:\WINDOWS\$NtUninstallKB884575$
2012-12-27 23:53:21 ----HD---- C:\WINDOWS\$NtUninstallKB915326$
2012-12-27 23:53:21 ----HD---- C:\WINDOWS\$NtUninstallKB911565$
2012-12-27 23:53:21 ----HD---- C:\WINDOWS\$NtUninstallKB896423$
2012-12-27 23:53:21 ----HD---- C:\WINDOWS\$NtUninstallKB893066$
2012-12-27 23:53:21 ----HD---- C:\WINDOWS\$NtUninstallKB887472$
2012-12-27 23:53:21 ----HD---- C:\WINDOWS\$NtUninstallKB886185$
2012-12-27 23:53:20 ----HD---- C:\WINDOWS\$NtUninstallKB918005$
2012-12-27 23:53:20 ----HD---- C:\WINDOWS\$NtUninstallKB901214$
2012-12-27 23:53:20 ----HD---- C:\WINDOWS\$NtUninstallKB891781$
2012-12-27 23:53:20 ----HD---- C:\WINDOWS\$NtUninstallKB888402$
2012-12-27 23:53:20 ----HD---- C:\WINDOWS\$NtUninstallKB873333$
2012-12-27 23:53:19 ----HD---- C:\WINDOWS\$NtUninstallKB909095$
2012-12-27 23:53:18 ----HD---- C:\WINDOWS\$NtUninstallKB911564$
2012-12-27 23:53:18 ----HD---- C:\WINDOWS\$NtUninstallKB896422$
2012-12-27 23:53:18 ----HD---- C:\WINDOWS\$NtUninstallKB896243$
2012-12-27 23:53:18 ----HD---- C:\WINDOWS\$NtUninstallKB888113$
2012-12-27 23:53:17 ----HD---- C:\WINDOWS\$NtUninstallKB903235$
2012-12-27 23:53:17 ----HD---- C:\WINDOWS\$NtUninstallKB901190$
2012-12-27 23:53:17 ----HD---- C:\WINDOWS\$NtUninstallKB894391$
2012-12-27 23:53:17 ----HD---- C:\WINDOWS\$NtUninstallKB885250$
2012-12-27 23:53:05 ----D---- C:\Program Files\xerox
2012-12-27 23:53:00 ----D---- C:\Program Files\Synaptics
2012-12-27 23:52:59 ----D---- C:\Program Files\Online Services
2012-12-27 23:52:58 ----D---- C:\Program Files\MSN Gaming Zone
2012-12-27 23:52:56 ----D---- C:\Program Files\MSN
2012-12-27 23:52:55 ----D---- C:\Program Files\microsoft frontpage
2012-12-27 23:52:43 ----D---- C:\Program Files\Fingerprint Sensor
2012-12-27 23:52:42 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-12-27 23:52:42 ----D---- C:\Program Files\Common Files\Services
2012-12-27 23:52:42 ----D---- C:\Program Files\Common Files\ODBC
2012-12-27 23:52:42 ----D---- C:\Program Files\Common Files\MSSoap
2012-12-27 23:52:39 ----D---- C:\Program Files\Analog Devices
2012-12-27 23:52:25 ----D---- C:\I386
2012-12-27 23:49:40 ----D---- C:\Documents and Settings\All Users\Application Data\SBSI
2012-12-27 23:49:34 ----D---- C:\Documents and Settings\Administrator\Application Data\Identities
2012-12-27 23:49:32 ----D---- C:\Documents and Settings
2012-12-27 21:42:31 ----D---- C:\WINDOWS\Help
2012-12-27 20:03:28 ----D---- C:\WINDOWS\system32\spool
2012-12-27 19:52:19 ----D---- C:\WINDOWS\system32\wbem
2012-12-27 19:36:48 ----D---- C:\Program Files\Messenger
2012-12-27 19:07:15 ----D---- C:\WINDOWS\Media
2012-12-27 18:58:41 ----D---- C:\WINDOWS\system32\Setup
2012-12-27 18:58:08 ----D---- C:\WINDOWS\security
2012-12-27 18:57:26 ----D---- C:\WINDOWS\system32\CatRoot
2012-12-27 18:54:28 ----D---- C:\WINDOWS\system32\inetsrv
2012-12-27 18:54:28 ----D---- C:\WINDOWS\ime
2012-12-27 18:54:23 ----D---- C:\WINDOWS\system32\usmt
2012-12-27 18:54:22 ----D---- C:\WINDOWS\PeerNet
2012-12-27 18:53:29 ----D---- C:\WINDOWS\system32\npp
2012-12-27 18:53:29 ----D---- C:\WINDOWS\mui
2012-12-27 18:53:28 ----D---- C:\WINDOWS\srchasst
2012-12-27 18:53:28 ----D---- C:\WINDOWS\msagent
2012-12-27 18:53:28 ----D---- C:\Program Files\NetMeeting
2012-12-27 18:53:27 ----D---- C:\WINDOWS\system32\Com
2012-12-27 18:53:27 ----D---- C:\Program Files\Windows NT
2012-12-27 18:53:26 ----D---- C:\Program Files\Common Files\System
2012-12-27 18:53:23 ----D---- C:\WINDOWS\system32\oobe
2012-12-27 18:51:23 ----D---- C:\WINDOWS\ehome
2012-12-27 18:01:48 ----D---- C:\Program Files\HPQ
2012-12-27 17:58:48 ----D---- C:\WINDOWS\Registration
2012-12-27 17:50:48 ----D---- C:\SwSetup
2012-12-27 17:50:31 ----D---- C:\System.sav
2012-12-27 17:49:21 ----D---- C:\WINDOWS\Driver Cache
2012-12-27 17:24:53 ----SD---- C:\WINDOWS\system32\Microsoft
2012-12-16 13:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-08-30 88752]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\System32\DRIVERS\iaStor.sys [2005-10-12 874240]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-12-27 691696]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-31 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-31 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-06-07 152960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-12 1120352]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2006-03-30 130432]
R3 b57w2k;Broadcom NetLink (TM) Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-10-26 142720]
R3 BCM43XX;Broadcom 802.11 ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-01-18 1342570]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-02-28 87808]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 36352]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-03 192736]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 ate7w1xc;ate7w1xc; C:\WINDOWS\system32\drivers\ate7w1xc.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-01-18 401664]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-01-18 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-01-18 148168]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-01-19 57096]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-01-18 258103]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2013-01-01 192512]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-12-27 153584]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-12-18 73728]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 USBSafelyRemoveService;USB Safely Remove Assistant; C:\Program Files\USB Safely Remove\USBSRService.exe [2010-05-07 242000]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2012-12-27 155648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2012-12-27 126976]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328]
S3 WmcCdsLs;Windows Media Connect (WMC) Helper; C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-15 158856]

-----------------EOF-----------------

tu je pribalený samotný RECYCLER s autorun.inf v archýve.

Ahoj Naughty,

Tu je ten ZIP s oboma súbormi. Je tam niečo ?

SHA256: ee468e35630271211ef471767f4481c338fc5fbd8f90491d9da2f331aa23ce23
SHA1: df427f8cc3a8dffe7dd6d1afc90979965d01db7c
MD5: 7916ce7a18172b2690c4cf259fc289ee
File size: 512 bajtov ( 512 bytes )
File name: PhysicalMBR.bin
File type: unknown
Detection ratio: 0 / 46
Analysis date: 2013-01-13 17:04:49 UTC ( 2 minúty ago )

Tu je odkaz naň
https://www.virustotal.com/file/ee468e3 ... 358096689/

LOG po restarte:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:c:\program files\microsoft\desktoplayer.exe deleted successfully.
File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.
File not found.
File not found.
G:\autorun.inf moved successfully.
========== FILES ==========
File\Folder C:\RECYCLER\UymnNhsN.exe not found.
File\Folder D:\RECYCLER\UymnNhsN.exe not found.
G:\RECYCLER\S-6-2-84-6840813581-5077771576-562635426-3233\UymnNhsN.exe moved successfully.
UymnNhsN.exe not found in C:\
UymnNhsN.exe not found in D:\
UymnNhsN.exe not found in G:\

OTL by OldTimer - Version 3.2.69.0 log created on 01132013_183322

Files\Folders moved on Reboot...
File move failed. c:\Program Files\Microsoft\DesktopLayer.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Asi to nepomohlo Naughty
Toto je obsah mojho autorun.inf
***na USB kluči sa objavil ďalší adresár s AFRUTMER.EXE súborom
RmNIruvjeWxNgqSQPtIAbYarbYfgHMFVbItghUXfBvsdcmHOPkVFyRaXFcrbRUAUapcOL
ufseuikvbjxPYfHVTTXkwwSZnROTmxNRgZabTmQdJUqxDqobkjLxUapnbjpstJEDSEPOvSKwiFCTyJDZkQGckBFOtSW
LZAmQLApiPuEwrkhqjfWVGjCDURiHVFCWVLDNaEcpgIbnJfCiZmMGbVF
DADpfVZUnxvxEoLWgVeIRsShaIyDQaEGAuUPdvpibyRYadaoZmaneYUUYGNwcBsoQWGBXLTVteQsKmhtiOPmYY
bKbKbjjJNDTetKoaJvnZDmiRrTunIQuKmoInLLCsCbXbuOqIABXckDepIhXoAmHigjyKQXRMhvtvfqhuQu
GmiEyoUFJcCYHllAtvLHybOGkJryVPjGidpcmFZoAOTgyKwmDSOkMsrrnmoTbNOM
YSDPVQOeZeUCJyTGNZyKTcOFkvwWYPhXnPjYLCFwcvNSMLsQVikCiwjhDwX
cLlfMSyuPdukdeAUHgVdHrQEjFPicMIicpmcCivbjHVfnsnVwvi
iyTdasRNDBefjrmEVDqmTMcFTvpuCeZUhieQoBsbAwZrAQoZrlIVhNbEa
ImFiiVRsDXStKTQJaJhBWTfhwoSkluNmqQtNIeaOYcMKTjWbtoDKKKTjRTEuiXeVTouFVuoyskdOKApHx
dTVfgoUpKxWMUIEUGKoQlWpndXsPTtyMOiQrRIkxAEEeIbbqhQfCW
KEbpYrNwCaAXbsrJQwgDgOYLIuOtCXQlSYTDhHBtACkHMCbSSsKkokotEWqoKiuc
VlrKOnihiKYgsokUdMnxugGxrwNwIsFyfyugKgRByvXMjjmZHNHpwCYpTnvVyx
MgdXfXCslTbDpZsTWSRrmGNqZFleAwMeMcdHfKPXVmGULcEffgCTaAMbbcESayMyfrsZWBSFsQ
nSNGKGZVLsHqCSMUTUCLXxgMIUwpLNrOXjIZigbLuTAATnxmMTehFApIYN
COIIuCCYYuNYbqAVqberGjDfqJZcqkfudpQnHhOtTQHAIjGWCplRoC
WdskpSDVPVBVyUWFeFQyNtIpSOpyKGBYACXRfqiIhljwyKDbxmKTOcTayvyRICecxOnyDuCnpbNThiFhKttUUvwDqtsrWs
DwBJQxmKJNSDQSEgfjKkjwZtKxOtMfZavfyHftEtlrTTkWNyaiKVdTJvgYhOPrBCFrbTtCjoPSciyGMSnDZ
qFaVwIZgBqVyfCcdZoJrSGwPNjrtPGvxLjDAAHjuiyhOaBoFGihvuPoPjARMVYgQVvkrXXftSxJcttdSaaYWJCRWkXOndcoNdv
JUcdRXVGDhBVCxgdQDZgPiDPOBKbVScIwHYbhcoteAyKqNuFeLiOaxOpMETcbtIYlDuAhba
GRlvNuMOrDFhLXWUAtdYnpDIILjEbrCgeeBkiDlIBESrdEmxhNemENrGhttojxhTBeQeAWQjdLxXQaZRZ
YdREIaAWVZIMSMEuGvrLpeMljFToajUhejhBcufYdaGnnfJFCvsKgmUAjmWpDoNtYNrnPOXAprqNiEeGoV
nAwAbiaiWDeXBxiGlFShPapTAoyFgUtlKyKXuAdeSDdupfPBjUPD
BiERYexDtmAQBmXFSQTOpbNbFLOVuTNtvNibcsAngmBBHWJxfS
AtTCXXlDZOfDeLglPJVGRLIuVhDFERvOcqIPrYMTisPeBgeQXREwXQ
bOyjxgXHJCciYEqfmFXCqlBRxiJZNswWBSfngmLUkSbXbxhxyKfXUTXqPEYimXPQTyIbAJFlDHnDrHxlNhdMuZKtBOorHFMNMMm
AQoAuaedunUowCSuLbGorYSbFcvrjVZaEfiCmcIEcxjlvfhRfLUDNh
SBSMEmHxYPGWpeqXimgosDgTUZCIOHUqdgwpBBXGmqPUGeuwxqGincZSsjsuUKNKbmjMWbSFjXmagYSnQ
AXRMmKQsWhhNBLoaGslEuLfncynopErPxeJZgXEqLoFmvZCfsyANisFWWqoAFUpMWNBTuoyUfOFPChkHdcxWjtUjkCDKcZb
aMhgbLprhoxhegxpUayKXMLFGYByiTfYKabpBjDDbtrfMGPZNiMYmddEPD
RSKUFPFgMSLUmwBTRWytLeBWxrpqhDSCXwyNpDjkScYewKuvgZepFHtsU
oxLVnTCsHgxLQMhFALrdbOWdsCDIjVxRcYSSKIScjGOsUHvWnhZXNktMJiRCQ
NmbHOCkXsuJZWZiDjedmgJfMhLWZsNkqwsTMvytxjyZALmuFTUJMAuXGxjIKlGVGgwNCYYFBNCMgSsGVnkYkxxH
XKhXcQSdkTBSfVAthScZmXDdoCUuAcqsjjAPwLilXkdxFmmDDAixXkTBUPVIFwbArNrcHYDQyDYMnDmyDggManVP
IiTZhKWtYVDbrHLmYEMapTxXWBrlMspnvwcAPKTyEwcybeQNJiwMKgrXYaqXSNTaCpSy
tixlCMqNcckYqrIpiFdUUOrcrnJJXcJyAUOpTtkZqxTbZStMhVlCiYndqkEwlUDNReMLh
jfviuwMyqPyFwOAIRiyZmDdIOrWwOiNExURMoQcMpqwfDgSTUXVCilbEYbEGYqTyWLWIrOPGrVEpmQUwTGgYoHtSaxYpdqwF
gGaNeoFsQsykRimqCnPaJLXXAbNjHsFONQBfEESMxJtNSgDQsiJFSnVZJFUKWAFMFaIDpjQOQFqSlcicHfNGGtpZ
JbnaUStmCUumJZfTYunqnXwyiDIKqjCytMabwxkKHgXObMZEBpymTmXQNnkeTCFgddqeuIRFovKUJCPGWaHQS
txVjLePmiJNdaqwsGgkGCAjOrpmfypIdMGRBoYlyjphfNnWkJPilOVeFxDZVpMqVbkGJW
erqVlFghsFJPaALUoZAKKXEatbyMgYNRfWfEvqyTunwBYYHvIPsheKefCJZYxifUbkr
KDADSrpQwxRrxvDVmICgArksWJFrAnWTqvHDtTewvlLOafbAXPVBayjeIFVxcocKfRUoB
XqlMjARZYaIdUagUyABdMRvmyRmdmAPrZdqkIMNNrHwKiaHMtCiDfGAWHkaUpFsZukVKAIUsrqWZWuIolxRalwXeoXwjG
KmCqMFMpwsemnywsBYQcjAYbfrWioLjlZeuiFiUpUdFKrKYhPHcKKDRdxcNqXdMAcamhVsEQtaiOkBC
jmiMbJcCAYWHerMbJebfOGgIiWXCMnkatQEWlmievmvUxvcgaBNSvxgSdKpbubaaQXxwhcNXPIVLwTfxQOoNLObmoLuI
PjdOGpmhOnTdRmVNXWNRyJLbNRBvTarEbUslNfNXGgheYUPdqll
jIbqSghbVZSapqSCFVfRpkjRtJfSdpSINvBVFMDjSIXKbOiMeCWkIwjvnmEEl
EmKoLEUPgOpHHEMoAercdvVfQNynHNajkRgfovhNugLnpRcXQEgHndI
XMpJkuqYmQueMXAofMGrrxoeZuNRaKnOtijPYcsrteHekQegVawUTrDwlmYhVOIBgRPlraUUekqRmPNDeCvUWai
mNEIuXmBxdVctGZMWMrKZsRjVhmBPqURQsxkIxcSTwPnknTJEJ
WLlABeYgNcmuvbGJdkNZsDfpUdfGdXWfnelCfGNQOxWchPdMVcouFGRbdjFHCBgsmCKVLlJUkqjppmNDdqjvOeiidH
wUxltdBhWMcSRrJRngaaITsDbKWOcsIDmrSqBmPCBAkQEQVUIcjcWoowKXlWYAdeaaiThIrUfIQ
bUcpNycGQnocnDRkBfrZalJaRLCHLDiBMLDwFqIsYpulVkFtPZnJlArGWTOdbCQqhvPdoWcTqqXstsWGCZwHPhuS
EhUVCGSSgfhTXPVJHMabEqCojfkarAOwIDxdHrVqaJfBWbwnKmXXqbrhue
FLnCjZxyMggUsZTLbEkrAdwFqchmFFbITVgSGCamfmPcVqyMWNjwHvUiBp
MJHAxwIEOjuZjgxBmDydAnTeaCXoBAkicmgekNCedwEvOnqbiGItsUBJbAmaaSnGrwALmtvlTgyIJkAiUZrLtfacNMdJfMFfvMI
JmVRaLapRmAMOjaWLTAAGAFWFFZEkXvuQsCqyjRKkUFLThIaoSaULJDYFvyqVoQjylJeAxvZYjVLFsUQPkCsPFXFJtPsBCpHltt
OYlZrMOUMnOkglmkFGaJJiglmEkaqvyRUqSBkFTDBQtSXqbGoGuituVlaPpsygbLahf
[autorun]
action=Open
icon=%WinDir%\system32\shell32.dll,4
shellexecute=.\RECYCLER\S-8-6-55-7631231851-6433140688-124523260-4542\AFRUTMER.exe
shell\explore\command=.\RECYCLER\S-8-6-55-7631231851-6433140688-124523260-4542\AFRUTMER.exe
USEAUTOPLAY=1
shell\Open\command=.\RECYCLER\S-8-6-55-7631231851-6433140688-124523260-4542\AFRUTMER.exe
IruvjeWxNgqSQPtIAbYarbYfgHMFVbItghUXfBvsdcmHOPkVFyRaXFcrbRUAUapcOL
ufseuikvbjxPYfHVTTXkwwSZnROTmxNRgZabTmQdJUqxDqobkjLxUapnbjpstJEDSEPOvSKwiFCTyJDZkQGckBFOtSW
LZAmQLApiPuEwrkhqjfWVGjCDURiHVFCWVLDNaEcpgIbnJfCiZmMGbVF
DADpfVZUnxvxEoLWgVeIRsShaIyDQaEGAuUPdvpibyRYadaoZmaneYUUYGNwcBsoQWGBXLTVteQsKmhtiOPmYY
bKbKbjjJNDTetKoaJvnZDmiRrTunIQuKmoInLLCsCbXbuOqIABXckDepIhXoAmHigjyKQXRMhvtvfqhuQu
GmiEyoUFJcCYHllAtvLHybOGkJryVPjGidpcmFZoAOTgyKwmDSOkMsrrnmoTbNOM
YSDPVQOeZeUCJyTGNZyKTcOFkvwWYPhXnPjYLCFwcvNSMLsQVikCiwjhDwX
cLlfMSyuPdukdeAUHgVdHrQEjFPicMIicpmcCivbjHVfnsnVwvi
iyTdasRNDBefjrmEVDqmTMcFTvpuCeZUhieQoBsbAwZrAQoZrlIVhNbEa
ImFiiVRsDXStKTQJaJhBWTfhwoSkluNmqQtNIeaOYcMKTjWbtoDKKKTjRTEuiXeVTouFVuoyskdOKApHx
dTVfgoUpKxWMUIEUGKoQlWpndXsPTtyMOiQrRIkxAEEeIbbqhQfCW
KEbpYrNwCaAXbsrJQwgDgOYLIuOtCXQlSYTDhHBtACkHMCbSSsKkokotEWqoKiuc
VlrKOnihiKYgsokUdMnxugGxrwNwIsFyfyugKgRByvXMjjmZHNHpwCYpTnvVyx
MgdXfXCslTbDpZsTWSRrmGNqZFleAwMeMcdHfKPXVmGULcEffgCTaAMbbcESayMyfrsZWBSFsQ
nSNGKGZVLsHqCSMUTUCLXxgMIUwpLNrOXjIZigbLuTAATnxmMTehFApIYN
COIIuCCYYuNYbqAVqberGjDfqJZcqkfudpQnHhOtTQHAIjGWCplRoC
WdskpSDVPVBVyUWFeFQyNtIpSOpyKGBYACXRfqiIhljwyKDbxmKTOcTayvyRICecxOnyDuCnpbNThiFhKttUUvwDqtsrWs
DwBJQxmKJNSDQSEgfjKkjwZtKxOtMfZavfyHftEtlrTTkWNyaiKVdTJvgYhOPrBCFrbTtCjoPSciyGMSnDZ
qFaVwIZgBqVyfCcdZoJrSGwPNjrtPGvxLjDAAHjuiyhOaBoFGihvuPoPjARMVYgQVvkrXXftSxJcttdSaaYWJCRWkXOndcoNdv
JUcdRXVGDhBVCxgdQDZgPiDPOBKbVScIwHYbhcoteAyKqNuFeLiOaxOpMETcbtIYlDuAhba
GRlvNuMOrDFhLXWUAtdYnpDIILjEbrCgeeBkiDlIBESrdEmxhNemENrGhttojxhTBeQeAWQjdLxXQaZRZ
YdREIaAWVZIMSMEuGvrLpeMljFToajUhejhBcufYdaGnnfJFCvsKgmUAjmWpDoNtYNrnPOXAprqNiEeGoV
nAwAbiaiWDeXBxiGlFShPapTAoyFgUtlKyKXuAdeSDdupfPBjUPD
BiERYexDtmAQBmXFSQTOpbNbFLOVuTNtvNibcsAngmBBHWJxfS
AtTCXXlDZOfDeLglPJVGRLIuVhDFERvOcqIPrYMTisPeBgeQXREwXQ
bOyjxgXHJCciYEqfmFXCqlBRxiJZNswWBSfngmLUkSbXbxhxyKfXUTXqPEYimXPQTyIbAJFlDHnDrHxlNhdMuZKtBOorHFMNMMm
AQoAuaedunUowCSuLbGorYSbFcvrjVZaEfiCmcIEcxjlvfhRfLUDNh
SBSMEmHxYPGWpeqXimgosDgTUZCIOHUqdgwpBBXGmqPUGeuwxqGincZSsjsuUKNKbmjMWbSFjXmagYSnQ
AXRMmKQsWhhNBLoaGslEuLfncynopErPxeJZgXEqLoFmvZCfsyANisFWWqoAFUpMWNBTuoyUfOFPChkHdcxWjtUjkCDKcZb
aMhgbLprhoxhegxpUayKXMLFGYByiTfYKabpBjDDbtrfMGPZNiMYmddEPD
RSKUFPFgMSLUmwBTRWytLeBWxrpqhDSCXwyNpDjkScYewKuvgZepFHtsU
oxLVnTCsHgxLQMhFALrdbOWdsCDIjVxRcYSSKIScjGOsUHvWnhZXNktMJiRCQ
NmbHOCkXsuJZWZiDjedmgJfMhLWZsNkqwsTMvytxjyZALmuFTUJMAuXGxjIKlGVGgwNCYYFBNCMgSsGVnkYkxxH
XKhXcQSdkTBSfVAthScZmXDdoCUuAcqsjjAPwLilXkdxFmmDDAixXkTBUPVIFwbArNrcHYDQyDYMnDmyDggManVP
IiTZhKWtYVDbrHLmYEMapTxXWBrlMspnvwcAPKTyEwcybeQNJiwMKgrXYaqXSNTaCpSy
tixlCMqNcckYqrIpiFdUUOrcrnJJXcJyAUOpTtkZqxTbZStMhVlCiYndqkEwlUDNReMLh
jfviuwMyqPyFwOAIRiyZmDdIOrWwOiNExURMoQcMpqwfDgSTUXVCilbEYbEGYqTyWLWIrOPGrVEpmQUwTGgYoHtSaxYpdqwF
gGaNeoFsQsykRimqCnPaJLXXAbNjHsFONQBfEESMxJtNSgDQsiJFSnVZJFUKWAFMFaIDpjQOQFqSlcicHfNGGtpZ
JbnaUStmCUumJZfTYunqnXwyiDIKqjCytMabwxkKHgXObMZEBpymTmXQNnkeTCFgddqeuIRFovKUJCPGWaHQS
txVjLePmiJNdaqwsGgkGCAjOrpmfypIdMGRBoYlyjphfNnWkJPilOVeFxDZVpMqVbkGJW
erqVlFghsFJPaALUoZAKKXEatbyMgYNRfWfEvqyTunwBYYHvIPsheKefCJZYxifUbkr
KDADSrpQwxRrxvDVmICgArksWJFrAnWTqvHDtTewvlLOafbAXPVBayjeIFVxcocKfRUoB
XqlMjARZYaIdUagUyABdMRvmyRmdmAPrZdqkIMNNrHwKiaHMtCiDfGAWHkaUpFsZukVKAIUsrqWZWuIolxRalwXeoXwjG
KmCqMFMpwsemnywsBYQcjAYbfrWioLjlZeuiFiUpUdFKrKYhPHcKKDRdxcNqXdMAcamhVsEQtaiOkBC
jmiMbJcCAYWHerMbJebfOGgIiWXCMnkatQEWlmievmvUxvcgaBNSvxgSdKpbubaaQXxwhcNXPIVLwTfxQOoNLObmoLuI
PjdOGpmhOnTdRmVNXWNRyJLbNRBvTarEbUslNfNXGgheYUPdqll
jIbqSghbVZSapqSCFVfRpkjRtJfSdpSINvBVFMDjSIXKbOiMeCWkIwjvnmEEl
EmKoLEUPgOpHHEMoAercdvVfQNynHNajkRgfovhNugLnpRcXQEgHndI
XMpJkuqYmQueMXAofMGrrxoeZuNRaKnOtijPYcsrteHekQegVawUTrDwlmYhVOIBgRPlraUUekqRmPNDeCvUWai
mNEIuXmBxdVctGZMWMrKZsRjVhmBPqURQsxkIxcSTwPnknTJEJ
WLlABeYgNcmuvbGJdkNZsDfpUdfGdXWfnelCfGNQOxWchPdMVcouFGRbdjFHCBgsmCKVLlJUkqjppmNDdqjvOeiidH
wUxltdBhWMcSRrJRngaaITsDbKWOcsIDmrSqBmPCBAkQEQVUIcjcWoowKXlWYAdeaaiThIrUfIQ
bUcpNycGQnocnDRkBfrZalJaRLCHLDiBMLDwFqIsYpulVkFtPZnJlArGWTOdbCQqhvPdoWcTqqXstsWGCZwHPhuS
EhUVCGSSgfhTXPVJHMabEqCojfkarAOwIDxdHrVqaJfBWbwnKmXXqbrhue
FLnCjZxyMggUsZTLbEkrAdwFqchmFFbITVgSGCamfmPcVqyMWNjwHvUiBp
MJHAxwIEOjuZjgxBmDydAnTeaCXoBAkicmgekNCedwEvOnqbiGItsUBJbAmaaSnGrwALmtvlTgyIJkAiUZrLtfacNMdJfMFfvMI
JmVRaLapRmAMOjaWLTAAGAFWFFZEkXvuQsCqyjRKkUFLThIaoSaULJDYFvyqVoQjylJeAxvZYjVLFsUQPkCsPFXFJtPsBCpHltt
OYlZrMOUMnOkglmkFGaJJiglmEkaqvyRUqSBkFTDBQtSXqbGoGuituVlaPpsygbLahf

Tu je LOG z Comba:

ComboFix 13-01-13.01 - Administrator . 01. 2013 19:09:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3319.2912 [GMT 1:00]
Running from: C:\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Internet Explorer\dmlconf.dat
c:\program files\Internet Explorer\iexploreSrv.exe
c:\program files\Microsoft\DesktopLayer.exe
c:\program files\USB Safely Remove\USBSafelyRemove.exe
c:\windows\system32\NOTEPADSrv.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))
.
.
2013-01-13 17:33 . 2013-01-13 17:33 -------- d-----w- C:\_OTL
2013-01-13 16:39 . 2013-01-13 17:42 512 ----a-w- C:\PhysicalMBR.bin
2013-01-13 16:33 . 2013-01-13 16:35 655872 ----a-w- C:\OTL.exe
2013-01-13 15:51 . 2013-01-13 15:51 -------- d-----w- c:\program files\trend micro
2013-01-13 15:51 . 2013-01-13 15:51 -------- d-----w- C:\rsit
2013-01-10 22:32 . 2013-01-10 22:32 -------- d-----w- c:\documents and settings\Administrator\Bluetooth Software
2013-01-09 07:49 . 2013-01-09 07:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\USBSafelyRemove
2013-01-09 07:49 . 2013-01-09 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\USBSRService
2013-01-09 07:49 . 2013-01-13 18:14 -------- d-----w- c:\program files\USB Safely Remove
2013-01-03 20:55 . 2013-01-03 20:55 -------- d-----w- c:\windows\ShellNew
2013-01-03 19:51 . 2007-03-07 23:51 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2013-01-03 19:51 . 2007-03-07 23:51 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2013-01-03 19:51 . 2007-03-07 23:51 129784 ------w- c:\windows\system32\pxafs.dll
2013-01-03 19:51 . 2013-01-10 22:48 -------- d-----w- c:\program files\Winamp
2013-01-02 19:11 . 2013-01-02 19:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\IrfanView
2013-01-01 17:52 . 2013-01-01 18:07 -------- d-sh--w- c:\documents and settings\Administrator\UserData
2012-12-31 01:56 . 2012-12-31 01:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-12-31 01:56 . 2012-12-31 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-12-31 00:21 . 2012-12-31 00:22 -------- d-----w- c:\program files\ERUNT
2012-12-28 12:14 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-12-28 12:14 . 2008-04-13 23:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-12-28 12:14 . 2008-04-14 04:42 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2012-12-28 12:14 . 2008-04-14 04:42 61952 ----a-w- c:\windows\system32\kstvtune.ax
2012-12-28 12:14 . 2008-04-14 04:42 43008 ----a-w- c:\windows\system32\ksxbar.ax
2012-12-28 12:14 . 2008-04-14 04:42 20992 ----a-w- c:\windows\system32\dshowext.ax
2012-12-28 12:14 . 2008-04-14 04:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2012-12-28 12:14 . 2008-04-14 04:42 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2012-12-28 09:25 . 2012-12-28 09:25 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2012-12-28 09:24 . 2012-12-29 15:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IM
2012-12-28 09:24 . 2012-12-28 09:25 -------- d-----w- c:\program files\IncrediMail
2012-12-28 09:24 . 2012-12-28 09:24 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
2012-12-28 08:33 . 2012-12-28 08:33 -------- d-----w- c:\windows\system32\Adobe
2012-12-28 08:32 . 2013-01-13 00:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2012-12-28 08:32 . 2012-12-28 08:32 -------- d-----r- c:\program files\Skype
2012-12-28 08:32 . 2012-12-28 08:32 -------- d-----w- c:\program files\Common Files\Skype
2012-12-28 08:32 . 2012-12-28 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2012-12-27 23:37 . 2013-01-09 11:21 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-27 23:37 . 2013-01-09 11:21 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-27 22:57 . 2012-12-27 22:57 -------- d-----w- c:\windows\i386
2012-12-27 20:44 . 2012-12-27 20:44 -------- d-----w- c:\program files\MSECache
2012-12-27 20:43 . 2013-01-03 23:37 -------- d-----w- c:\program files\Vista Drive Icon
2012-12-27 20:11 . 2012-12-27 20:11 -------- d-----w- c:\program files\FoxitReaderPortable
2012-12-27 20:08 . 2012-12-27 20:08 -------- d-----w- c:\windows\Downloaded Installations
2012-12-27 20:08 . 2002-12-29 00:14 81920 ----a-w- c:\windows\system32\Startup.cpl
2012-12-27 20:04 . 2012-12-31 00:52 -------- d-----w- c:\program files\The KMPlayer
2012-12-27 20:03 . 2012-12-27 20:03 -------- d-----w- c:\program files\CCleaner
2012-12-27 20:00 . 2012-12-27 20:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-12-27 19:59 . 2012-12-27 20:23 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-12-27 19:59 . 2013-01-03 23:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2012-12-27 19:59 . 2012-12-27 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2012-12-27 19:53 . 2012-12-27 19:53 -------- d-----w- c:\program files\IrfanView
2012-12-27 19:47 . 2012-12-27 19:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group
2012-12-27 19:47 . 2009-12-30 11:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-12-27 19:47 . 2012-12-27 19:47 -------- d-----w- c:\program files\VS Revo Group
2012-12-27 19:46 . 2013-01-13 18:14 -------- d-----w- c:\program files\Microsoft
2012-12-27 19:43 . 2013-01-10 21:35 -------- d-----w- c:\program files\TurboNote
2012-12-27 19:41 . 2012-12-27 19:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\GHISLER
2012-12-27 19:31 . 2012-12-27 19:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\InterVideo
2012-12-27 19:27 . 2012-12-27 19:28 -------- d-----w- C:\totalcmd
2012-12-27 19:27 . 2009-09-09 06:50 545 ----a-w- c:\windows\UC.PIF
2012-12-27 19:27 . 2009-09-09 06:50 545 ----a-w- c:\windows\RAR.PIF
2012-12-27 19:27 . 2009-09-09 06:50 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-12-27 19:27 . 2009-09-09 06:50 545 ----a-w- c:\windows\LHA.PIF
2012-12-27 19:27 . 2009-09-09 06:50 545 ----a-w- c:\windows\ARJ.PIF
2012-12-27 19:26 . 2012-12-27 19:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2012-12-27 19:26 . 2013-01-03 10:09 -------- d-----w- c:\program files\Opera
2012-12-27 19:18 . 2012-12-27 19:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\ElevatedDiagnostics
2012-12-27 18:54 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2012-12-27 18:36 . 2012-12-16 12:23 290560 ------w- c:\windows\system32\dllcache\atmfd.dll
2012-12-27 18:35 . 2012-11-01 12:17 630272 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-12-27 18:35 . 2012-11-01 12:17 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-12-27 18:35 . 2012-11-01 12:17 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-12-27 18:35 . 2012-11-01 12:17 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-12-27 18:35 . 2012-11-01 12:17 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
2012-12-27 18:35 . 2012-11-01 12:17 2000384 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-12-27 18:35 . 2012-11-01 12:17 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-12-27 18:35 . 2012-11-01 12:17 11111424 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-12-27 18:34 . 2012-07-04 14:05 139784 ------w- c:\windows\system32\dllcache\rdpwd.sys
2012-12-27 18:32 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-12-27 18:32 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-12-27 18:32 . 2011-07-15 13:29 456320 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2012-12-27 18:31 . 2011-07-08 14:02 10496 ------w- c:\windows\system32\dllcache\ndistapi.sys
2012-12-27 18:31 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2012-12-27 18:30 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2012-12-27 18:30 . 2013-01-01 18:14 99328 ----a-w- c:\program files\Outlook Express\wab.exe
2012-12-27 18:30 . 2010-10-11 14:59 45568 ----a-w- c:\windows\system32\dllcache\wab.exe
2012-12-27 18:30 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2012-12-27 18:30 . 2011-02-08 13:33 978944 ------w- c:\windows\system32\dllcache\mfc42.dll
2012-12-27 18:30 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2012-12-27 18:30 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2012-12-27 18:30 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2012-12-27 18:29 . 2012-12-31 02:06 3612672 ----a-w- c:\program files\Movie Maker\moviemk.exe
2012-12-27 18:29 . 2010-06-18 13:36 3558912 ----a-w- c:\windows\system32\dllcache\moviemk.exe
2012-12-27 18:29 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2012-12-27 18:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2012-12-27 18:28 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2012-12-27 18:28 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2012-12-27 18:27 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2012-12-27 18:25 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2012-12-27 18:13 . 2012-06-02 14:19 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-12-27 18:13 . 2012-06-02 14:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-12-27 18:13 . 2012-06-02 14:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-12-27 18:13 . 2012-06-02 14:19 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-12-27 18:13 . 2012-06-02 14:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-12-27 18:09 . 2012-12-27 18:09 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-12-27 18:08 . 2012-12-27 18:08 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2012-12-27 18:05 . 2012-12-27 19:50 797184 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-12-27 17:53 . 2012-12-27 17:53 -------- d-----w- c:\windows\ServicePackFiles
2012-12-27 17:26 . 2012-12-27 17:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-27 17:26 . 2012-12-27 17:26 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-27 17:26 . 2012-12-27 17:26 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-27 17:26 . 2012-12-27 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-12-27 17:15 . 2006-03-23 12:12 139264 ----a-w- c:\windows\system32\igfxres.dll
2012-12-27 17:03 . 2012-12-27 17:03 -------- d-----w- c:\program files\Intel
2012-12-27 17:03 . 2012-12-27 19:49 270336 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2012-12-27 17:02 . 2004-08-04 08:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-12-27 17:01 . 2012-12-27 17:02 -------- d-----w- c:\program files\Windows Media Connect
2012-12-27 17:01 . 2006-02-10 13:34 47104 ----a-w- c:\windows\system32\WACntlPnl.cpl
2012-12-27 17:01 . 2012-12-27 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2012-12-27 17:00 . 2012-12-27 17:00 -------- d-----w- c:\program files\Common Files\TiVo Shared
2012-12-27 17:00 . 2012-12-27 17:00 -------- d-----w- c:\program files\Common Files\SureThing Shared
2012-12-27 17:00 . 2012-12-27 17:15 -------- d-----w- c:\windows\system32\DLA
2012-12-27 17:00 . 2005-08-31 04:20 94263 ----a-w- c:\windows\DLA.EXE
2012-12-27 17:00 . 2005-08-30 02:30 88752 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2012-12-27 17:00 . 2005-08-25 11:16 5628 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-13 17:00 . 2013-01-13 17:00 27781 ----a-w- C:\Extras&OTL.zip
2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-04 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02 . 2004-08-04 08:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 08:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2013-01-01 188416]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2013-01-01 983040]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 88203]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2013-01-01 512000]
"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-18 581693]
TurboNote.lnk - c:\program files\TurboNote\tbnote.exe [2012-12-27 199168]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Nocmd"= 0 (0x0)
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\hewlett-packard\hp quick launch buttons\qlbctrlsrv.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"TlntSvr"=3 (0x3)
"srservice"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"SCardSvr"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"ERSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\TurboNote\\tbnote.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27. 12. 2012 21:00 691696]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [9. 1. 2013 8:49 242000]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [28. 2. 2006 18:05 87808]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [21. 10. 2005 12:19 36352]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [27. 12. 2012 20:47 27064]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [15. 2. 2012 13:30 158856]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 11:21]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.100.252
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-USB Safely Remove - c:\program files\USB Safely Remove\USBSafelyRemove.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-13 19:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????\??9?4?2?6??????? ??4B??????????????hB? ????\?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3430824919-2355942649-118783911-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,aa,17,47,2f,53,f2,46,ae,b8,b2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,87,aa,17,47,2f,53,f2,46,ae,b8,b2,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-01-13 19:16:04
ComboFix-quarantined-files.txt 2013-01-13 18:16
.
Pre-Run: 23 642 636 288 bytes free
Post-Run: 22 652 047 360 bytes free
.
- - End Of File - - F0D74658BD96B7B48A9CF69BB5F6DBFC

Naughty Pomôže ten LOG z COMBOfixu ?

Ty z toho LOGU vieš niečo vyzistiť že toto je škodlivý kód ? ... akože je tam ľudský faktor hlavný činiteľ ? .. či je to nejaký automat ktorý označí ten file ako infected ?

oki idem to skusiť,... ten USBfix,... napchám tam všetky USB flashky a Fixnem to .. Deletion.... ok.

Akože musím povedať že teraz ten RECYCLER obsahuje síce dva adresáre ale aspoň sa nerozmnožujú,.. lebo niekedy je to na palicu keď vidím ako sa vždy zapisuje na USB a ten bliká a bliká ,... neprispieva to velmi na životnosť USB flashky

LOG z USBfixu

############################## | UsbFix V 7.096 | [Deletion]

User: Administrator (Administrator) # AMFORTASBOOK
Updated 15/08/2012 by El Desaparecido
Started at 19:36:19 | 13/01/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Hewlett-Packard (HP Compaq nc6320 (EV073AV)) (X86-based PC) # Notebook
CPU: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz (1662)
RAM -> [Total : 3319 | Free : 2931]
BIOS: KBC Version 58.12
BOOT: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 35 Gb (21 Mb free - 59%) [] # NTFS
D:\ -> Fixed drive # 58 Gb (9 Mb free - 15%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Removable drive # 4 Gb (4 Mb free - 100%) [] # FAT32
H:\ -> Removable drive # 7 Gb (7 Mb free - 99%) [] # NTFS
I:\ -> Removable drive # 7 Gb (686 Mb free - 9%) [KINGSTON] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (792)
C:\WINDOWS\system32\winlogon.exe (872)
C:\WINDOWS\system32\services.exe (916)
C:\WINDOWS\system32\lsass.exe (928)
C:\Program Files\USB Safely Remove\USBSRService.exe (1184)
C:\WINDOWS\system32\svchost.exe (1204)
C:\WINDOWS\System32\svchost.exe (1416)
C:\WINDOWS\system32\spoolsv.exe (1956)
C:\WINDOWS\Explorer.EXE (336)
C:\Program Files\Internet Explorer\iexplore.exe (364)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (624)
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe (676)
C:\Program Files\Analog Devices\Core\smax4pnp.exe (456)
C:\WINDOWS\AGRSMMSG.exe (136)
C:\WINDOWS\system32\hkcmd.exe (804)
C:\WINDOWS\system32\igfxpers.exe (816)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (836)
C:\WINDOWS\System32\DLA\DLACTRLW.EXE (832)
C:\WINDOWS\system32\igfxsrvc.exe (996)
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (300)
C:\Program Files\Vista Drive Icon\DrvIcon.exe (1224)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (1404)
C:\Program Files\TurboNote\tbnote.exe (1464)
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (1856)
C:\Program Files\Java\jre6\bin\jqs.exe (1712)
C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2036)
C:\WINDOWS\system32\svchost.exe (264)
C:\WINDOWS\system32\mqsvc.exe (748)
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (1548)
C:\WINDOWS\system32\wuauclt.exe (2268)
C:\WINDOWS\system32\mqtgsvc.exe (2396)
C:\WINDOWS\system32\wscntfy.exe (3040)
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE (3140)
C:\UsbFix\Go.exe (3816)

################## | Stopped processes |

Stopped! C:\Program Files\USB Safely Remove\USBSRService.exe (1184)
Stopped! C:\WINDOWS\system32\spoolsv.exe (1956)
Stopped! C:\WINDOWS\Explorer.EXE (336)
Stopped! C:\Program Files\Internet Explorer\iexplore.exe (364)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (624)
Stopped! C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe (676)
Stopped! C:\Program Files\Analog Devices\Core\smax4pnp.exe (456)
Stopped! C:\WINDOWS\AGRSMMSG.exe (136)
Stopped! C:\WINDOWS\system32\hkcmd.exe (804)
Stopped! C:\WINDOWS\system32\igfxpers.exe (816)
Stopped! C:\Program Files\Common Files\Java\Java Update\jusched.exe (836)
Stopped! C:\WINDOWS\System32\DLA\DLACTRLW.EXE (832)
Stopped! C:\WINDOWS\system32\igfxsrvc.exe (996)
Stopped! C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (300)
Stopped! C:\Program Files\Vista Drive Icon\DrvIcon.exe (1224)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (1404)
Stopped! C:\Program Files\TurboNote\tbnote.exe (1464)
Stopped! C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (1856)
Stopped! C:\Program Files\Java\jre6\bin\jqs.exe (1712)
Stopped! C:\Program Files\Common Files\LightScribe\LSSrvc.exe (2036)
Stopped! C:\WINDOWS\system32\mqsvc.exe (748)
Stopped! C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (1548)
Stopped! C:\WINDOWS\system32\wuauclt.exe (2268)
Stopped! C:\WINDOWS\system32\mqtgsvc.exe (2396)
Stopped! C:\WINDOWS\system32\wscntfy.exe (3040)
Stopped! C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE (3140)

################## | Files # Infected Folders |

Deleted ! C:\Program Files\Microsoft\DesktopLayer.exe
Deleted ! G:\.\RECYCLER\S-8-6-55-7631231851-6433140688-124523260-4542\AFRUTMER.exe
Deleted ! D:\Recycler\S-1-5-21-3430824919-2355942649-118783911-500
Deleted ! G:\Recycler\S-6-2-84-6840813581-5077771576-562635426-3233
Deleted ! G:\Recycler\S-8-6-55-7631231851-6433140688-124523260-4542
Deleted ! H:\Recycler\S-7-8-72-5687764836-4626423173-141837710-8622
Deleted ! I:\Recycler\S-2-7-46-7142260237-6134134351-651553500-3265
Deleted ! I:\Recycler\S-2-1-81-0701633777-0500510017-308333517-5467
Deleted ! I:\Recycler\S-8-4-35-0726762254-1752161034-403123007-3146
Deleted ! I:\Recycler\S-8-7-02-8063803567-2578568578-147641752-7201
Deleted ! I:\Recycler\S-0-2-32-7351888148-4737027557-825102388-3788
Deleted ! I:\Recycler\S-4-1-26-5505723677-3501231365-155288156-3880
Deleted ! I:\Recycler\S-7-7-23-1545414428-1054528175-655302584-5557
Deleted ! G:\autorun.inf
Deleted ! H:\autorun.inf
Not deleted ! I:\autorun.inf
Deleted ! C:\Program Files\Analog Devices\Core\smax4pnpSrv.exe
Deleted ! C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrlSrv.exe
Deleted ! C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless AssistantSrv.exe
Deleted ! C:\Program Files\IncrediMail\bin\ImAppSrv.exe
Deleted ! C:\Program Files\Opera\operaSrv.exe
Deleted ! C:\Program Files\Vista Drive Icon\DrvIconSrv.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0007943.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0008041.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0008456.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0008678.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0010704.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0011435.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0011533.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0011951.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0012173.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0013010.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0014263.exe
Deleted ! C:\System Volume Information\_restore{1B979E5A-90BD-4339-A818-E49EB7202A10}\RP3\A0014264.exe
Deleted ! C:\_OTL\MovedFiles\01132013_183322\c_Program Files\Microsoft\DesktopLayer.exe
Deleted ! C:\_OTL\MovedFiles\01132013_183322\G_RECYCLER\S-6-2-84-6840813581-5077771576-562635426-3233\UymnNhsN.exe

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Listing |

[27/12/2012 - 20:03:33 | D ] C:\5c45a96bfe28effcb33afbb687
[02/01/2013 - 21:10:47 | RAD ] C:\Autorun.inf
[03/01/2013 - 21:46:21 | N | 199] C:\boot.ini
[13/04/1999 - 00:12:26 | N | 512] C:\Boot32.w2k
[05/10/1998 - 16:32:06 | N | 512] C:\bootsec
[07/04/1999 - 03:34:04 | N | 1536] C:\BOOTSEC.32
[13/01/2013 - 19:05:36 | N | 5021655] C:\ComboFix.exe
[13/01/2013 - 19:16:04 | N | 19740] C:\ComboFix.txt
[27/12/2012 - 23:49:32 | D ] C:\Documents and Settings
[13/01/2013 - 18:00:24 | N | 27781] C:\Extras&OTL.zip
[13/01/2013 - 17:53:17 | N | 30634] C:\Extras.Txt
[27/12/2012 - 23:52:25 | D ] C:\I386
[01/01/2013 - 19:27:48 | N | 0] C:\IO.SYS
[01/01/2013 - 19:27:48 | N | 0] C:\MSDOS.SYS
[04/08/2004 - 09:00:00 | N | 47564] C:\NTDETECT.COM
[27/12/2012 - 18:52:53 | N | 250048] C:\NTLDR
[13/01/2013 - 17:35:08 | N | 655872] C:\OTL.exe
[13/01/2013 - 18:55:18 | N | 174424] C:\OTL.Txt
[13/01/2013 - 19:35:21 | ASH | 2145386496] C:\pagefile.sys
[13/01/2013 - 18:42:49 | N | 512] C:\PhysicalMBR.bin
[13/01/2013 - 16:51:15 | D ] C:\Program Files
[13/01/2013 - 19:16:07 | D ] C:\Qoobox
[13/01/2013 - 19:39:09 | SHD ] C:\RECYCLER
[13/01/2013 - 16:51:27 | D ] C:\rsit
[27/12/2012 - 17:50:48 | D ] C:\SwSetup
[13/01/2013 - 17:39:36 | SHD ] C:\System Volume Information
[27/12/2012 - 17:50:31 | D ] C:\System.sav
[27/12/2012 - 20:28:03 | D ] C:\totalcmd
[13/01/2013 - 19:39:09 | D ] C:\UsbFix
[13/01/2013 - 19:41:11 | A | 7622] C:\UsbFix.txt
[13/01/2013 - 19:35:42 | D ] C:\WINDOWS
[13/01/2013 - 18:33:22 | D ] C:\_OTL
[02/01/2013 - 21:10:48 | RAD ] D:\Autorun.inf
[13/01/2013 - 16:31:12 | D ] D:\Dokumenty
[27/12/2012 - 13:17:03 | D ] D:\Foto
[18/10/2012 - 06:36:08 | D ] D:\games
[23/10/2012 - 21:16:55 | D ] D:\Hudba
[27/12/2012 - 13:31:26 | | 168922] D:\qlb.JPG
[13/01/2013 - 19:39:09 | SHD ] D:\RECYCLER
[13/01/2013 - 10:02:15 | D ] D:\soft
[27/12/2012 - 17:23:56 | SHD ] D:\System Volume Information
[27/12/2012 - 17:33:19 | ASH | 9728] D:\Thumbs.db
[11/10/2012 - 08:36:51 | D ] D:\tlac
[13/01/2013 - 16:31:12 | N | 19588] D:\treeinfo.wc
[27/10/2009 - 02:21:56 | | 4665376768] D:\W7_ULTIMATE_7600.16385.090713-1255_x86_x64_CZ_EN_SK.iso
[13/01/2013 - 12:04:18 | HD ] G:\RECYCLER
[13/01/2013 - 16:20:38 | D ] G:\EC
[13/01/2013 - 18:10:10 | D ] G:\ANDREJ
[13/01/2013 - 17:04:22 | HD ] H:\RECYCLER
[06/01/2012 - 18:59:42 | N | 1364746] I:\scan064.jpg
[06/01/2012 - 18:58:24 | N | 2065398] I:\scan063.jpg
[06/01/2012 - 18:56:42 | N | 1844122] I:\scan062.jpg
[07/01/2012 - 20:21:42 | N | 848856] I:\USBVaccineSetup.exe
[09/01/2012 - 18:25:06 | D ] I:\soft
[09/01/2012 - 20:50:54 | D ] I:\Total Commander 7.50 Final
[14/01/2012 - 22:17:16 | N | 125] I:\noautorun.reg
[15/01/2012 - 21:46:52 | D ] I:\Acronis True Image Home 2011 14.0.0 Build 6597 BootCD
[18/01/2012 - 21:33:56 | N | 1478545] I:\img002.jpg
[18/01/2012 - 21:28:46 | N | 1588947] I:\img001.jpg
[25/01/2012 - 23:33:16 | D ] I:\filmy
[05/02/2012 - 00:08:00 | N | 973040] I:\svetovlada.pdf
[10/02/2012 - 16:47:44 | N | 199970] I:\img003.jpg
[25/03/2012 - 20:44:28 | N | 14848] I:\lpg.xls
[18/07/2012 - 02:03:38 | N | 3522048] I:\ClassicShellSetup_1_9_2TOTOOO.exe
[01/06/2012 - 17:38:58 | N | 2484559] I:\img073.jpg
[01/06/2012 - 17:36:30 | N | 2562274] I:\img072.jpg
[19/06/2012 - 07:42:46 | N | 418852] I:\img082.jpg
[26/07/2012 - 21:23:00 | D ] I:\eee
[28/07/2012 - 17:33:08 | N | 3108843] I:\img074.jpg
[19/10/2012 - 00:05:08 | D ] I:\driver hp610
[21/10/2012 - 18:43:30 | H | 14405] I:\autorun.inf
[26/10/2012 - 21:50:10 | N | 4034334] I:\EpocCam_Pro_v1.05_by_yotambientengounnokian8.rar
[26/10/2012 - 22:07:28 | D ] I:\LOL
[19/10/2012 - 08:48:34 | N | 206848] I:\DUROVE 2012.xls
[28/10/2012 - 23:11:16 | HD ] I:\RECYCLER
[12/11/2012 - 15:02:54 | N | 5000730] I:\ComboFix.exe
[13/01/2013 - 19:35:20 | N | 1362] I:\BOOTEX.LOG

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

Naughty asi to pomohlo, kým si odpísal tak som reštartol a zatial všetko OK,... je prázdny,... super... A ĎAKUJEM strašne silno

Ty počuj, myslíš si že keď v robote zasuniem tieto USB do infikovaného PC ktorý bude mať povolený autorun, tak odolajú infekcii ?? Máš s tým skúsenosť ?