Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[bleep] of an infection

Started by Lio_ , Feb 09 2010 02:54 AM

  • Please log in to reply

#1
Lio_
Posted 09 February 2010 - 02:54 AM

Lio_

    New Member

  • Member
  • Pip
  • 3 posts
Hello!

I work at a print shop and recently I've noticed the PC's are running slow. I've checked your website and tried to perfom as many of the things found in the guide. I've couldn't post the GMER log, after 10 minutes of scanning with GMER I've had blue screens, black screens,... so after 10 times or so I gave up.

Problems are:

1. EXTREMELY slow PC, the mouse isn't even 'fluid' some times.
2. RECYCLE and AUTORUN.INF on every removable data after plugging it in to this PC
3. Some clients complained about Malware after visiting the shop with their removable data.
4. SLATKO!! I've read and read about this, and I just can remove it! Does Norton 360 even work? or do anything?
5. I've found keyloggers etc.

We have 3pc's in the shop, 2 with norton 360 and one with avast. This one is our newest PC with norton 360 on it. I'll post the other 2 pc's this week.

Also, since most of our clients come in with removable data, is their anything their what could block everything from those USB memories?

This PC (aswell as the others) is connected to the internet and to the other PC's in the network.
I hope you can help me!

I run MBAM once a week approx. weird thing is on one of the other PC's he recognizes DEFCON17 as a keylogger, but on this one, he doesn't

MBAM LOG (SORRY DUTCH)

Malwarebytes' Anti-Malware 1.44
Database versie: 3559
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/02/2010 8:41:50
mbam-log-2010-02-09 (08-41-50).txt

Scan type: Snelle Scan
Objecten gescand: 110616
Verstreken tijd: 8 minute(s), 41 second(s)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)

Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)

Clean i guess

I tried several times to launch GMER and perfom a scan, It showed me blue screens, black screens so I couldn't post any log of that

OTL LOG

OTL logfile created on: 9/02/2010 9:30:26 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Admin\Bureaublad\TOOLS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,68 Gb Total Space | 423,46 Gb Free Space | 90,93% Space Free | Partition Type: NTFS
Drive D: | 465,65 Gb Total Space | 456,05 Gb Free Space | 97,94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEWDELL
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/08 15:49:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureaublad\TOOLS\OTL.exe
PRC - [2009/11/18 22:56:50 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2009/09/21 15:36:12 | 000,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/08/22 09:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/08/19 08:55:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 08:55:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/07/01 22:12:46 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/04/21 08:41:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/24 08:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/10/14 20:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/09/12 21:08:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/05/26 21:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/15 13:00:00 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/11 20:43:26 | 004,337,664 | ---- | M] (Electronics for Imaging, Inc. ) -- C:\Program Files\Fiery\Command WorkStation 4\cws 4.exe
PRC - [2008/02/04 14:05:06 | 000,114,688 | ---- | M] (Electronics For Imaging) -- C:\Program Files\Fiery\Fiery Bridge\x86\MailboxSyncService.exe
PRC - [2007/08/09 13:58:34 | 001,757,696 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2007/08/01 13:52:42 | 001,036,288 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/04/25 10:37:44 | 000,043,008 | ---- | M] (Electronics for Imaging, Inc.) -- c:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Server.exe
PRC - [2007/04/25 10:37:44 | 000,009,216 | ---- | M] (Electronics for Imaging, Inc.) -- c:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe
PRC - [2007/03/14 02:43:44 | 000,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2007/03/14 02:43:42 | 000,272,024 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
PRC - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005/10/03 11:04:04 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/02/08 15:49:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureaublad\TOOLS\OTL.exe
MOD - [2009/08/22 09:14:06 | 000,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\asOEHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Planner voor Automatische LiveUpdate)
SRV - [2009/11/18 22:56:50 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2009/09/21 15:36:02 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/03 01:09:42 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/22 09:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/21 08:41:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/11 13:17:46 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/04/11 13:17:44 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/04/11 13:17:26 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/09/12 21:08:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/02/04 14:05:06 | 000,114,688 | ---- | M] (Electronics For Imaging) [Auto | Running] -- C:\Program Files\Fiery\Fiery Bridge\x86\MailboxSyncService.exe -- (Fiery Bridge Mailbox Synchronization)
SRV - [2007/12/06 22:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 22:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/08/09 13:58:34 | 001,757,696 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2007/04/25 10:37:44 | 000,009,216 | ---- | M] (Electronics for Imaging, Inc.) [Auto | Running] -- c:\Program Files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe -- (EFI ES1000)
SRV - [2007/02/10 05:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 05:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2007/02/10 05:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/10/26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/10/14 02:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/10/03 11:04:04 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.be/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/26 14:51:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/27 08:33:12 | 000,000,000 | ---D | M]

[2010/01/26 14:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2010/01/27 10:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\tkwgkvui.default\extensions
[2010/02/09 08:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/16 01:56:55 | 000,001,892 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bolcom-nl.xml
[2010/01/16 01:56:55 | 000,004,558 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\marktplaats-nl.xml
[2010/01/16 01:56:55 | 000,001,111 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\vandale-nl.xml
[2010/01/16 01:56:55 | 000,001,049 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-nl.xml
[2010/01/16 01:56:55 | 000,000,802 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-nl.xml

O1 HOSTS File: ([2008/04/15 13:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Yahoo Messenger] File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\Admin\Menu Start\Programma's\Opstarten\OpenOffice.org 3.1 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Command WorkStation 4.lnk = C:\Program Files\Fiery\Command WorkStation 4\cws 4.exe (Electronics for Imaging, Inc. )
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: Converteren naar Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Toevoegen aan bestaand PDF-bestand - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.goo...4/uploader2.cab (UploadListView Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O27 - HKLM IFEO\drwtsn32.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg (Microsoft Corporation)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/20 17:00:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/14 14:10:48 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/01/20 12:52:46 | 000,000,000 | RHS- | M] () - D:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{03156b69-be0d-11de-b4dc-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{03156b69-be0d-11de-b4dc-002219286de2}\Shell\open\Command - "" = rundll32.exe .\kidfr.dll,AddAtomT
O33 - MountPoints2\{03156b6c-be0d-11de-b4dc-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{03156b6c-be0d-11de-b4dc-002219286de2}\Shell\open\Command - "" = rundll32.exe .\hndtcfg.dll,AddAtomT
O33 - MountPoints2\{03156b6d-be0d-11de-b4dc-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{03156b6d-be0d-11de-b4dc-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{03156b6e-be0d-11de-b4dc-002219286de2}\Shell\AutoRun\command - "" = K:\rcpmcjio.exe -- File not found
O33 - MountPoints2\{03156b6e-be0d-11de-b4dc-002219286de2}\Shell\explore\Command - "" = K:\rcpmcjio.exe -- File not found
O33 - MountPoints2\{03156b6e-be0d-11de-b4dc-002219286de2}\Shell\open\Command - "" = K:\rcpmcjio.exe -- File not found
O33 - MountPoints2\{04bcf2df-e94e-11de-b521-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{04bcf2df-e94e-11de-b521-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{04bcf2e0-e94e-11de-b521-002219286de2}\Shell\AutoRun\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{04bcf2e0-e94e-11de-b521-002219286de2}\Shell\explore\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{04bcf2e0-e94e-11de-b521-002219286de2}\Shell\open\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{05099b77-ddb3-11de-b50d-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{05099b77-ddb3-11de-b50d-002219286de2}\Shell\open\Command - "" = rundll32.exe .\atbace.dll,AddAtomT
O33 - MountPoints2\{05099b79-ddb3-11de-b50d-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{05099b79-ddb3-11de-b50d-002219286de2}\Shell\open\Command - "" = rundll32.exe .\conomsp.dll,AddAtomT
O33 - MountPoints2\{05099b7a-ddb3-11de-b50d-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{05099b7a-ddb3-11de-b50d-002219286de2}\Shell\open\Command - "" = rundll32.exe .\rr50_qc.dll,AddAtomT
O33 - MountPoints2\{069ce7e4-b954-11de-b4d5-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{069ce7e4-b954-11de-b4d5-002219286de2}\Shell\open\Command - "" = rundll32.exe .\urt.dll,AddAtomT
O33 - MountPoints2\{075b6b9a-d5eb-11de-b500-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{075b6b9a-d5eb-11de-b500-002219286de2}\Shell\open\Command - "" = rundll32.exe .\isusd.dll,AddAtomT
O33 - MountPoints2\{0860e0c7-0017-11df-b53d-002219286de2}\Shell\AutoRun\command - "" = 8xcrbho6.exe
O33 - MountPoints2\{0860e0c7-0017-11df-b53d-002219286de2}\Shell\open\Command - "" = 8xcrbho6.exe
O33 - MountPoints2\{0860e0ce-0017-11df-b53d-002219286de2}\Shell\AutoRun\command - "" = 8xcrbho6.exe
O33 - MountPoints2\{0860e0ce-0017-11df-b53d-002219286de2}\Shell\open\Command - "" = 8xcrbho6.exe
O33 - MountPoints2\{0a73ab02-e629-11de-b51d-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab02-e629-11de-b51d-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab02-e629-11de-b51d-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab03-e629-11de-b51d-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab03-e629-11de-b51d-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab03-e629-11de-b51d-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab05-e629-11de-b51d-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab05-e629-11de-b51d-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab05-e629-11de-b51d-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab07-e629-11de-b51d-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab07-e629-11de-b51d-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab07-e629-11de-b51d-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{0a73ab09-e629-11de-b51d-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{0a73ab09-e629-11de-b51d-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0b3a4f38-87d8-11de-b487-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{0b3a4f38-87d8-11de-b487-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0bc1b9bd-9855-11de-b49c-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{0bc1b9bd-9855-11de-b49c-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{0d1c808d-4509-11de-b438-002219286de2}\Shell\AutoRun\command - "" = D:\EmDesk.exe -- File not found
O33 - MountPoints2\{0d1c808d-4509-11de-b438-002219286de2}\Shell\EmDesk\command - "" = D:\EmDesk.exe -- File not found
O33 - MountPoints2\{11dd368e-0731-11df-b558-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{11dd369b-0731-11df-b558-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{11dd369b-0731-11df-b558-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{12139b54-d035-11de-b4f7-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{12139b54-d035-11de-b4f7-002219286de2}\Shell\open\Command - "" = rundll32.exe .\ippaomon.dll,AddAtomT
O33 - MountPoints2\{12139b62-d035-11de-b4f7-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{12139b62-d035-11de-b4f7-002219286de2}\Shell\open\Command - "" = rundll32.exe .\msxml3y.dll,AddAtomT
O33 - MountPoints2\{1276aac4-c530-11de-b4e7-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{1276aac4-c530-11de-b4e7-002219286de2}\Shell\open\Command - "" = rundll32.exe .\iysv_32.dll,AddAtomT
O33 - MountPoints2\{1276aac6-c530-11de-b4e7-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{1276aac6-c530-11de-b4e7-002219286de2}\Shell\open\Command - "" = rundll32.exe .\dpva2.dll,AddAtomT
O33 - MountPoints2\{1276aac9-c530-11de-b4e7-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{1276aac9-c530-11de-b4e7-002219286de2}\Shell\open\Command - "" = rundll32.exe .\sqluhirl.dll,AddAtomT
O33 - MountPoints2\{1276aaca-c530-11de-b4e7-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{1276aaca-c530-11de-b4e7-002219286de2}\Shell\open\Command - "" = rundll32.exe .\btwapo.dll,AddAtomT
O33 - MountPoints2\{1276aad0-c530-11de-b4e7-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{1276aad0-c530-11de-b4e7-002219286de2}\Shell\open\Command - "" = rundll32.exe .\dxdiagq.dll,AddAtomT
O33 - MountPoints2\{1276aad1-c530-11de-b4e7-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{1276aad1-c530-11de-b4e7-002219286de2}\Shell\open\Command - "" = rundll32.exe .\w3ssk.dll,AddAtomT
O33 - MountPoints2\{1276aad2-c530-11de-b4e7-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{1276aad2-c530-11de-b4e7-002219286de2}\Shell\open\Command - "" = rundll32.exe .\logyours.dll,AddAtomT
O33 - MountPoints2\{13094c1b-cd0d-11de-b4f3-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{13094c1b-cd0d-11de-b4f3-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mspytcha.dll,AddAtomT
O33 - MountPoints2\{13094c1c-cd0d-11de-b4f3-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{13094c1c-cd0d-11de-b4f3-002219286de2}\Shell\open\Command - "" = rundll32.exe .\msrdwx35.dll,AddAtomT
O33 - MountPoints2\{13094c1d-cd0d-11de-b4f3-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{13094c1d-cd0d-11de-b4f3-002219286de2}\Shell\open\Command - "" = rundll32.exe .\eb.dll,AddAtomT
O33 - MountPoints2\{13094c1e-cd0d-11de-b4f3-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{13094c1e-cd0d-11de-b4f3-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mcscp.dll,AddAtomT
O33 - MountPoints2\{13094c1f-cd0d-11de-b4f3-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{13094c1f-cd0d-11de-b4f3-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mfc7i.dll,AddAtomT
O33 - MountPoints2\{13094c20-cd0d-11de-b4f3-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{13094c20-cd0d-11de-b4f3-002219286de2}\Shell\open\Command - "" = rundll32.exe .\vscpxl32.dll,AddAtomT
O33 - MountPoints2\{13094c21-cd0d-11de-b4f3-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{13094c21-cd0d-11de-b4f3-002219286de2}\Shell\open\Command - "" = rundll32.exe .\licwwi.dll,AddAtomT
O33 - MountPoints2\{13094c22-cd0d-11de-b4f3-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{13094c22-cd0d-11de-b4f3-002219286de2}\Shell\open\Command - "" = rundll32.exe .\rusman.dll,AddAtomT
O33 - MountPoints2\{1568860c-3f87-11de-b42d-002219286de2}\Shell\AutoRun\command - "" = D:\lc.exe -- File not found
O33 - MountPoints2\{1568860c-3f87-11de-b42d-002219286de2}\Shell\open\Command - "" = D:\lc.exe -- File not found
O33 - MountPoints2\{15e1c370-50d8-11de-b449-002219286de2}\Shell\AutoRun\command - "" = lc.exe
O33 - MountPoints2\{15e1c370-50d8-11de-b449-002219286de2}\Shell\open\Command - "" = lc.exe
O33 - MountPoints2\{15e1c375-50d8-11de-b449-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{15e1c375-50d8-11de-b449-002219286de2}\Shell\open\Command - "" = rundll32.exe .\gcredir.dll,AddAtomT
O33 - MountPoints2\{15e1c376-50d8-11de-b449-002219286de2}\Shell\AutoRun\command - "" = KLIZAVI/sapun.exe
O33 - MountPoints2\{15e1c376-50d8-11de-b449-002219286de2}\Shell\explore\command - "" = KLIZAVI/sapun.exe
O33 - MountPoints2\{15e1c376-50d8-11de-b449-002219286de2}\Shell\open\command - "" = KLIZAVI/sapun.exe
O33 - MountPoints2\{161942fe-6ae7-11de-b467-002219286de2}\Shell\AutoRun\command - "" = D:\LogMeInIgnition\LMIIgnition.exe -- File not found
O33 - MountPoints2\{1786fc4a-33be-11de-b41a-002219286de2}\Shell\Auto\command - "" = J:\bittorrent.exe -- File not found
O33 - MountPoints2\{1786fc4b-33be-11de-b41a-002219286de2}\Shell\Ouvrir\command - "" = log.exe
O33 - MountPoints2\{1786fc51-33be-11de-b41a-002219286de2}\Shell\AutoRun\command - "" = husyu8n.exe
O33 - MountPoints2\{1786fc51-33be-11de-b41a-002219286de2}\Shell\open\Command - "" = husyu8n.exe
O33 - MountPoints2\{1786fc52-33be-11de-b41a-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{1786fc52-33be-11de-b41a-002219286de2}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1786fc53-33be-11de-b41a-002219286de2}\Shell\AutoRun\command - "" = K:\husyu8n.exe -- File not found
O33 - MountPoints2\{1786fc53-33be-11de-b41a-002219286de2}\Shell\open\Command - "" = K:\husyu8n.exe -- File not found
O33 - MountPoints2\{1786fc54-33be-11de-b41a-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{1786fc54-33be-11de-b41a-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mpvapi.dll,AddAtomT
O33 - MountPoints2\{18799d68-8580-11de-b483-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{18799d68-8580-11de-b483-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{18799d7d-8580-11de-b483-002219286de2}\Shell\AutoRun\command - "" = E:\6ruaqx.exe -- File not found
O33 - MountPoints2\{18799d7d-8580-11de-b483-002219286de2}\Shell\open\Command - "" = E:\6ruaqx.exe -- File not found
O33 - MountPoints2\{1a450296-3e17-11de-b428-002219286de2}\Shell\AutoRun\command - "" = p1y2.cmd
O33 - MountPoints2\{1a450296-3e17-11de-b428-002219286de2}\Shell\explore\Command - "" = p1y2.cmd
O33 - MountPoints2\{1a450296-3e17-11de-b428-002219286de2}\Shell\open\Command - "" = p1y2.cmd
O33 - MountPoints2\{1a45029d-3e17-11de-b428-002219286de2}\Shell\AutoRun\command - "" = K:\husyu8n.exe -- File not found
O33 - MountPoints2\{1a45029d-3e17-11de-b428-002219286de2}\Shell\open\Command - "" = K:\husyu8n.exe -- File not found
O33 - MountPoints2\{1d47452a-3ee0-11de-b42b-002219286de2}\Shell\AutoRun\command - "" = rbj9jn1n.bat
O33 - MountPoints2\{1d47452a-3ee0-11de-b42b-002219286de2}\Shell\open\Command - "" = rbj9jn1n.bat
O33 - MountPoints2\{1d47452b-3ee0-11de-b42b-002219286de2}\Shell\AutoRun\command - "" = D:\husyu8n.exe -- File not found
O33 - MountPoints2\{1d47452b-3ee0-11de-b42b-002219286de2}\Shell\open\Command - "" = D:\husyu8n.exe -- File not found
O33 - MountPoints2\{1d68ef8f-ea47-11de-b524-002219286de2}\Shell\AutoRun\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{1d68ef8f-ea47-11de-b524-002219286de2}\Shell\explore\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{1d68ef8f-ea47-11de-b524-002219286de2}\Shell\open\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{1d68ef94-ea47-11de-b524-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{1d68ef94-ea47-11de-b524-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{1d68ef94-ea47-11de-b524-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{1d68ef9b-ea47-11de-b524-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{1d68ef9b-ea47-11de-b524-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{1d68ef9b-ea47-11de-b524-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{1d68ef9c-ea47-11de-b524-002219286de2}\Shell\AutoRun\command - "" = jedna/stvar.exe
O33 - MountPoints2\{1d68ef9c-ea47-11de-b524-002219286de2}\Shell\explore\command - "" = jedna/stvar.exe
O33 - MountPoints2\{1d68ef9c-ea47-11de-b524-002219286de2}\Shell\open\command - "" = jedna/stvar.exe
O33 - MountPoints2\{1d6bd03e-5cd1-11de-b457-002219286de2}\Shell\AutoRun\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{1d6bd03e-5cd1-11de-b457-002219286de2}\Shell\explore\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{1d6bd03e-5cd1-11de-b457-002219286de2}\Shell\open\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{1e7e5d49-8af9-11de-b48c-002219286de2}\Shell\AutoRun\command - "" = y8.exe
O33 - MountPoints2\{1e7e5d49-8af9-11de-b48c-002219286de2}\Shell\open\Command - "" = y8.exe
O33 - MountPoints2\{1e7e5d4a-8af9-11de-b48c-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{1e7e5d4a-8af9-11de-b48c-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{1e7e5d4e-8af9-11de-b48c-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{1e7e5d4e-8af9-11de-b48c-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{1e7e5d56-8af9-11de-b48c-002219286de2}\Shell\AutoRun\command - "" = K:\password_viewer.exe -- File not found
O33 - MountPoints2\{1e7e5d56-8af9-11de-b48c-002219286de2}\Shell\Explore\command - "" = K:\password_viewer.exe -- File not found
O33 - MountPoints2\{1e7e5d56-8af9-11de-b48c-002219286de2}\Shell\Open\command - "" = K:\password_viewer.exe -- File not found
O33 - MountPoints2\{1f4ca004-c2ef-11de-b4e4-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{1f4ca004-c2ef-11de-b4e4-002219286de2}\Shell\open\Command - "" = rundll32.exe .\msrd3p40.dll,AddAtomT
O33 - MountPoints2\{20185008-48f6-11de-b43b-002219286de2}\Shell\AutoRun\command - "" = D:\hkn6k.bat -- File not found
O33 - MountPoints2\{20185008-48f6-11de-b43b-002219286de2}\Shell\open\Command - "" = D:\hkn6k.bat -- File not found
O33 - MountPoints2\{2018500b-48f6-11de-b43b-002219286de2}\Shell\AutoRun\command - "" = D:\n68mqcra.exe -- File not found
O33 - MountPoints2\{2018500b-48f6-11de-b43b-002219286de2}\Shell\open\Command - "" = D:\n68mqcra.exe -- File not found
O33 - MountPoints2\{20744926-e979-11de-b522-002219286de2}\Shell\AutoRun\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{20744926-e979-11de-b522-002219286de2}\Shell\explore\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{20744926-e979-11de-b522-002219286de2}\Shell\open\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{21d77fde-6b89-11de-b469-002219286de2}\Shell\AutoRun\command - "" = sm.exe
O33 - MountPoints2\{21d77fde-6b89-11de-b469-002219286de2}\Shell\open\Command - "" = sm.exe
O33 - MountPoints2\{2272776d-d801-11de-b501-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{2272776d-d801-11de-b501-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{2272776d-d801-11de-b501-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{2272776e-d801-11de-b501-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{2272776e-d801-11de-b501-002219286de2}\Shell\open\Command - "" = rundll32.exe .\wmdomnet.dll,AddAtomT
O33 - MountPoints2\{22727775-d801-11de-b501-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{22727775-d801-11de-b501-002219286de2}\Shell\open\Command - "" = rundll32.exe .\satime.dll,AddAtomT
O33 - MountPoints2\{22727776-d801-11de-b501-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{22727776-d801-11de-b501-002219286de2}\Shell\open\Command - "" = rundll32.exe .\tapisjv.dll,AddAtomT
O33 - MountPoints2\{22727779-d801-11de-b501-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{22727779-d801-11de-b501-002219286de2}\Shell\open\Command - "" = rundll32.exe .\wuaeserv.dll,AddAtomT
O33 - MountPoints2\{2272777e-d801-11de-b501-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{2272777e-d801-11de-b501-002219286de2}\Shell\open\Command - "" = rundll32.exe .\fbdfo.dll,AddAtomT
O33 - MountPoints2\{23d69780-4a87-11de-b440-002219286de2}\Shell\AutoRun\command - "" = D:\husyu8n.exe -- File not found
O33 - MountPoints2\{23d69780-4a87-11de-b440-002219286de2}\Shell\open\Command - "" = D:\husyu8n.exe -- File not found
O33 - MountPoints2\{23d69784-4a87-11de-b440-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{23d69784-4a87-11de-b440-002219286de2}\Shell\open\Command - "" = rundll32.exe .\msvcr7o.dll,AddAtomT
O33 - MountPoints2\{23d69789-4a87-11de-b440-002219286de2}\Shell\AutoRun\command - "" = D:\icxpa.cmd -- File not found
O33 - MountPoints2\{23d69789-4a87-11de-b440-002219286de2}\Shell\open\Command - "" = D:\icxpa.cmd -- File not found
O33 - MountPoints2\{23d6978c-4a87-11de-b440-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{23d6978c-4a87-11de-b440-002219286de2}\Shell\open\Command - "" = rundll32.exe .\lprhewp.dll,AddAtomT
O33 - MountPoints2\{23d6978e-4a87-11de-b440-002219286de2}\Shell\AutoRun\command - "" = n68mqcra.exe
O33 - MountPoints2\{23d6978e-4a87-11de-b440-002219286de2}\Shell\open\Command - "" = n68mqcra.exe
O33 - MountPoints2\{24be722b-3fa2-11de-b42e-002219286de2}\Shell\AutoRun\command - "" = lc.exe
O33 - MountPoints2\{24be722b-3fa2-11de-b42e-002219286de2}\Shell\open\Command - "" = lc.exe
O33 - MountPoints2\{24be722d-3fa2-11de-b42e-002219286de2}\Shell\Ouvrir\command - "" = K:\log.exe -- File not found
O33 - MountPoints2\{265bd474-bee7-11de-b4de-002219286de2}\Shell\AutoRun\command - "" = D:\bycfht.exe -- File not found
O33 - MountPoints2\{265bd474-bee7-11de-b4de-002219286de2}\Shell\open\Command - "" = D:\bycfht.exe -- File not found
O33 - MountPoints2\{265bd476-bee7-11de-b4de-002219286de2}\Shell\AutoRun\command - "" = K:\nds0q.exe -- File not found
O33 - MountPoints2\{265bd476-bee7-11de-b4de-002219286de2}\Shell\open\Command - "" = K:\nds0q.exe -- File not found
O33 - MountPoints2\{270b816c-5b08-11de-b454-002219286de2}\Shell\AutoRun\command - "" = m9ma.exe
O33 - MountPoints2\{270b816c-5b08-11de-b454-002219286de2}\Shell\explore\Command - "" = m9ma.exe
O33 - MountPoints2\{270b816c-5b08-11de-b454-002219286de2}\Shell\open\Command - "" = m9ma.exe
O33 - MountPoints2\{270b8170-5b08-11de-b454-002219286de2}\Shell\AutoRun\command - "" = D:\n68mqcra.exe -- File not found
O33 - MountPoints2\{270b8170-5b08-11de-b454-002219286de2}\Shell\open\Command - "" = D:\n68mqcra.exe -- File not found
O33 - MountPoints2\{270b8171-5b08-11de-b454-002219286de2}\Shell\AutoRun\command - "" = D:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{270b8171-5b08-11de-b454-002219286de2}\Shell\explore\Command - "" = D:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{270b8171-5b08-11de-b454-002219286de2}\Shell\open\Command - "" = D:\EXPLORER.EXE -- File not found
O33 - MountPoints2\{27d15ca0-d282-11de-b4f9-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{27d15ca0-d282-11de-b4f9-002219286de2}\Shell\open\Command - "" = rundll32.exe .\luser.dll,AddAtomT
O33 - MountPoints2\{27d15ca6-d282-11de-b4f9-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{27d15ca6-d282-11de-b4f9-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{27d15cab-d282-11de-b4f9-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{27d15cab-d282-11de-b4f9-002219286de2}\Shell\open\Command - "" = rundll32.exe .\erntvpt.dll,AddAtomT
O33 - MountPoints2\{286933a3-acc0-11de-b4bd-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{286933a3-acc0-11de-b4bd-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{286933a4-acc0-11de-b4bd-002219286de2}\Shell\AutoRun\command - "" = E:\9d6tpg.exe -- File not found
O33 - MountPoints2\{286933a4-acc0-11de-b4bd-002219286de2}\Shell\open\Command - "" = E:\9d6tpg.exe -- File not found
O33 - MountPoints2\{286933aa-acc0-11de-b4bd-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{286933aa-acc0-11de-b4bd-002219286de2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{286933ab-acc0-11de-b4bd-002219286de2}\Shell\AutoRun\command - "" = L:\ucivd6xi.bat -- File not found
O33 - MountPoints2\{286933ab-acc0-11de-b4bd-002219286de2}\Shell\open\Command - "" = L:\ucivd6xi.bat -- File not found
O33 - MountPoints2\{2875f268-a91e-11de-b4b7-002219286de2}\Shell\AutoRun\command - "" = D:\w9uxx92.exe -- File not found
O33 - MountPoints2\{2875f268-a91e-11de-b4b7-002219286de2}\Shell\open\Command - "" = D:\w9uxx92.exe -- File not found
O33 - MountPoints2\{28767d4a-da94-11de-b508-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{28767d4a-da94-11de-b508-002219286de2}\Shell\open\Command - "" = rundll32.exe .\getuvame.dll,AddAtomT
O33 - MountPoints2\{29420490-d358-11de-b4fa-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{29420490-d358-11de-b4fa-002219286de2}\Shell\open\Command - "" = rundll32.exe .\kbdsnben.dll,AddAtomT
O33 - MountPoints2\{29420492-d358-11de-b4fa-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{29420492-d358-11de-b4fa-002219286de2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{29420497-d358-11de-b4fa-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{29420497-d358-11de-b4fa-002219286de2}\Shell\open\Command - "" = rundll32.exe .\rdrvinu.dll,AddAtomT
O33 - MountPoints2\{29420498-d358-11de-b4fa-002219286de2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2a5cac81-4444-11de-b436-002219286de2}\Shell - "" = Autorun
O33 - MountPoints2\{2a5cac81-4444-11de-b436-002219286de2}\Shell\open\command - "" = D:\unlock.exe -- File not found
O33 - MountPoints2\{2a5cac86-4444-11de-b436-002219286de2}\Shell\AutoRun\command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{2a5cac86-4444-11de-b436-002219286de2}\Shell\open\Command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{2b1ec57c-5652-11de-b44e-002219286de2}\Shell\AutoRun\command - "" = KLIZAVI/sapun.exe
O33 - MountPoints2\{2b1ec57c-5652-11de-b44e-002219286de2}\Shell\explore\command - "" = KLIZAVI/sapun.exe
O33 - MountPoints2\{2b1ec57c-5652-11de-b44e-002219286de2}\Shell\open\command - "" = KLIZAVI/sapun.exe
O33 - MountPoints2\{2b1ec583-5652-11de-b44e-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{2b1ec583-5652-11de-b44e-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{2b1ec588-5652-11de-b44e-002219286de2}\Shell\Ouvrir\command - "" = log.exe
O33 - MountPoints2\{2e0346cb-9879-11de-b49d-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{2e0346cb-9879-11de-b49d-002219286de2}\Shell\open\Command - "" = rundll32.exe .\nvcok.dll,AddAtomT
O33 - MountPoints2\{2eef7db3-4c1b-11de-b443-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{2eef7db3-4c1b-11de-b443-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2eef7db6-4c1b-11de-b443-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{2eef7db6-4c1b-11de-b443-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{2eef7dc0-4c1b-11de-b443-002219286de2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2eef7dc2-4c1b-11de-b443-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{2eef7dc2-4c1b-11de-b443-002219286de2}\Shell\open\Command - "" = rundll32.exe .\xtorprdp.dll,AddAtomT
O33 - MountPoints2\{301cb163-3986-11de-b422-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{301cb163-3986-11de-b422-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{301cb164-3986-11de-b422-002219286de2}\Shell\AutoRun\command - "" = M:\mbvd.exe -- File not found
O33 - MountPoints2\{301cb164-3986-11de-b422-002219286de2}\Shell\open\Command - "" = M:\mbvd.exe -- File not found
O33 - MountPoints2\{301cb167-3986-11de-b422-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{301cb167-3986-11de-b422-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{3075b6cb-8005-11de-b47d-002219286de2}\Shell\AutoRun\command - "" = ukfbi3aw.exe
O33 - MountPoints2\{3075b6cb-8005-11de-b47d-002219286de2}\Shell\open\Command - "" = ukfbi3aw.exe
O33 - MountPoints2\{32d47507-7d9f-11de-b47b-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{32d47507-7d9f-11de-b47b-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{32d47507-7d9f-11de-b47b-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{32d47509-7d9f-11de-b47b-002219286de2}\Shell\AutoRun\command - "" = D:\mb9x.exe -- File not found
O33 - MountPoints2\{32d47509-7d9f-11de-b47b-002219286de2}\Shell\open\Command - "" = D:\mb9x.exe -- File not found
O33 - MountPoints2\{3501c633-53f6-11de-b44b-002219286de2}\Shell\AutoRun\command - "" = K:\setupSNK.exe -- File not found
O33 - MountPoints2\{3501c636-53f6-11de-b44b-002219286de2}\Shell\AuTopLay\cOmmAnd - "" = D:\jwaa.pif -- File not found
O33 - MountPoints2\{3501c636-53f6-11de-b44b-002219286de2}\Shell\AutoRun\command - "" = D:\jwaa.pif -- File not found
O33 - MountPoints2\{3501c636-53f6-11de-b44b-002219286de2}\Shell\explore\CommanD - "" = D:\jwaa.pif -- File not found
O33 - MountPoints2\{3501c636-53f6-11de-b44b-002219286de2}\Shell\open\CoMMand - "" = D:\jwaa.pif -- File not found
O33 - MountPoints2\{3501c63a-53f6-11de-b44b-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{3501c63a-53f6-11de-b44b-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{357c1fac-f06b-11de-b52b-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{357c1fac-f06b-11de-b52b-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{357c1fac-f06b-11de-b52b-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{357c1fad-f06b-11de-b52b-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{357c1fad-f06b-11de-b52b-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{357c1fae-f06b-11de-b52b-002219286de2}\Shell\AutoRun\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{357c1fae-f06b-11de-b52b-002219286de2}\Shell\explore\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{357c1fae-f06b-11de-b52b-002219286de2}\Shell\open\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c1810c-f906-11de-b531-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{35c1810c-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{35c1810d-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c1810d-f906-11de-b531-002219286de2}\Shell\explore\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c1810d-f906-11de-b531-002219286de2}\Shell\open\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c1810e-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c1810e-f906-11de-b531-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c1810e-f906-11de-b531-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c1810f-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c1810f-f906-11de-b531-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c1810f-f906-11de-b531-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18110-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18110-f906-11de-b531-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18110-f906-11de-b531-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18112-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18112-f906-11de-b531-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18112-f906-11de-b531-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18113-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18113-f906-11de-b531-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18113-f906-11de-b531-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18115-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18115-f906-11de-b531-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18115-f906-11de-b531-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18116-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18116-f906-11de-b531-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18116-f906-11de-b531-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18119-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18119-f906-11de-b531-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18119-f906-11de-b531-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c1811d-f906-11de-b531-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{35c1811d-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{35c1811f-f906-11de-b531-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{35c1811f-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{35c18121-f906-11de-b531-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18121-f906-11de-b531-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{35c18121-f906-11de-b531-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{3601dc2d-9d42-11de-b4a5-002219286de2}\Shell\AutoRun\command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{3601dc2d-9d42-11de-b4a5-002219286de2}\Shell\open\Command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{36262487-df16-11de-b510-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{36262487-df16-11de-b510-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{36262487-df16-11de-b510-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{36262489-df16-11de-b510-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{36262489-df16-11de-b510-002219286de2}\Shell\open\Command - "" = rundll32.exe .\dbdusl.dll,AddAtomT
O33 - MountPoints2\{385a01cd-b7c1-11de-b4cf-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{385a01cd-b7c1-11de-b4cf-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{385a01cd-b7c1-11de-b4cf-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{38b80f89-88ad-11de-b48a-002219286de2}\Shell - "" = Autorun
O33 - MountPoints2\{38b80f89-88ad-11de-b48a-002219286de2}\Shell\open\command - "" = D:\unlock.exe -- File not found
O33 - MountPoints2\{38b80f8b-88ad-11de-b48a-002219286de2}\Shell\AutoRun\command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{38b80f8b-88ad-11de-b48a-002219286de2}\Shell\open\Command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{3b892ba3-6153-11de-b45c-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{3b892ba3-6153-11de-b45c-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3b980992-9c87-11de-b4a3-002219286de2}\Shell\AutoRun\command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{3b980992-9c87-11de-b4a3-002219286de2}\Shell\open\Command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{3d54cfce-0406-11df-b545-002219286de2}\Shell\AutoRun\command - "" = E:\nano\bananna.exe -- File not found
O33 - MountPoints2\{3d54cfce-0406-11df-b545-002219286de2}\Shell\explore\command - "" = E:\nano\bananna.exe -- File not found
O33 - MountPoints2\{3d54cfce-0406-11df-b545-002219286de2}\Shell\open\command - "" = E:\nano\bananna.exe -- File not found
O33 - MountPoints2\{3d54cfd0-0406-11df-b545-002219286de2}\Shell\AutoRun\command - "" = e9naq.exe
O33 - MountPoints2\{3d54cfd0-0406-11df-b545-002219286de2}\Shell\open\Command - "" = e9naq.exe
O33 - MountPoints2\{3d54cfe1-0406-11df-b545-002219286de2}\Shell\AutoRun\command - "" = E:\mbvd.exe -- File not found
O33 - MountPoints2\{3d54cfe1-0406-11df-b545-002219286de2}\Shell\open\Command - "" = E:\mbvd.exe -- File not found
O33 - MountPoints2\{3d54cfe2-0406-11df-b545-002219286de2}\Shell\AutoRun\command - "" = E:\9xf8.exe -- File not found
O33 - MountPoints2\{3d54cfe2-0406-11df-b545-002219286de2}\Shell\open\Command - "" = E:\9xf8.exe -- File not found
O33 - MountPoints2\{3d86d96b-bd54-11de-b4db-002219286de2}\Shell\AutoRun\command - "" = K:\DOBRERIBE\ziza.exe -- File not found
O33 - MountPoints2\{3d86d96b-bd54-11de-b4db-002219286de2}\Shell\explore\command - "" = K:\DOBRERIBE\ziza.exe -- File not found
O33 - MountPoints2\{3d86d96b-bd54-11de-b4db-002219286de2}\Shell\open\command - "" = K:\DOBRERIBE\ziza.exe -- File not found
O33 - MountPoints2\{3eb7625c-9210-11de-b495-002219286de2}\Shell\AutoRun\command - "" = D:\aphqg.exe -- File not found
O33 - MountPoints2\{3eb7625c-9210-11de-b495-002219286de2}\Shell\open\Command - "" = D:\aphqg.exe -- File not found
O33 - MountPoints2\{3eb7625f-9210-11de-b495-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{3eb7625f-9210-11de-b495-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{3ed7630a-7b52-11de-b478-002219286de2}\Shell\AutoRun\command - "" = D:\rqq2v.bat -- File not found
O33 - MountPoints2\{3ed7630a-7b52-11de-b478-002219286de2}\Shell\explore\Command - "" = D:\rqq2v.bat -- File not found
O33 - MountPoints2\{3ed7630a-7b52-11de-b478-002219286de2}\Shell\open\Command - "" = D:\rqq2v.bat -- File not found
O33 - MountPoints2\{3f89305c-c7cb-11de-b4e9-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{3f89305c-c7cb-11de-b4e9-002219286de2}\Shell\open\Command - "" = rundll32.exe .\senialui.dll,AddAtomT
O33 - MountPoints2\{40747aae-a99e-11de-b4b8-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{40747aae-a99e-11de-b4b8-002219286de2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{40747aaf-a99e-11de-b4b8-002219286de2}\Shell\AutoRun\command - "" = L:\w9uxx92.exe -- File not found
O33 - MountPoints2\{40747aaf-a99e-11de-b4b8-002219286de2}\Shell\open\Command - "" = L:\w9uxx92.exe -- File not found
O33 - MountPoints2\{411403f2-e0a5-11de-b514-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{411403f2-e0a5-11de-b514-002219286de2}\Shell\open\Command - "" = rundll32.exe .\rocss.dll,AddAtomT
O33 - MountPoints2\{411403f9-e0a5-11de-b514-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{411403f9-e0a5-11de-b514-002219286de2}\Shell\open\Command - "" = rundll32.exe .\fmims.dll,AddAtomT
O33 - MountPoints2\{411403fa-e0a5-11de-b514-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{411403fa-e0a5-11de-b514-002219286de2}\Shell\open\Command - "" = rundll32.exe .\ehppcfg.dll,AddAtomT
O33 - MountPoints2\{411403fc-e0a5-11de-b514-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{411403fc-e0a5-11de-b514-002219286de2}\Shell\open\Command - "" = rundll32.exe .\dfsshleq.dll,AddAtomT
O33 - MountPoints2\{411bb912-e0e9-11de-b515-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{411bb912-e0e9-11de-b515-002219286de2}\Shell\open\Command - "" = rundll32.exe .\ayicap.dll,AddAtomT
O33 - MountPoints2\{4121059a-49f8-11de-b43f-002219286de2}\Shell\AutoRun\command - "" = n68mqcra.exe
O33 - MountPoints2\{4121059a-49f8-11de-b43f-002219286de2}\Shell\open\Command - "" = n68mqcra.exe
O33 - MountPoints2\{42331a05-d999-11de-b505-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{42331a05-d999-11de-b505-002219286de2}\Shell\open\Command - "" = rundll32.exe .\pxxas.dll,AddAtomT
O33 - MountPoints2\{42331a0a-d999-11de-b505-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{42331a0a-d999-11de-b505-002219286de2}\Shell\open\Command - "" = rundll32.exe .\hasp_instlhelp1.dll,AddAtomT
O33 - MountPoints2\{42418718-6fab-11de-b46f-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{42418718-6fab-11de-b46f-002219286de2}\Shell\open\Command - "" = rundll32.exe .\tibasc64.dll,AddAtomT
O33 - MountPoints2\{45a0bca5-96e6-11de-b49b-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{45a0bca5-96e6-11de-b49b-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{45a0bca5-96e6-11de-b49b-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{45a0bca7-96e6-11de-b49b-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{45a0bca7-96e6-11de-b49b-002219286de2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{45a0bcb6-96e6-11de-b49b-002219286de2}\Shell\AutoRun\command - "" = D:\8dtyjjf.exe -- File not found
O33 - MountPoints2\{45a0bcb6-96e6-11de-b49b-002219286de2}\Shell\open\Command - "" = D:\8dtyjjf.exe -- File not found
O33 - MountPoints2\{45a7c40a-907f-11de-b492-002219286de2}\Shell\AutoRun\command - "" = sm.exe
O33 - MountPoints2\{45a7c40a-907f-11de-b492-002219286de2}\Shell\open\Command - "" = sm.exe
O33 - MountPoints2\{45a7c40e-907f-11de-b492-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{45a7c40e-907f-11de-b492-002219286de2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{45a7c412-907f-11de-b492-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{45a7c412-907f-11de-b492-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{47348a71-c917-11de-b4ee-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{47348a71-c917-11de-b4ee-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{47348a72-c917-11de-b4ee-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{47348a72-c917-11de-b4ee-002219286de2}\Shell\open\Command - "" = rundll32.exe .\rxr20.dll,AddAtomT
O33 - MountPoints2\{47348a73-c917-11de-b4ee-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{47348a73-c917-11de-b4ee-002219286de2}\Shell\open\Command - "" = rundll32.exe .\pxdov.dll,AddAtomT
O33 - MountPoints2\{47348a77-c917-11de-b4ee-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{47348a79-c917-11de-b4ee-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{47348a79-c917-11de-b4ee-002219286de2}\Shell\open\Command - "" = rundll32.exe .\dicprop2.dll,AddAtomT
O33 - MountPoints2\{47348a7b-c917-11de-b4ee-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{47348a7b-c917-11de-b4ee-002219286de2}\Shell\open\Command - "" = rundll32.exe .\dwsec.dll,AddAtomT
O33 - MountPoints2\{47348a7d-c917-11de-b4ee-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{47348a7d-c917-11de-b4ee-002219286de2}\Shell\open\Command - "" = rundll32.exe .\scejrv.dll,AddAtomT
O33 - MountPoints2\{4737da9d-a67f-11de-b4b3-002219286de2}\Shell\verb1\command - "" = D:\desktop.exe -- File not found
O33 - MountPoints2\{48e6d92f-ff4f-11de-b53c-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{48e6d92f-ff4f-11de-b53c-002219286de2}\Shell\AutoRun\command - "" = E:\start.exe -- File not found
O33 - MountPoints2\{48e6d930-ff4f-11de-b53c-002219286de2}\Shell\AutoRun\command - "" = K:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{48e6d930-ff4f-11de-b53c-002219286de2}\Shell\open\Command - "" = K:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{48e6d932-ff4f-11de-b53c-002219286de2}\Shell\AutoRun\command - "" = E:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{48e6d932-ff4f-11de-b53c-002219286de2}\Shell\open\Command - "" = E:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{48e6d935-ff4f-11de-b53c-002219286de2}\Shell\AutoRun\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{48e6d935-ff4f-11de-b53c-002219286de2}\Shell\explore\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{48e6d935-ff4f-11de-b53c-002219286de2}\Shell\open\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{48e6d936-ff4f-11de-b53c-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{48e6d936-ff4f-11de-b53c-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{48e6d938-ff4f-11de-b53c-002219286de2}\Shell\AutoRun\command - "" = E:\pozuda\malena.exe -- File not found
O33 - MountPoints2\{48e6d938-ff4f-11de-b53c-002219286de2}\Shell\explore\command - "" = E:\pozuda\malena.exe -- File not found
O33 - MountPoints2\{48e6d938-ff4f-11de-b53c-002219286de2}\Shell\open\command - "" = E:\pozuda\malena.exe -- File not found
O33 - MountPoints2\{48e6d939-ff4f-11de-b53c-002219286de2}\Shell\AutoRun\command - "" = E:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{48e6d939-ff4f-11de-b53c-002219286de2}\Shell\open\Command - "" = E:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{4c49b20f-3df4-11de-b427-002219286de2}\Shell\Ouvrir\command - "" = log.exe
O33 - MountPoints2\{4c49b217-3df4-11de-b427-002219286de2}\Shell\AutoRun\command - "" = lcw.exe
O33 - MountPoints2\{4c49b217-3df4-11de-b427-002219286de2}\Shell\open\Command - "" = lcw.exe
O33 - MountPoints2\{4d3ad793-96c1-11de-b49a-002219286de2}\Shell\AutoRun\command - "" = L:\
O33 - MountPoints2\{4d3ad793-96c1-11de-b49a-002219286de2}\Shell\open\Command - "" = rundll32.exe .\prfxbmsg.dll,AddAtomT
O33 - MountPoints2\{4da77bbc-f51b-11de-b52e-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{4da77bbc-f51b-11de-b52e-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{4da77bbc-f51b-11de-b52e-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{4da77bbd-f51b-11de-b52e-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{4da77bbd-f51b-11de-b52e-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{4da77bbd-f51b-11de-b52e-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{4da77bc4-f51b-11de-b52e-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{4da77bc4-f51b-11de-b52e-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{4da77bc4-f51b-11de-b52e-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{5013823a-caa6-11de-b4f1-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{5013823a-caa6-11de-b4f1-002219286de2}\Shell\open\Command - "" = rundll32.exe .\niskcopy.dll,AddAtomT
O33 - MountPoints2\{50138240-caa6-11de-b4f1-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{50138240-caa6-11de-b4f1-002219286de2}\Shell\open\Command - "" = rundll32.exe .\lhcalui.dll,AddAtomT
O33 - MountPoints2\{51640551-7c0b-11de-b479-002219286de2}\Shell\AutoRun\command - "" = D:\mb9x.exe -- File not found
O33 - MountPoints2\{51640551-7c0b-11de-b479-002219286de2}\Shell\open\Command - "" = D:\mb9x.exe -- File not found
O33 - MountPoints2\{52578c1f-b70a-11de-b4ce-002219286de2}\Shell\AutoRun\command - "" = D:\winlogonss\winlogons\MS.exe -- File not found
O33 - MountPoints2\{52578c1f-b70a-11de-b4ce-002219286de2}\Shell\open\command - "" = D:\winlogonss\winlogons\MS.exe -- File not found
O33 - MountPoints2\{52578c23-b70a-11de-b4ce-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{52578c23-b70a-11de-b4ce-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{52578c23-b70a-11de-b4ce-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{52578c3a-b70a-11de-b4ce-002219286de2}\Shell\AutoRun\command - "" = s3ek.exe
O33 - MountPoints2\{52578c3a-b70a-11de-b4ce-002219286de2}\Shell\open\Command - "" = s3ek.exe
O33 - MountPoints2\{52f756e1-e30b-11de-b516-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{52f756e1-e30b-11de-b516-002219286de2}\Shell\open\Command - "" = rundll32.exe .\msdayt.dll,AddAtomT
O33 - MountPoints2\{52f756e4-e30b-11de-b516-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{52f756e4-e30b-11de-b516-002219286de2}\Shell\open\Command - "" = rundll32.exe .\jsprogy.dll,AddAtomT
O33 - MountPoints2\{52f756e5-e30b-11de-b516-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{52f756e5-e30b-11de-b516-002219286de2}\Shell\open\Command - "" = rundll32.exe .\lbdgr1.dll,AddAtomT
O33 - MountPoints2\{52f756e7-e30b-11de-b516-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{52f756e7-e30b-11de-b516-002219286de2}\Shell\open\Command - "" = rundll32.exe .\msrlea2.dll,AddAtomT
O33 - MountPoints2\{52f756e8-e30b-11de-b516-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{52f756e8-e30b-11de-b516-002219286de2}\Shell\open\Command - "" = rundll32.exe .\dnsod.dll,AddAtomT
O33 - MountPoints2\{52f756ed-e30b-11de-b516-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{52f756ed-e30b-11de-b516-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{52f756ed-e30b-11de-b516-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{56e654dc-5728-11de-b451-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{56e654dc-5728-11de-b451-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{56e654de-5728-11de-b451-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{56e654de-5728-11de-b451-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{56e654df-5728-11de-b451-002219286de2}\Shell\Ouvrir\command - "" = log.exe
O33 - MountPoints2\{56e654e1-5728-11de-b451-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{56e654e1-5728-11de-b451-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{56e654e3-5728-11de-b451-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{56e654e3-5728-11de-b451-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{5719b1b6-eba6-11de-b527-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1b6-eba6-11de-b527-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1b6-eba6-11de-b527-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1b9-eba6-11de-b527-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1b9-eba6-11de-b527-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1b9-eba6-11de-b527-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c2-eba6-11de-b527-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c2-eba6-11de-b527-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c2-eba6-11de-b527-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c3-eba6-11de-b527-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c3-eba6-11de-b527-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c3-eba6-11de-b527-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c4-eba6-11de-b527-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c4-eba6-11de-b527-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c4-eba6-11de-b527-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c5-eba6-11de-b527-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c5-eba6-11de-b527-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c5-eba6-11de-b527-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c6-eba6-11de-b527-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c6-eba6-11de-b527-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c6-eba6-11de-b527-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c7-eba6-11de-b527-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c7-eba6-11de-b527-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1c7-eba6-11de-b527-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1cd-eba6-11de-b527-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1cd-eba6-11de-b527-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1cd-eba6-11de-b527-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1d1-eba6-11de-b527-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1d1-eba6-11de-b527-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{5719b1d1-eba6-11de-b527-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{57c248a7-fc3c-11de-b537-002219286de2}\Shell\AutoRun\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{57c248a7-fc3c-11de-b537-002219286de2}\Shell\explore\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{57c248a7-fc3c-11de-b537-002219286de2}\Shell\open\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{57c248a8-fc3c-11de-b537-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{57c248a8-fc3c-11de-b537-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{57c248a8-fc3c-11de-b537-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{57c248b9-fc3c-11de-b537-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{57c248b9-fc3c-11de-b537-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{57c248b9-fc3c-11de-b537-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{57c248ba-fc3c-11de-b537-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{57c248ba-fc3c-11de-b537-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{57c248ba-fc3c-11de-b537-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{59c554a8-5975-11de-b452-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{59c554a8-5975-11de-b452-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{59c554ac-5975-11de-b452-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{59c554ac-5975-11de-b452-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{59c554ad-5975-11de-b452-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{59c554ad-5975-11de-b452-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5b0f17be-6542-11de-b461-002219286de2}\Shell\Ouvrir\command - "" = D:\log.exe -- File not found
O33 - MountPoints2\{5b0f17bf-6542-11de-b461-002219286de2}\Shell\AutoRun\command - "" = D:\EmDesk.exe -- File not found
O33 - MountPoints2\{5b0f17bf-6542-11de-b461-002219286de2}\Shell\EmDesk\command - "" = D:\EmDesk.exe -- File not found
O33 - MountPoints2\{5b0f17c6-6542-11de-b461-002219286de2}\Shell\AutoRun\command - "" = D:\VIRTUAL_OPTICIAN.exe -- File not found
O33 - MountPoints2\{5b0f17c8-6542-11de-b461-002219286de2}\Shell\AutoRun\command - "" = D:\Menu.exe -- File not found
O33 - MountPoints2\{5bbd8f76-3ecc-11de-b42a-002219286de2}\Shell\AutoRun\command - "" = s3ek.exe
O33 - MountPoints2\{5bbd8f76-3ecc-11de-b42a-002219286de2}\Shell\open\Command - "" = s3ek.exe
O33 - MountPoints2\{5bbd8f79-3ecc-11de-b42a-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{5bbd8f79-3ecc-11de-b42a-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{5d4fd02a-8d58-11de-b48f-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{5d4fd02a-8d58-11de-b48f-002219286de2}\Shell\open\Command - "" = rundll32.exe .\avitap.dll,AddAtomT
O33 - MountPoints2\{5d4fd02c-8d58-11de-b48f-002219286de2}\Shell\AutoRun\command - "" = D:\g8k.exe -- File not found
O33 - MountPoints2\{5d4fd02c-8d58-11de-b48f-002219286de2}\Shell\open\Command - "" = D:\g8k.exe -- File not found
O33 - MountPoints2\{5d4fd02d-8d58-11de-b48f-002219286de2}\Shell\AutoRun\command - "" = D:\22yj2fy1.exe -- File not found
O33 - MountPoints2\{5d4fd02d-8d58-11de-b48f-002219286de2}\Shell\open\Command - "" = D:\22yj2fy1.exe -- File not found
O33 - MountPoints2\{5d4fd02f-8d58-11de-b48f-002219286de2}\Shell\AutoRun\command - "" = D:\22yj2fy1.exe -- File not found
O33 - MountPoints2\{5d4fd02f-8d58-11de-b48f-002219286de2}\Shell\open\Command - "" = D:\22yj2fy1.exe -- File not found
O33 - MountPoints2\{5dc21fd6-30b8-11de-b418-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{5dc21fd9-30b8-11de-b418-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{5dc21fd9-30b8-11de-b418-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mprux.dll,AddAtomT
O33 - MountPoints2\{5e5d16a2-9bad-11de-b4a1-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{5e5d16a2-9bad-11de-b4a1-002219286de2}\Shell\open\Command - "" = rundll32.exe .\bqhci.dll,AddAtomT
O33 - MountPoints2\{5ed5fe70-ac18-11de-b4bc-002219286de2}\Shell\AutoRun\command - "" = D:\w9uxx92.exe -- File not found
O33 - MountPoints2\{5ed5fe70-ac18-11de-b4bc-002219286de2}\Shell\open\Command - "" = D:\w9uxx92.exe -- File not found
O33 - MountPoints2\{5ed5fe73-ac18-11de-b4bc-002219286de2}\Shell\AutoRun\command - "" = D:\w9uxx92.exe -- File not found
O33 - MountPoints2\{5ed5fe73-ac18-11de-b4bc-002219286de2}\Shell\open\Command - "" = D:\w9uxx92.exe -- File not found
O33 - MountPoints2\{5ed5fe7d-ac18-11de-b4bc-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{5f162d0f-8647-11de-b484-002219286de2}\Shell\AutoRun\command - "" = ysep1.exe
O33 - MountPoints2\{5f162d0f-8647-11de-b484-002219286de2}\Shell\open\Command - "" = ysep1.exe
O33 - MountPoints2\{5f162d17-8647-11de-b484-002219286de2}\Shell\AutoRun\command - "" = D:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{5fce3586-a353-11de-b4b0-002219286de2}\Shell\AutoRun\command - "" = D:\bycfht.exe -- File not found
O33 - MountPoints2\{5fce3586-a353-11de-b4b0-002219286de2}\Shell\open\Command - "" = D:\bycfht.exe -- File not found
O33 - MountPoints2\{5fce3588-a353-11de-b4b0-002219286de2}\Shell\AutoRun\command - "" = D:\w9uxx92.exe -- File not found
O33 - MountPoints2\{5fce3588-a353-11de-b4b0-002219286de2}\Shell\open\Command - "" = D:\w9uxx92.exe -- File not found
O33 - MountPoints2\{6029c22b-a745-11de-b4b4-002219286de2}\Shell\AutoRun\command - "" = 3j2h0tf.bat
O33 - MountPoints2\{6029c22b-a745-11de-b4b4-002219286de2}\Shell\open\Command - "" = 3j2h0tf.bat
O33 - MountPoints2\{6039155e-5eff-11de-b459-002219286de2}\Shell\Ouvrir\command - "" = log.exe
O33 - MountPoints2\{64500278-e55f-11de-b51c-002219286de2}\Shell\AutoRun\command - "" = E:\ime\moje.exe -- File not found
O33 - MountPoints2\{64500278-e55f-11de-b51c-002219286de2}\Shell\explore\command - "" = E:\ime\moje.exe -- File not found
O33 - MountPoints2\{64500278-e55f-11de-b51c-002219286de2}\Shell\open\command - "" = E:\ime\moje.exe -- File not found
O33 - MountPoints2\{64500285-e55f-11de-b51c-002219286de2}\Shell\AutoRun\command - "" = E:\ime\moje.exe -- File not found
O33 - MountPoints2\{64500285-e55f-11de-b51c-002219286de2}\Shell\explore\command - "" = E:\ime\moje.exe -- File not found
O33 - MountPoints2\{64500285-e55f-11de-b51c-002219286de2}\Shell\open\command - "" = E:\ime\moje.exe -- File not found
O33 - MountPoints2\{64500286-e55f-11de-b51c-002219286de2}\Shell\AutoRun\command - "" = E:\601ugf.exe -- File not found
O33 - MountPoints2\{64500286-e55f-11de-b51c-002219286de2}\Shell\open\Command - "" = E:\601ugf.exe -- File not found
O33 - MountPoints2\{6450028a-e55f-11de-b51c-002219286de2}\Shell\AutoRun\command - "" = 8xcrbho6.exe
O33 - MountPoints2\{6450028a-e55f-11de-b51c-002219286de2}\Shell\open\Command - "" = 8xcrbho6.exe
O33 - MountPoints2\{64707afa-3492-11de-b41b-002219286de2}\Shell\Ouvrir\command - "" = J:\log.exe -- File not found
O33 - MountPoints2\{648fa64c-704b-11de-b470-002219286de2}\Shell\AutoRun\command - "" = E:\6ruaqx.exe -- File not found
O33 - MountPoints2\{648fa64c-704b-11de-b470-002219286de2}\Shell\open\Command - "" = E:\6ruaqx.exe -- File not found
O33 - MountPoints2\{648fa663-704b-11de-b470-002219286de2}\Shell\AutoRun\command - "" = D:\xk2n.bat -- File not found
O33 - MountPoints2\{648fa663-704b-11de-b470-002219286de2}\Shell\explore\Command - "" = D:\xk2n.bat -- File not found
O33 - MountPoints2\{648fa663-704b-11de-b470-002219286de2}\Shell\open\Command - "" = D:\xk2n.bat -- File not found
O33 - MountPoints2\{66e49bc2-7ce1-11de-b47a-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{66e49bc2-7ce1-11de-b47a-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{689ddad1-9b78-11de-b4a0-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{689ddad1-9b78-11de-b4a0-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{689ddad4-9b78-11de-b4a0-002219286de2}\Shell\Ouvrir\command - "" = log.exe
O33 - MountPoints2\{689ddae0-9b78-11de-b4a0-002219286de2}\Shell\AutoRun\command - "" = husyu8n.exe
O33 - MountPoints2\{689ddae0-9b78-11de-b4a0-002219286de2}\Shell\open\Command - "" = husyu8n.exe
O33 - MountPoints2\{6a9c621a-e4a6-11de-b51a-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{6a9c621a-e4a6-11de-b51a-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{6a9c621a-e4a6-11de-b51a-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{6bf4c90d-ba1b-11de-b4d7-002219286de2}\Shell\AutoRun\command - "" = 2sm66r.exe
O33 - MountPoints2\{6bf4c90d-ba1b-11de-b4d7-002219286de2}\Shell\open\Command - "" = 2sm66r.exe
O33 - MountPoints2\{6cf457bb-d8d4-11de-b503-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{6cf457bb-d8d4-11de-b503-002219286de2}\Shell\open\Command - "" = rundll32.exe .\wmarf.dll,AddAtomT
O33 - MountPoints2\{6cf457bd-d8d4-11de-b503-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{6cf457bd-d8d4-11de-b503-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mssmavmsg.dll,AddAtomT
O33 - MountPoints2\{6cf457c1-d8d4-11de-b503-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{6cf457c1-d8d4-11de-b503-002219286de2}\Shell\open\Command - "" = rundll32.exe .\compat.dll,AddAtomT
O33 - MountPoints2\{6cf457c4-d8d4-11de-b503-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{6cf457c4-d8d4-11de-b503-002219286de2}\Shell\open\Command - "" = rundll32.exe .\kbxru.dll,AddAtomT
O33 - MountPoints2\{6d9f797c-d050-11de-b4f8-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{6d9f797c-d050-11de-b4f8-002219286de2}\Shell\open\Command - "" = rundll32.exe .\usrswpia.dll,AddAtomT
O33 - MountPoints2\{6d9f7987-d050-11de-b4f8-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{6d9f7987-d050-11de-b4f8-002219286de2}\Shell\open\Command - "" = rundll32.exe .\msdttprx.dll,AddAtomT
O33 - MountPoints2\{6d9f7988-d050-11de-b4f8-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{6d9f7988-d050-11de-b4f8-002219286de2}\Shell\open\Command - "" = rundll32.exe .\magina.dll,AddAtomT
O33 - MountPoints2\{6dc299f8-f38e-11de-b52c-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc299f8-f38e-11de-b52c-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc299f8-f38e-11de-b52c-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc299fc-f38e-11de-b52c-002219286de2}\Shell\AutoRun\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc299fc-f38e-11de-b52c-002219286de2}\Shell\explore\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc299fc-f38e-11de-b52c-002219286de2}\Shell\open\command - "" = K:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc299fd-f38e-11de-b52c-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc299fd-f38e-11de-b52c-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc299fd-f38e-11de-b52c-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc299ff-f38e-11de-b52c-002219286de2}\Shell\AutoRun\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{6dc299ff-f38e-11de-b52c-002219286de2}\Shell\explore\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{6dc299ff-f38e-11de-b52c-002219286de2}\Shell\open\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{6dc29a00-f38e-11de-b52c-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc29a00-f38e-11de-b52c-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc29a00-f38e-11de-b52c-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc29a03-f38e-11de-b52c-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc29a03-f38e-11de-b52c-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc29a03-f38e-11de-b52c-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc29a04-f38e-11de-b52c-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc29a04-f38e-11de-b52c-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6dc29a04-f38e-11de-b52c-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{6e03295d-cde2-11de-b4f5-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{6e03295d-cde2-11de-b4f5-002219286de2}\Shell\open\Command - "" = rundll32.exe .\eaasvc.dll,AddAtomT
O33 - MountPoints2\{6e032961-cde2-11de-b4f5-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{6e032961-cde2-11de-b4f5-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6e032962-cde2-11de-b4f5-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{6e032962-cde2-11de-b4f5-002219286de2}\Shell\open\Command - "" = rundll32.exe .\ieaufltr.dll,AddAtomT
O33 - MountPoints2\{6e032963-cde2-11de-b4f5-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{6e032963-cde2-11de-b4f5-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mhvidc32.dll,AddAtomT
O33 - MountPoints2\{6f3a9864-387b-11de-b420-002219286de2}\Shell\Ouvrir\command - "" = D:\log.exe -- File not found
O33 - MountPoints2\{71de3a2a-dd85-11de-b50c-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{71de3a2a-dd85-11de-b50c-002219286de2}\Shell\open\Command - "" = rundll32.exe .\kbdhuu.dll,AddAtomT
O33 - MountPoints2\{71de3a2d-dd85-11de-b50c-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{71de3a2d-dd85-11de-b50c-002219286de2}\Shell\open\Command - "" = rundll32.exe .\tpxmontr.dll,AddAtomT
O33 - MountPoints2\{71de3a2e-dd85-11de-b50c-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{71de3a2e-dd85-11de-b50c-002219286de2}\Shell\open\Command - "" = rundll32.exe .\dbmsrpjn.dll,AddAtomT
O33 - MountPoints2\{72b1bbba-c2cb-11de-b4e3-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{72b1bbba-c2cb-11de-b4e3-002219286de2}\Shell\open\Command - "" = rundll32.exe .\ati_ci.dll,AddAtomT
O33 - MountPoints2\{735fcad3-adb9-11de-b4bf-002219286de2}\Shell\AutoRun\command - "" = D:\Feast\Ival\Feast.exe -- File not found
O33 - MountPoints2\{735fcad3-adb9-11de-b4bf-002219286de2}\Shell\open\command - "" = D:\Feast\Ival\Feast.exe -- File not found
O33 - MountPoints2\{774e67b9-fab6-11de-b533-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{774e67b9-fab6-11de-b533-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7c758147-2e65-11de-b413-002219286de2}\Shell\AutoRun\command - "" = K:\husyu8n.exe -- File not found
O33 - MountPoints2\{7c758147-2e65-11de-b413-002219286de2}\Shell\open\Command - "" = K:\husyu8n.exe -- File not found
O33 - MountPoints2\{7c758149-2e65-11de-b413-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{7c758149-2e65-11de-b413-002219286de2}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7c8bedd7-3a3c-11de-b424-002219286de2}\Shell\Auto\command - "" = infrom.exe
O33 - MountPoints2\{7c8bedf9-3a3c-11de-b424-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{7c8bedf9-3a3c-11de-b424-002219286de2}\Shell\open\Command - "" = rundll32.exe .\\vfwodbc.dll,InstallM
O33 - MountPoints2\{7c8bedfc-3a3c-11de-b424-002219286de2}\Shell\AutoRun\command - "" = husyu8n.exe
O33 - MountPoints2\{7c8bedfc-3a3c-11de-b424-002219286de2}\Shell\open\Command - "" = husyu8n.exe
O33 - MountPoints2\{7ce09ff6-4910-11de-b43c-002219286de2}\Shell\AutoRun\command - "" = K:\sm.exe -- File not found
O33 - MountPoints2\{7ce09ff6-4910-11de-b43c-002219286de2}\Shell\open\Command - "" = K:\sm.exe -- File not found
O33 - MountPoints2\{7ce09ff8-4910-11de-b43c-002219286de2}\Shell\AutoRun\command - "" = D:\n68mqcra.exe -- File not found
O33 - MountPoints2\{7ce09ff8-4910-11de-b43c-002219286de2}\Shell\open\Command - "" = D:\n68mqcra.exe -- File not found
O33 - MountPoints2\{7ce09ffe-4910-11de-b43c-002219286de2}\Shell\AutoRun\command - "" = 22yj2fy1.exe
O33 - MountPoints2\{7ce09ffe-4910-11de-b43c-002219286de2}\Shell\open\Command - "" = 22yj2fy1.exe
O33 - MountPoints2\{7e94b852-a1c4-11de-b4ad-002219286de2}\Shell\AutoRun\command - "" = L:\bycfht.exe -- File not found
O33 - MountPoints2\{7e94b852-a1c4-11de-b4ad-002219286de2}\Shell\open\Command - "" = L:\bycfht.exe -- File not found
O33 - MountPoints2\{7e94b858-a1c4-11de-b4ad-002219286de2}\Shell\AutoRun\command - "" = D:\RECYCLER\lasass.exe -- File not found
O33 - MountPoints2\{7e94b858-a1c4-11de-b4ad-002219286de2}\Shell\open\command - "" = D:\RECYCLER\lasass.exe -- File not found
O33 - MountPoints2\{7eb89e08-ad8b-11de-b4be-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{7eb89e08-ad8b-11de-b4be-002219286de2}\Shell\open\Command - "" = rundll32.exe .\kjdlt.dll,AddAtomT
O33 - MountPoints2\{83d01cca-5fc5-11de-b45a-002219286de2}\Shell\Ouvrir\command - "" = D:\log.exe -- File not found
O33 - MountPoints2\{84670172-bf03-11de-b4df-002219286de2}\Shell\Ouvrir\command - "" = log.exe
O33 - MountPoints2\{85fea34f-c783-11de-b4e8-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{85fea34f-c783-11de-b4e8-002219286de2}\Shell\open\Command - "" = rundll32.exe .\winscaqd.dll,AddAtomT
O33 - MountPoints2\{86ee5028-9600-11de-b498-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{86ee5028-9600-11de-b498-002219286de2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{86ee5030-9600-11de-b498-002219286de2}\Shell\AutoRun\command - "" = K:\AutoTransfer.exe -- File not found
O33 - MountPoints2\{8a15de7f-5592-11de-b44d-002219286de2}\Shell\AutoRun\command - "" = D:\n68mqcra.exe -- File not found
O33 - MountPoints2\{8a15de7f-5592-11de-b44d-002219286de2}\Shell\open\Command - "" = D:\n68mqcra.exe -- File not found
O33 - MountPoints2\{8a15de82-5592-11de-b44d-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{8a15de82-5592-11de-b44d-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{8aeab6e7-f5df-11de-b530-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{8aeab6e7-f5df-11de-b530-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8aeab6e9-f5df-11de-b530-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{8aeab6e9-f5df-11de-b530-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{8aeab6e9-f5df-11de-b530-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{8c0a3582-6653-11de-b463-002219286de2}\Shell\AutoRun\command - "" = D:\n68mqcra.exe -- File not found
O33 - MountPoints2\{8c0a3582-6653-11de-b463-002219286de2}\Shell\open\Command - "" = D:\n68mqcra.exe -- File not found
O33 - MountPoints2\{8c0a3583-6653-11de-b463-002219286de2}\Shell\AutoRun\command - "" = sm.exe
O33 - MountPoints2\{8c0a3583-6653-11de-b463-002219286de2}\Shell\open\Command - "" = sm.exe
O33 - MountPoints2\{8e0fc4f2-05c4-11df-b555-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{8e0fc4f2-05c4-11df-b555-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8ed1e9ce-a439-11de-b4b2-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{8ed1e9d1-a439-11de-b4b2-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{8ed1e9d1-a439-11de-b4b2-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8ed1e9de-a439-11de-b4b2-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{8ed1e9de-a439-11de-b4b2-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8ed1e9e1-a439-11de-b4b2-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{8ed1e9e1-a439-11de-b4b2-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8f8340af-93ad-11de-b497-002219286de2}\Shell\AutoRun\command - "" = password_viewer.exe %1
O33 - MountPoints2\{8f8340af-93ad-11de-b497-002219286de2}\Shell\Explore\command - "" = password_viewer.exe %1
O33 - MountPoints2\{8f8340af-93ad-11de-b497-002219286de2}\Shell\Open\command - "" = password_viewer.exe %1
O33 - MountPoints2\{8f8a1150-9144-11de-b493-002219286de2}\Shell\AutoRun\command - "" = D:\g8k.exe -- File not found
O33 - MountPoints2\{8f8a1150-9144-11de-b493-002219286de2}\Shell\open\Command - "" = D:\g8k.exe -- File not found
O33 - MountPoints2\{9024ad08-d4f4-11de-b4fe-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{9024ad08-d4f4-11de-b4fe-002219286de2}\Shell\open\Command - "" = rundll32.exe .\obasel.dll,AddAtomT
O33 - MountPoints2\{9024ad09-d4f4-11de-b4fe-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{9024ad09-d4f4-11de-b4fe-002219286de2}\Shell\open\Command - "" = rundll32.exe .\dsprprev.dll,AddAtomT
O33 - MountPoints2\{9024ad0a-d4f4-11de-b4fe-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{9024ad0a-d4f4-11de-b4fe-002219286de2}\Shell\open\Command - "" = rundll32.exe .\dbserver.dll,AddAtomT
O33 - MountPoints2\{9024ad0b-d4f4-11de-b4fe-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{9024ad0b-d4f4-11de-b4fe-002219286de2}\Shell\open\Command - "" = rundll32.exe .\srclielt.dll,AddAtomT
O33 - MountPoints2\{9024ad0c-d4f4-11de-b4fe-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{9024ad0c-d4f4-11de-b4fe-002219286de2}\Shell\open\Command - "" = rundll32.exe .\kbdrs.dll,AddAtomT
O33 - MountPoints2\{9024ad0d-d4f4-11de-b4fe-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{9024ad0d-d4f4-11de-b4fe-002219286de2}\Shell\open\Command - "" = rundll32.exe .\shellr2.dll,AddAtomT
O33 - MountPoints2\{9024ad11-d4f4-11de-b4fe-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{9024ad11-d4f4-11de-b4fe-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mahcp.dll,AddAtomT
O33 - MountPoints2\{9024ad13-d4f4-11de-b4fe-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{9024ad13-d4f4-11de-b4fe-002219286de2}\Shell\open\Command - "" = rundll32.exe .\kbtru.dll,AddAtomT
O33 - MountPoints2\{9024ad14-d4f4-11de-b4fe-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{9024ad14-d4f4-11de-b4fe-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mqcse.dll,AddAtomT
O33 - MountPoints2\{90cbe36c-ea15-11de-b523-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{90cbe36c-ea15-11de-b523-002219286de2}\Shell\open\Command - "" = rundll32.exe .\hpzidr1f.dll,AddAtomT
O33 - MountPoints2\{90cbe36e-ea15-11de-b523-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe36e-ea15-11de-b523-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe36e-ea15-11de-b523-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe372-ea15-11de-b523-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe372-ea15-11de-b523-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe372-ea15-11de-b523-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe373-ea15-11de-b523-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe373-ea15-11de-b523-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe373-ea15-11de-b523-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe374-ea15-11de-b523-002219286de2}\Shell\AutoRun\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe374-ea15-11de-b523-002219286de2}\Shell\explore\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe374-ea15-11de-b523-002219286de2}\Shell\open\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe377-ea15-11de-b523-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{90cbe377-ea15-11de-b523-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{90cbe37b-ea15-11de-b523-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe37b-ea15-11de-b523-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe37b-ea15-11de-b523-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe37d-ea15-11de-b523-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{90cbe37d-ea15-11de-b523-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{90cbe380-ea15-11de-b523-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe380-ea15-11de-b523-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe380-ea15-11de-b523-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe382-ea15-11de-b523-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe382-ea15-11de-b523-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{90cbe382-ea15-11de-b523-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{9623b3f2-2e3c-11de-b40b-b650ccf15737}\Shell\AutoRun\command - "" = J:\husyu8n.exe -- File not found
O33 - MountPoints2\{9623b3f2-2e3c-11de-b40b-b650ccf15737}\Shell\open\Command - "" = J:\husyu8n.exe -- File not found
O33 - MountPoints2\{9631434b-c87f-11de-b4ed-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{9631434b-c87f-11de-b4ed-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{964eeac7-54bd-11de-b44c-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{964eeac7-54bd-11de-b44c-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{964eeac8-54bd-11de-b44c-002219286de2}\Shell\AutoRun\command - "" = K:\sm.exe -- File not found
O33 - MountPoints2\{964eeac8-54bd-11de-b44c-002219286de2}\Shell\open\Command - "" = K:\sm.exe -- File not found
O33 - MountPoints2\{964eeacf-54bd-11de-b44c-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{964eeacf-54bd-11de-b44c-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{96d80c80-3fb7-11de-b430-002219286de2}\Shell\AutoRun\command - "" = D:\lc.exe -- File not found
O33 - MountPoints2\{96d80c80-3fb7-11de-b430-002219286de2}\Shell\open\Command - "" = D:\lc.exe -- File not found
O33 - MountPoints2\{9abd5bb4-c9dd-11de-b4ef-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{9abd5bb4-c9dd-11de-b4ef-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9abd5bb5-c9dd-11de-b4ef-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{9abd5bb5-c9dd-11de-b4ef-002219286de2}\Shell\open\Command - "" = rundll32.exe .\urd.dll,AddAtomT
O33 - MountPoints2\{9abd5bba-c9dd-11de-b4ef-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{9abd5bba-c9dd-11de-b4ef-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9abd5bbc-c9dd-11de-b4ef-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{9abd5bbc-c9dd-11de-b4ef-002219286de2}\Shell\open\Command - "" = rundll32.exe .\msxal2.dll,AddAtomT
O33 - MountPoints2\{9d8905c1-d418-11de-b4fc-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{9d8905c1-d418-11de-b4fc-002219286de2}\Shell\open\Command - "" = rundll32.exe .\ddpsnd.dll,AddAtomT
O33 - MountPoints2\{9d8905c3-d418-11de-b4fc-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{9d8905c3-d418-11de-b4fc-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9d8905c4-d418-11de-b4fc-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{9d8905c4-d418-11de-b4fc-002219286de2}\Shell\open\Command - "" = rundll32.exe .\sgecli.dll,AddAtomT
O33 - MountPoints2\{9d8905c5-d418-11de-b4fc-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{9d8905c5-d418-11de-b4fc-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9ecf11b8-fb73-11de-b534-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{9ecf11b8-fb73-11de-b534-002219286de2}\Shell\open\Command - "" = rundll32.exe .\oleaun32.dll,AddAtomT
O33 - MountPoints2\{a0e66e99-0a5f-11df-b55b-002219286de2}\Shell\AutoRun\command - "" = qpe6.com
O33 - MountPoints2\{a0e66e99-0a5f-11df-b55b-002219286de2}\Shell\explore\Command - "" = qpe6.com
O33 - MountPoints2\{a0e66e99-0a5f-11df-b55b-002219286de2}\Shell\open\Command - "" = qpe6.com
O33 - MountPoints2\{a1393750-b891-11de-b4d2-002219286de2}\Shell\AutoRun\command - "" = D:\s3ek.exe -- File not found
O33 - MountPoints2\{a1393750-b891-11de-b4d2-002219286de2}\Shell\open\Command - "" = D:\s3ek.exe -- File not found
O33 - MountPoints2\{a21542a9-010f-11df-b540-002219286de2}\Shell\AutoRun\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{a21542a9-010f-11df-b540-002219286de2}\Shell\explore\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{a21542a9-010f-11df-b540-002219286de2}\Shell\open\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{a2226e32-bc85-11de-b4d9-002219286de2}\Shell\AutoRun\command - "" = mbvd.exe
O33 - MountPoints2\{a2226e32-bc85-11de-b4d9-002219286de2}\Shell\open\Command - "" = mbvd.exe
O33 - MountPoints2\{a2226e5d-bc85-11de-b4d9-002219286de2}\Shell\Ouvrir\command - "" = D:\log.exe -- File not found
O33 - MountPoints2\{a30c2680-c3ab-11de-b4e5-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{a30c2680-c3ab-11de-b4e5-002219286de2}\Shell\open\Command - "" = rundll32.exe .\msaatebt.dll,AddAtomT
O33 - MountPoints2\{a30c2682-c3ab-11de-b4e5-002219286de2}\Shell\AutoRun\command - "" = jedna/stvar.exe
O33 - MountPoints2\{a30c2682-c3ab-11de-b4e5-002219286de2}\Shell\explore\command - "" = jedna/stvar.exe
O33 - MountPoints2\{a30c2682-c3ab-11de-b4e5-002219286de2}\Shell\open\command - "" = jedna/stvar.exe
O33 - MountPoints2\{a30c2685-c3ab-11de-b4e5-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{a30c2685-c3ab-11de-b4e5-002219286de2}\Shell\open\Command - "" = rundll32.exe .\kjdsg.dll,AddAtomT
O33 - MountPoints2\{a3af2001-0436-11df-b546-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{a3af2001-0436-11df-b546-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a4a4701a-2fd8-11de-b415-002219286de2}\Shell\AutoRun\command - "" = D:\RECYCLER\recycld.exe -- File not found
O33 - MountPoints2\{a4a4701a-2fd8-11de-b415-002219286de2}\Shell\open\command - "" = D:\RECYCLER\recycld.exe -- File not found
O33 - MountPoints2\{a4a4701e-2fd8-11de-b415-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{a4a4701e-2fd8-11de-b415-002219286de2}\Shell\open\Command - "" = rundll32.exe .\kd13q4.dll,AddAtomT
O33 - MountPoints2\{a4a47022-2fd8-11de-b415-002219286de2}\Shell\AutoRun\command - "" = password_viewer.exe %1
O33 - MountPoints2\{a4a47022-2fd8-11de-b415-002219286de2}\Shell\Explore\command - "" = password_viewer.exe %1
O33 - MountPoints2\{a4a47022-2fd8-11de-b415-002219286de2}\Shell\Open\command - "" = password_viewer.exe %1
O33 - MountPoints2\{a4a47023-2fd8-11de-b415-002219286de2}\Shell\AutoRun\command - "" = J:\g1ljsm.com -- File not found
O33 - MountPoints2\{a4a47023-2fd8-11de-b415-002219286de2}\Shell\open\Command - "" = J:\g1ljsm.com -- File not found
O33 - MountPoints2\{a4a47037-2fd8-11de-b415-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e193c4-452d-11de-b439-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{a5e193c4-452d-11de-b439-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a5e193c5-452d-11de-b439-002219286de2}\Shell\AutoRun\command - "" = K:\bycfht.exe -- File not found
O33 - MountPoints2\{a5e193c5-452d-11de-b439-002219286de2}\Shell\open\Command - "" = K:\bycfht.exe -- File not found
O33 - MountPoints2\{a5e193c6-452d-11de-b439-002219286de2}\Shell\AutoRun\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{a5e193c6-452d-11de-b439-002219286de2}\Shell\open\command - "" = RECYCLER\recycld.exe
O33 - MountPoints2\{a67c8f02-9d14-11de-b4a4-002219286de2}\Shell\AutoRun\command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{a67c8f02-9d14-11de-b4a4-002219286de2}\Shell\open\Command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{a67c8f0b-9d14-11de-b4a4-002219286de2}\Shell\AutoRun\command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{a67c8f0b-9d14-11de-b4a4-002219286de2}\Shell\open\Command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{a67c8f0c-9d14-11de-b4a4-002219286de2}\Shell\AutoRun\command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{a67c8f0c-9d14-11de-b4a4-002219286de2}\Shell\open\Command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{a67c8f12-9d14-11de-b4a4-002219286de2}\Shell\AutoRun\command - "" = D:\RECYCLER\S-51-9-25-3434476501-1644491961-601003312-1214\hjec.exe -- File not found
O33 - MountPoints2\{a67c8f12-9d14-11de-b4a4-002219286de2}\Shell\open\command - "" = D:\RECYCLER\S-51-9-25-3434476501-1644491961-601003312-1214\hjec.exe -- File not found
O33 - MountPoints2\{a9817432-c84e-11de-b4ea-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{a9817432-c84e-11de-b4ea-002219286de2}\Shell\open\Command - "" = rundll32.exe .\nvgfp.dll,AddAtomT
O33 - MountPoints2\{a9817434-c84e-11de-b4ea-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{a9817434-c84e-11de-b4ea-002219286de2}\Shell\open\Command - "" = rundll32.exe .\xdsnds.dll,AddAtomT
O33 - MountPoints2\{a981743a-c84e-11de-b4ea-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{a981743a-c84e-11de-b4ea-002219286de2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{aac8ae05-34a6-11de-b41c-002219286de2}\Shell\AutoRun\command - "" = 930jn.bat
O33 - MountPoints2\{aac8ae05-34a6-11de-b41c-002219286de2}\Shell\explore\Command - "" = 930jn.bat
O33 - MountPoints2\{aac8ae05-34a6-11de-b41c-002219286de2}\Shell\open\Command - "" = 930jn.bat
O33 - MountPoints2\{aac8ae08-34a6-11de-b41c-002219286de2}\Shell\AutoRun\command - "" = se12ydam.exe
O33 - MountPoints2\{aac8ae08-34a6-11de-b41c-002219286de2}\Shell\open\Command - "" = se12ydam.exe
O33 - MountPoints2\{ae679b14-b3d5-11de-b4cb-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{ae679b14-b3d5-11de-b4cb-002219286de2}\Shell\open\Command - "" = rundll32.exe .\rtipxxib.dll,AddAtomT
O33 - MountPoints2\{af172223-e3dd-11de-b518-002219286de2}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{af172226-e3dd-11de-b518-002219286de2}\Shell\AutoRun\command - "" = E:\ime\moje.exe -- File not found
O33 - MountPoints2\{af172226-e3dd-11de-b518-002219286de2}\Shell\explore\command - "" = E:\ime\moje.exe -- File not found
O33 - MountPoints2\{af172226-e3dd-11de-b518-002219286de2}\Shell\open\command - "" = E:\ime\moje.exe -- File not found
O33 - MountPoints2\{afab12f2-b183-11de-b4c4-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{afab12f2-b183-11de-b4c4-002219286de2}\Shell\open\Command - "" = rundll32.exe .\qcaa.dll,AddAtomT
O33 - MountPoints2\{b0f6dd41-b1aa-11de-b4c5-002219286de2}\Shell\AutoRun\command - "" = D:\OPOP\severina.exe -- File not found
O33 - MountPoints2\{b0f6dd41-b1aa-11de-b4c5-002219286de2}\Shell\explore\command - "" = D:\.\\OPOP\\\severina.exe -- File not found
O33 - MountPoints2\{b0f6dd41-b1aa-11de-b4c5-002219286de2}\Shell\open\command - "" = D:\OPOP\\\\\severina.exe -- File not found
O33 - MountPoints2\{b1ea7633-f450-11de-b52d-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{b1ea7633-f450-11de-b52d-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{b1ea7633-f450-11de-b52d-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{b30b2496-4059-11de-b432-002219286de2}\Shell\AutoRun\command - "" = K:\n68mqcra.exe -- File not found
O33 - MountPoints2\{b30b2496-4059-11de-b432-002219286de2}\Shell\open\Command - "" = K:\n68mqcra.exe -- File not found
O33 - MountPoints2\{b30b2498-4059-11de-b432-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{b30b2498-4059-11de-b432-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b30b2499-4059-11de-b432-002219286de2}\Shell\AutoRun\command - "" = L:\
O33 - MountPoints2\{b30b2499-4059-11de-b432-002219286de2}\Shell\open\Command - "" = rundll32.exe .\tbtnon.dll,AddAtomT
O33 - MountPoints2\{b30b24a4-4059-11de-b432-002219286de2}\Shell\AutoRun\command - "" = d1vmq.exe
O33 - MountPoints2\{b30b24a4-4059-11de-b432-002219286de2}\Shell\open\Command - "" = d1vmq.exe
O33 - MountPoints2\{b30b24a6-4059-11de-b432-002219286de2}\Shell\AutoRun\command - "" = wscript \SMRTNTKY\script.js
O33 - MountPoints2\{b3fe7b63-393d-11de-b421-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{b3fe7b63-393d-11de-b421-002219286de2}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b3fe7b64-393d-11de-b421-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{b3fe7b64-393d-11de-b421-002219286de2}\Shell\Auto\command - "" = AutoRun.exe
O33 - MountPoints2\{b3fe7b70-393d-11de-b421-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{b3fe7b70-393d-11de-b421-002219286de2}\Shell\explore\Command - "" = RECYCLED\INFO.exe
O33 - MountPoints2\{b3fe7b70-393d-11de-b421-002219286de2}\Shell\open\Command - "" = RECYCLED\INFO.exe
O33 - MountPoints2\{b3fe7b77-393d-11de-b421-002219286de2}\Shell\AutoRun\command - "" = E:\601ugf.exe -- File not found
O33 - MountPoints2\{b3fe7b77-393d-11de-b421-002219286de2}\Shell\open\Command - "" = E:\601ugf.exe -- File not found
O33 - MountPoints2\{b5ab8b82-4377-11de-b435-002219286de2}\Shell\AutoRun\command - "" = D:\m9ma.exe -- File not found
O33 - MountPoints2\{b5ab8b82-4377-11de-b435-002219286de2}\Shell\explore\Command - "" = D:\m9ma.exe -- File not found
O33 - MountPoints2\{b5ab8b82-4377-11de-b435-002219286de2}\Shell\open\Command - "" = D:\m9ma.exe -- File not found
O33 - MountPoints2\{b5ab8b83-4377-11de-b435-002219286de2}\Shell\Ouvrir\command - "" = D:\log.exe -- File not found
O33 - MountPoints2\{b5ab8b96-4377-11de-b435-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{b5ab8b9a-4377-11de-b435-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{b5ab8b9a-4377-11de-b435-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{b5ab8b9a-4377-11de-b435-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{b5fe4fca-e88b-11de-b51f-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{b5fe4fca-e88b-11de-b51f-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b5fe4fcf-e88b-11de-b51f-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{b5fe4fcf-e88b-11de-b51f-002219286de2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b5fe4fd0-e88b-11de-b51f-002219286de2}\Shell\AutoRun\command - "" = L:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{b5fe4fd0-e88b-11de-b51f-002219286de2}\Shell\explore\command - "" = L:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{b5fe4fd0-e88b-11de-b51f-002219286de2}\Shell\open\command - "" = L:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{b5fe4fd1-e88b-11de-b51f-002219286de2}\Shell\Ouvrir\command - "" = E:\log.exe -- File not found
O33 - MountPoints2\{b8fc1ff6-c234-11de-b4e2-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{b8fc1ff6-c234-11de-b4e2-002219286de2}\Shell\open\Command - "" = rundll32.exe .\rdpvd.dll,AddAtomT
O33 - MountPoints2\{b97d2162-6611-11de-b462-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{b97d2162-6611-11de-b462-002219286de2}\Shell\AutoRun\command - "" = D:\memorybar.exe -- File not found
O33 - MountPoints2\{c0ec4f27-cf5e-11de-b4f6-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{c0ec4f27-cf5e-11de-b4f6-002219286de2}\Shell\open\Command - "" = rundll32.exe .\nexmsg.dll,AddAtomT
O33 - MountPoints2\{c0ec4f28-cf5e-11de-b4f6-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{c0ec4f28-cf5e-11de-b4f6-002219286de2}\Shell\open\Command - "" = rundll32.exe .\nvwksth.dll,AddAtomT
O33 - MountPoints2\{c0ec4f2f-cf5e-11de-b4f6-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{c0ec4f2f-cf5e-11de-b4f6-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mtxocs.dll,AddAtomT
O33 - MountPoints2\{c0ec4f33-cf5e-11de-b4f6-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{c0ec4f33-cf5e-11de-b4f6-002219286de2}\Shell\open\Command - "" = rundll32.exe .\srsec.dll,AddAtomT
O33 - MountPoints2\{c22207d4-b309-11de-b4c9-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{c22207d4-b309-11de-b4c9-002219286de2}\Shell\open\Command - "" = rundll32.exe .\wzcsspi.dll,AddAtomT
O33 - MountPoints2\{c55f4106-355b-11de-b41e-002219286de2}\Shell\AutoRun\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{c55f4106-355b-11de-b41e-002219286de2}\Shell\explore\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{c55f4106-355b-11de-b41e-002219286de2}\Shell\open\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{c55f4112-355b-11de-b41e-002219286de2}\Shell\AutoRun\command - "" = D:\p.exe -- File not found
O33 - MountPoints2\{c55f4112-355b-11de-b41e-002219286de2}\Shell\open\Command - "" = D:\p.exe -- File not found
O33 - MountPoints2\{c55f411b-355b-11de-b41e-002219286de2}\Shell\AutoRun\command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{c55f411b-355b-11de-b41e-002219286de2}\Shell\open\Command - "" = D:\3c.exe -- File not found
O33 - MountPoints2\{c55f411c-355b-11de-b41e-002219286de2}\Shell\Ouvrir\command - "" = J:\log.exe -- File not found
O33 - MountPoints2\{c6051766-5009-11de-b447-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{c6051766-5009-11de-b447-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c605176f-5009-11de-b447-002219286de2}\Shell\AutoRun\command - "" = K:\ukvr.bat -- File not found
O33 - MountPoints2\{c605176f-5009-11de-b447-002219286de2}\Shell\open\Command - "" = K:\ukvr.bat -- File not found
O33 - MountPoints2\{c6051772-5009-11de-b447-002219286de2}\Shell\AUtOplAY\CommaND - "" = kndi.exe
O33 - MountPoints2\{c6051772-5009-11de-b447-002219286de2}\Shell\AutoRun\command - "" = kndi.exe
O33 - MountPoints2\{c6051772-5009-11de-b447-002219286de2}\Shell\ExplorE\CoMmaNd - "" = kndi.exe
O33 - MountPoints2\{c6051772-5009-11de-b447-002219286de2}\Shell\oPeN\commANd - "" = kndi.exe
O33 - MountPoints2\{c6051773-5009-11de-b447-002219286de2}\Shell\AutoRun\command - "" = KLIZAVI/sapun.exe
O33 - MountPoints2\{c6051773-5009-11de-b447-002219286de2}\Shell\explore\command - "" = KLIZAVI/sapun.exe
O33 - MountPoints2\{c6051773-5009-11de-b447-002219286de2}\Shell\open\command - "" = KLIZAVI/sapun.exe
O33 - MountPoints2\{cae1455e-92e2-11de-b496-002219286de2}\Shell\AutoRun\command - "" = hx.exe
O33 - MountPoints2\{cae1455e-92e2-11de-b496-002219286de2}\Shell\open\Command - "" = hx.exe
O33 - MountPoints2\{cae14562-92e2-11de-b496-002219286de2}\Shell\AutoRun\command - "" = hx.exe
O33 - MountPoints2\{cae14562-92e2-11de-b496-002219286de2}\Shell\open\Command - "" = hx.exe
O33 - MountPoints2\{cae14563-92e2-11de-b496-002219286de2}\Shell\AutoRun\command - "" = hx.exe
O33 - MountPoints2\{cae14563-92e2-11de-b496-002219286de2}\Shell\open\Command - "" = hx.exe
O33 - MountPoints2\{cb0fae38-5bd6-11de-b455-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{cb0fae38-5bd6-11de-b455-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d25480e3-abf7-11de-b4bb-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{d25480e6-abf7-11de-b4bb-002219286de2}\Shell\AutoRun\command - "" = D:\bycfht.exe -- File not found
O33 - MountPoints2\{d25480e6-abf7-11de-b4bb-002219286de2}\Shell\open\Command - "" = D:\bycfht.exe -- File not found
O33 - MountPoints2\{d3acbdeb-6708-11de-b464-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{d3acbdeb-6708-11de-b464-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{d3acbdeb-6708-11de-b464-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{d496d801-4f5a-11de-b445-002219286de2}\Shell\Ouvrir\command - "" = log.exe
O33 - MountPoints2\{d496d802-4f5a-11de-b445-002219286de2}\Shell\AutoRun\command - "" = icxpa.cmd
O33 - MountPoints2\{d496d802-4f5a-11de-b445-002219286de2}\Shell\open\Command - "" = icxpa.cmd
O33 - MountPoints2\{d584356e-4f40-11de-b444-002219286de2}\Shell\AutoRun\command - "" = w9uxx92.exe
O33 - MountPoints2\{d584356e-4f40-11de-b444-002219286de2}\Shell\open\Command - "" = w9uxx92.exe
O33 - MountPoints2\{d584356f-4f40-11de-b444-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{d584356f-4f40-11de-b444-002219286de2}\Shell\1\Command - "" = K:\Recycled.exe -- File not found
O33 - MountPoints2\{d584356f-4f40-11de-b444-002219286de2}\Shell\2\Command - "" = K:\Recycled.exe -- File not found
O33 - MountPoints2\{d5843571-4f40-11de-b444-002219286de2}\Shell\AutoRun\command - "" = K:\n68mqcra.exe -- File not found
O33 - MountPoints2\{d5843571-4f40-11de-b444-002219286de2}\Shell\open\Command - "" = K:\n68mqcra.exe -- File not found
O33 - MountPoints2\{d5966558-da60-11de-b507-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{d5966558-da60-11de-b507-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mprmsn.dll,AddAtomT
O33 - MountPoints2\{d596655b-da60-11de-b507-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{d596655b-da60-11de-b507-002219286de2}\Shell\open\Command - "" = rundll32.exe .\iuaapi.dll,AddAtomT
O33 - MountPoints2\{d596655c-da60-11de-b507-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{d596655c-da60-11de-b507-002219286de2}\Shell\open\Command - "" = rundll32.exe .\icd32.dll,AddAtomT
O33 - MountPoints2\{d997628d-dfe1-11de-b511-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{d997628d-dfe1-11de-b511-002219286de2}\Shell\open\Command - "" = rundll32.exe .\avtav.dll,AddAtomT
O33 - MountPoints2\{d9976290-dfe1-11de-b511-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{d9976290-dfe1-11de-b511-002219286de2}\Shell\open\Command - "" = rundll32.exe .\photoletadatahandler.dll,AddAtomT
O33 - MountPoints2\{d9976297-dfe1-11de-b511-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{d9976297-dfe1-11de-b511-002219286de2}\Shell\open\Command - "" = rundll32.exe .\msexpl40.dll,AddAtomT
O33 - MountPoints2\{d9976298-dfe1-11de-b511-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{d9976298-dfe1-11de-b511-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d9976299-dfe1-11de-b511-002219286de2}\Shell\AutoRun\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{d9976299-dfe1-11de-b511-002219286de2}\Shell\explore\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{d9976299-dfe1-11de-b511-002219286de2}\Shell\open\command - "" = SLATKO/torta.exe
O33 - MountPoints2\{d997629f-dfe1-11de-b511-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{d997629f-dfe1-11de-b511-002219286de2}\Shell\open\Command - "" = rundll32.exe .\iatrecst.dll,AddAtomT
O33 - MountPoints2\{da971964-f9d8-11de-b532-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{da971964-f9d8-11de-b532-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{da971964-f9d8-11de-b532-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{da971966-f9d8-11de-b532-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{da971966-f9d8-11de-b532-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{da971966-f9d8-11de-b532-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{de1bdf5d-bfab-11de-b4e0-002219286de2}\Shell\AutoRun\command - "" = D:\husyu8n.exe -- File not found
O33 - MountPoints2\{de1bdf5d-bfab-11de-b4e0-002219286de2}\Shell\open\Command - "" = D:\husyu8n.exe -- File not found
O33 - MountPoints2\{df4816c6-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816c6-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816c6-eadf-11de-b525-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816c8-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816c8-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816c8-eadf-11de-b525-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816c9-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816c9-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816c9-eadf-11de-b525-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816cb-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816cb-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816cb-eadf-11de-b525-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816cc-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816cc-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816cc-eadf-11de-b525-002219286de2}\Shell\open\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d1-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d1-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d1-eadf-11de-b525-002219286de2}\Shell\open\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d2-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d2-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d2-eadf-11de-b525-002219286de2}\Shell\open\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d3-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d3-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d3-eadf-11de-b525-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d4-eadf-11de-b525-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{df4816d4-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{df4816d6-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = K:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{df4816d6-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = K:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{df4816d6-eadf-11de-b525-002219286de2}\Shell\open\command - "" = K:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{df4816d7-eadf-11de-b525-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{df4816d7-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{df4816d8-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d8-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d8-eadf-11de-b525-002219286de2}\Shell\open\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d9-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d9-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816d9-eadf-11de-b525-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816da-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816da-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816da-eadf-11de-b525-002219286de2}\Shell\open\command - "" = K:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816db-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\601ugf.exe -- File not found
O33 - MountPoints2\{df4816db-eadf-11de-b525-002219286de2}\Shell\open\Command - "" = E:\601ugf.exe -- File not found
O33 - MountPoints2\{df4816dd-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816dd-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816dd-eadf-11de-b525-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816df-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\601ugf.exe -- File not found
O33 - MountPoints2\{df4816df-eadf-11de-b525-002219286de2}\Shell\open\Command - "" = E:\601ugf.exe -- File not found
O33 - MountPoints2\{df4816e1-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816e1-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816e1-eadf-11de-b525-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816e2-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816e2-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816e2-eadf-11de-b525-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816e6-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816e6-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df4816e6-eadf-11de-b525-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df481701-eadf-11de-b525-002219286de2}\Shell\AutoRun\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df481701-eadf-11de-b525-002219286de2}\Shell\explore\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{df481701-eadf-11de-b525-002219286de2}\Shell\open\command - "" = E:\jedna\stvar.exe -- File not found
O33 - MountPoints2\{e062da5e-00de-11df-b53e-002219286de2}\Shell\AutoRun\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{e062da5e-00de-11df-b53e-002219286de2}\Shell\explore\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{e062da5e-00de-11df-b53e-002219286de2}\Shell\open\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{e062da60-00de-11df-b53e-002219286de2}\Shell\AutoRun\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{e062da60-00de-11df-b53e-002219286de2}\Shell\explore\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{e062da60-00de-11df-b53e-002219286de2}\Shell\open\command - "" = E:\KLIZAVI\sapun.exe -- File not found
O33 - MountPoints2\{e14fa757-c463-11de-b4e6-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{e14fa757-c463-11de-b4e6-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mrxbde40.dll,AddAtomT
O33 - MountPoints2\{e14fa758-c463-11de-b4e6-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{e14fa758-c463-11de-b4e6-002219286de2}\Shell\open\Command - "" = rundll32.exe .\msasnm.dll,AddAtomT
O33 - MountPoints2\{e14fa75c-c463-11de-b4e6-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{e14fa75c-c463-11de-b4e6-002219286de2}\Shell\AutoRun\command - "" = E:\autorunner.exe EFBA the European Fur Breeder's Association.mht -- File not found
O33 - MountPoints2\{e14fa75d-c463-11de-b4e6-002219286de2}\Shell\AutoRun\command - "" = K:\g12g.exe -- File not found
O33 - MountPoints2\{e14fa75d-c463-11de-b4e6-002219286de2}\Shell\open\Command - "" = K:\g12g.exe -- File not found
O33 - MountPoints2\{e2d439e8-feba-11de-b53a-002219286de2}\Shell\AutoRun\command - "" = E:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{e2d439e8-feba-11de-b53a-002219286de2}\Shell\open\Command - "" = E:\8xcrbho6.exe -- File not found
O33 - MountPoints2\{e725b83e-af41-11de-b4c3-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{e725b83e-af41-11de-b4c3-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e725b83f-af41-11de-b4c3-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{e725b83f-af41-11de-b4c3-002219286de2}\Shell\open\Command - "" = rundll32.exe .\padgen.dll,AddAtomT
O33 - MountPoints2\{e725b840-af41-11de-b4c3-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{e725b840-af41-11de-b4c3-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e725b843-af41-11de-b4c3-002219286de2}\Shell\AutoRun\command - "" = 2a.exe
O33 - MountPoints2\{e725b843-af41-11de-b4c3-002219286de2}\Shell\open\Command - "" = 2a.exe
O33 - MountPoints2\{e748ef91-0663-11df-b557-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{e748ef91-0663-11df-b557-002219286de2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e748ef92-0663-11df-b557-002219286de2}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/15 13:00:00 | 000,399,872 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e748ef92-0663-11df-b557-002219286de2}\Shell\explore\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/15 13:00:00 | 000,399,872 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e748ef92-0663-11df-b557-002219286de2}\Shell\open\command - "" = C:\WINDOWS\System32\cmd.exe -- [2008/04/15 13:00:00 | 000,399,872 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e748ef9c-0663-11df-b557-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{e748ef9c-0663-11df-b557-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e86f80db-8e65-11de-b491-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{e86f80db-8e65-11de-b491-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e86f80dd-8e65-11de-b491-002219286de2}\Shell\Ouvrir\command - "" = D:\log.exe -- File not found
O33 - MountPoints2\{e8772722-3a06-11de-b423-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{e8772722-3a06-11de-b423-002219286de2}\Shell\open\Command - "" = rundll32.exe .\kbdinkae.dll,AddAtomT
O33 - MountPoints2\{e8772752-3a06-11de-b423-002219286de2}\Shell\AutoRun\command - "" = D:\icxpa.cmd -- File not found
O33 - MountPoints2\{e8772752-3a06-11de-b423-002219286de2}\Shell\open\Command - "" = D:\icxpa.cmd -- File not found
O33 - MountPoints2\{e8772753-3a06-11de-b423-002219286de2}\Shell\AutoRun\command - "" = D:\husyu8n.exe -- File not found
O33 - MountPoints2\{e8772753-3a06-11de-b423-002219286de2}\Shell\open\Command - "" = D:\husyu8n.exe -- File not found
O33 - MountPoints2\{e96e1693-2f19-11de-b414-002219286de2}\Shell\Ouvrir\command - "" = log.exe
O33 - MountPoints2\{ec9b384b-51a0-11de-b44a-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{ec9b384b-51a0-11de-b44a-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{ec9b385a-51a0-11de-b44a-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{ec9b385a-51a0-11de-b44a-002219286de2}\Shell\open\Command - "" = rundll32.exe .\mfehtlk.dll,AddAtomT
O33 - MountPoints2\{ed46645f-567e-11de-b44f-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{ed46645f-567e-11de-b44f-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{edad37fd-d43a-11de-b4fd-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{edad37fd-d43a-11de-b4fd-002219286de2}\Shell\open\Command - "" = rundll32.exe .\winstri.dll,AddAtomT
O33 - MountPoints2\{edad3806-d43a-11de-b4fd-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{edad3806-d43a-11de-b4fd-002219286de2}\Shell\open\Command - "" = rundll32.exe .\oe901dat.dll,AddAtomT
O33 - MountPoints2\{edad3808-d43a-11de-b4fd-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{edad3808-d43a-11de-b4fd-002219286de2}\Shell\open\Command - "" = rundll32.exe .\dhcpcsxc.dll,AddAtomT
O33 - MountPoints2\{edaf6144-0b18-11df-b55c-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{edaf6144-0b18-11df-b55c-002219286de2}\Shell\AutoRun\command - "" = E:\memorybar.exe -- File not found
O33 - MountPoints2\{edaf6149-0b18-11df-b55c-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{edaf6149-0b18-11df-b55c-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{edaf614b-0b18-11df-b55c-002219286de2}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{edaf614b-0b18-11df-b55c-002219286de2}\Shell\open\Command - "" = rundll32.exe .\odbccl32.dll,AddAtomT
O33 - MountPoints2\{f14142da-6d4e-11de-b46c-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{f14142da-6d4e-11de-b46c-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{f1ddab67-32f5-11de-b419-002219286de2}\Shell\AutoRun\command - "" = ej10fkdo.bat
O33 - MountPoints2\{f1ddab67-32f5-11de-b419-002219286de2}\Shell\open\Command - "" = ej10fkdo.bat
O33 - MountPoints2\{f1ddab69-32f5-11de-b419-002219286de2}\Shell\AutoRun\command - "" = husyu8n.exe
O33 - MountPoints2\{f1ddab69-32f5-11de-b419-002219286de2}\Shell\open\Command - "" = husyu8n.exe
O33 - MountPoints2\{f3c8ce2c-8322-11de-b481-002219286de2}\Shell\AutoRun\command - "" = D:\xih9.cmd -- File not found
O33 - MountPoints2\{f3c8ce2c-8322-11de-b481-002219286de2}\Shell\explore\Command - "" = D:\xih9.cmd -- File not found
O33 - MountPoints2\{f3c8ce2c-8322-11de-b481-002219286de2}\Shell\open\Command - "" = D:\xih9.cmd -- File not found
O33 - MountPoints2\{f42ae073-453b-11de-b43a-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{f42ae073-453b-11de-b43a-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f5b829cf-b49e-11de-b4cc-002219286de2}\Shell\AutoRun\command - "" = K:\
O33 - MountPoints2\{f5b829cf-b49e-11de-b4cc-002219286de2}\Shell\open\Command - "" = rundll32.exe .\reautils.dll,AddAtomT
O33 - MountPoints2\{f670cbc1-d5aa-11de-b4ff-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{f670cbc1-d5aa-11de-b4ff-002219286de2}\Shell\open\Command - "" = rundll32.exe .\qaventrt.dll,AddAtomT
O33 - MountPoints2\{f670cbc8-d5aa-11de-b4ff-002219286de2}\Shell\AutoRun\command - "" = D:\ -- File not found
O33 - MountPoints2\{f670cbc8-d5aa-11de-b4ff-002219286de2}\Shell\open\Command - "" = rundll32.exe .\wdoapi.dll,AddAtomT
O33 - MountPoints2\{f670cbce-d5aa-11de-b4ff-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{f670cbce-d5aa-11de-b4ff-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f6ab9f35-49be-11de-b43d-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{f6ab9f36-49be-11de-b43d-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{f6ab9f36-49be-11de-b43d-002219286de2}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f6ab9f3f-49be-11de-b43d-002219286de2}\Shell\AutoRun\command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{f6ab9f3f-49be-11de-b43d-002219286de2}\Shell\open\Command - "" = D:\sm.exe -- File not found
O33 - MountPoints2\{f70e70bb-ee05-11de-b528-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{f70e70bb-ee05-11de-b528-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f70e70bc-ee05-11de-b528-002219286de2}\Shell\AutoRun\command - "" = K:\601ugf.exe -- File not found
O33 - MountPoints2\{f70e70bc-ee05-11de-b528-002219286de2}\Shell\open\Command - "" = K:\601ugf.exe -- File not found
O33 - MountPoints2\{f70e70ce-ee05-11de-b528-002219286de2}\Shell\AutoRun\command - "" = E:\601ugf.exe -- File not found
O33 - MountPoints2\{f70e70ce-ee05-11de-b528-002219286de2}\Shell\open\Command - "" = E:\601ugf.exe -- File not found
O33 - MountPoints2\{f70e70d5-ee05-11de-b528-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{f70e70d5-ee05-11de-b528-002219286de2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{f70e70dc-ee05-11de-b528-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f70e70dc-ee05-11de-b528-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f70e70dc-ee05-11de-b528-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f70e70e3-ee05-11de-b528-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f70e70e3-ee05-11de-b528-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f70e70e3-ee05-11de-b528-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f70e70e5-ee05-11de-b528-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f70e70e5-ee05-11de-b528-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f70e70e5-ee05-11de-b528-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f70e70e7-ee05-11de-b528-002219286de2}\Shell\AutoRun\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f70e70e7-ee05-11de-b528-002219286de2}\Shell\explore\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f70e70e7-ee05-11de-b528-002219286de2}\Shell\open\command - "" = E:\SLATKO\torta.exe -- File not found
O33 - MountPoints2\{f824bf66-af11-11de-b4c2-002219286de2}\Shell - "" = AutoRun
O33 - MountPoints2\{f824bf66-af11-11de-b4c2-002219286de2}\Shell\Auto\command - "" = C:\WINDOWS\explorer.exe -- [2008/04/15 13:00:00 | 001,037,312 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{fad3c5bd-3bb2-11de-b425-002219286de2}\Shell\AutoRun\command - "" = husyu8n.exe
O33 - MountPoints2\{fad3c5bd-3bb2-11de-b425-002219286de2}\Shell\open\Command - "" = husyu8n.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/04/20 18:47:57 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/09 08:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/08 16:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/02/08 15:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Bureaublad\TOOLS
[2010/02/08 15:31:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/02 15:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Defcon 17
[2010/02/02 15:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Mijn documenten\Downloads
[2010/01/28 08:47:16 | 001,183,744 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\Ne45Cdat.dll
[2010/01/28 08:47:16 | 001,159,539 | ---- | C] (RICOH CO., LTD.) -- C:\WINDOWS\System32\RC96E140.DLL
[2010/01/28 08:46:45 | 000,060,928 | ---- | C] (RICOH Corp.) -- C:\WINDOWS\System32\RIC641X.EXE
[2010/01/28 08:46:45 | 000,053,248 | ---- | C] (RICOH COMPANY, LTD) -- C:\WINDOWS\System32\INF641PI.DLL
[2010/01/27 12:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/01/27 10:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\onOne Software
[2010/01/26 16:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2010/01/26 14:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla
[2010/01/26 14:51:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/26 14:47:54 | 000,227,840 | ---- | C] (Iterated Systems, Inc.) -- C:\WINDOWS\System32\Deco_32.dll
[2010/01/26 14:47:54 | 000,061,440 | ---- | C] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\nlssrv32.exe
[2010/01/26 14:47:54 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\WINDOWS\System32\ASTSRV.EXE
[2010/01/26 14:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\onOne Software Shared
[2010/01/26 14:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2010/01/26 14:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\onOne Software
[2009/10/26 14:38:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/26 14:17:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Intuit
[2009/10/26 10:56:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/29 11:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/04/28 16:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/04/20 17:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/20 17:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 14 Days ==========

[2010/02/09 09:29:56 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/02/09 09:23:36 | 000,200,712 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/09 09:23:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 09:23:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 08:39:31 | 000,349,789 | ---- | M] () -- C:\Documents and Settings\Admin\Mijn documenten\Compo PapierSlag 2010.pdf
[2010/02/09 08:38:09 | 000,500,205 | ---- | M] () -- C:\Documents and Settings\Admin\Bureaublad\Flyer papierslag 2010.pdf
[2010/02/09 08:36:00 | 000,172,032 | ---- | M] () -- C:\Documents and Settings\Admin\Bureaublad\Flyer papierslag 2010.ppt
[2010/02/08 18:09:45 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini
[2010/02/08 17:22:14 | 000,090,378 | ---- | M] () -- C:\Documents and Settings\Admin\Bureaublad\Méxicobrief valentijn.pdf
[2010/02/08 17:10:20 | 000,039,438 | ---- | M] () -- C:\Documents and Settings\Admin\Bureaublad\brief shop valentijn mybozar.pdf
[2010/02/08 17:08:41 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/08 14:12:02 | 002,089,568 | ---- | M] () -- C:\Documents and Settings\Admin\Bureaublad\visitekaartje.pdf
[2010/02/08 14:05:45 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 08:23:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/03 17:18:51 | 000,014,130 | ---- | M] () -- C:\Documents and Settings\Admin\Mijn documenten\bijour cassandra.docx
[2010/02/02 15:22:17 | 000,508,500 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\Cat.DB
[2010/02/02 15:19:22 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Norton 360.LNK
[2010/02/02 10:06:25 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0308000.029\isolate.ini
[2010/02/02 09:11:35 | 029,685,276 | ---- | M] () -- C:\Documents and Settings\Admin\Mijn documenten\Impositie_Aspighetti_Scale to fit.pdf
[2010/01/28 08:52:03 | 000,000,966 | -H-- | M] () -- C:\Documents and Settings\Admin\Mijn documenten\SWWATER.INI
[2010/01/28 08:47:17 | 000,000,072 | ---- | M] () -- C:\WINDOWS\ricdb.ini
[2010/01/28 08:47:17 | 000,000,059 | ---- | M] () -- C:\WINDOWS\System32\RPCS.ini
[2010/01/26 14:51:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/01/26 14:51:06 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2010/02/09 08:39:30 | 000,349,789 | ---- | C] () -- C:\Documents and Settings\Admin\Mijn documenten\Compo PapierSlag 2010.pdf
[2010/02/09 08:38:09 | 000,500,205 | ---- | C] () -- C:\Documents and Settings\Admin\Bureaublad\Flyer papierslag 2010.pdf
[2010/02/09 08:36:55 | 000,172,032 | ---- | C] () -- C:\Documents and Settings\Admin\Bureaublad\Flyer papierslag 2010.ppt
[2010/02/08 17:22:14 | 000,090,378 | ---- | C] () -- C:\Documents and Settings\Admin\Bureaublad\Méxicobrief valentijn.pdf
[2010/02/08 17:10:20 | 000,039,438 | ---- | C] () -- C:\Documents and Settings\Admin\Bureaublad\brief shop valentijn mybozar.pdf
[2010/02/08 16:17:27 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Admin\Bureaublad\gmer.exe
[2010/02/08 14:07:45 | 002,089,568 | ---- | C] () -- C:\Documents and Settings\Admin\Bureaublad\visitekaartje.pdf
[2010/02/03 17:18:51 | 000,014,130 | ---- | C] () -- C:\Documents and Settings\Admin\Mijn documenten\bijour cassandra.docx
[2010/02/02 09:11:32 | 029,685,276 | ---- | C] () -- C:\Documents and Settings\Admin\Mijn documenten\Impositie_Aspighetti_Scale to fit.pdf
[2010/01/28 08:47:16 | 000,001,844 | ---- | C] () -- C:\WINDOWS\System32\RC96E1A0.dat
[2010/01/28 08:47:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/01/27 12:34:24 | 000,716,800 | R--- | C] () -- C:\WINDOWS\System32\memorybar.exe
[2010/01/26 14:51:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/26 14:51:06 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Bureaublad\Mozilla Firefox.lnk
[2009/12/10 08:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2009/12/10 08:40:53 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\manual
[2009/12/10 08:40:53 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Admin\Application Data\howto
[2009/12/10 08:40:53 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/10/26 11:47:29 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/10/26 11:44:49 | 000,467,336 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/05/14 12:30:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CPC10Q.INI
[2009/04/29 11:19:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\rx_image.Cache
[2009/04/28 13:41:44 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/04/24 11:02:28 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PitStop.EnfReg
[2009/04/24 10:57:39 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\i1display.sys
[2009/04/23 12:23:20 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/21 08:30:22 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2009/04/21 08:17:11 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2008/05/26 21:22:14 | 000,017,438 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 21:22:10 | 000,023,146 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 21:22:06 | 000,016,842 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

========== LOP Check ==========

[2009/08/07 14:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ariane Software
[2009/05/18 17:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DeepBurner
[2009/12/10 08:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Nikon
[2010/01/27 10:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\onOne Software
[2009/10/19 14:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OpenOffice.org
[2009/12/16 09:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Opera
[2009/04/21 10:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Quite
[2009/04/29 11:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Research In Motion
[2009/04/22 09:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Windows Desktop Search
[2009/04/30 14:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Windows Search
[2010/01/14 12:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\XnView
[2009/05/14 12:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\YouSendIt
[2009/12/10 08:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common
[2009/10/26 11:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2009/12/10 08:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/04/29 07:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2009/04/24 11:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fiery
[2009/10/26 11:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/01/26 14:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\onOne Software
[2009/04/24 10:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/10/26 14:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2009/12/10 08:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/07/06 09:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/10/13 14:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/16 07:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/06/10 07:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/15 13:00:00 | 020,107,370 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/04/15 13:00:00 | 020,107,370 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/15 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/15 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/15 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=CA64B9406EEDA4FFA2DAEAE1DABCCE42 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/21 06:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\Dell\Intel\IaStor.sys
[2008/07/21 06:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/15 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/15 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E6A7071DF6855AB7CCCC220AC3AAD087 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVGTS.SYS >
[2008/01/21 19:15:22 | 000,102,400 | ---- | M] (NVIDIA Corporation) MD5=A0B3F3A5049931657164F0FFCF0B208E -- C:\WINDOWS\Dell\NVidia\nvgts.sys

< MD5 for: NVRD32.SYS >
[2008/01/21 19:15:22 | 000,128,000 | ---- | M] (NVIDIA Corporation) MD5=C9128FE14E5C1E55710781B5C276F2ED -- C:\WINDOWS\Dell\NVidia\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2008/04/15 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/15 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=0E3B585761E23C1E35442E972B7E45F9 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2007/02/10 07:06:00 | 000,100,096 | ---- | M] (LSI Logic) MD5=A42F863305943869BA00A613C8EE8C7E -- C:\WINDOWS\Dell\LSI\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/20 18:50:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/20 18:50:55 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/20 18:50:55 | 000,471,040 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >


OTL EXTRAS LOG


OTL Extras logfile created on: 9/02/2010 9:30:26 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Admin\Bureaublad\TOOLS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 79,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465,68 Gb Total Space | 423,46 Gb Free Space | 90,93% Space Free | Partition Type: NTFS
Drive D: | 465,65 Gb Total Space | 456,05 Gb Free Space | 97,94% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEWDELL
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bladeren met XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A419-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010 Free Edition
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{161ECBCA-D40E-4DC5-84A7-839E8805C5D0}" = NetSalary
"{17A0B102-5007-4279-8F25-6D2184E46DDE}" = Iron Speed Designer V6.2.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30ED8F74-4222-4500-95A4-89651D56D349}" = OpenOffice.org 3.1
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AA05587-3818-4B05-8CFB-8B8F871AAB0E}" = YouSendIt Acrobat Plug-in
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7560F1BD-4656-4FE7-9571-996413E21E1A}" = Fiery User Software-3.7.0.10h
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1040-7D00-7760-000000000003}" = Adobe Acrobat 8 Professional - Italiano, Español, Nederlands
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F73EA8BF-81F5-32AF-8D8A-24F12FD23B79}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FCADA4FF-142C-42A8-B73C-0A54A7F83345}" = Genuine Fractals 6.0.4 Professional Edition
"Adobe Acrobat 8 Professional - Italiano, Español, Nederlands" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"eMindMaps" = eMindMaps
"ERUNT_is1" = ERUNT 1.1j
"ie8" = Windows Internet Explorer 8
"InstallShield_{3AA05587-3818-4B05-8CFB-8B8F871AAB0E}" = YouSendIt Acrobat Plug-in
"InstallShield_{CBB6F775-E76E-49F7-98D3-1519414B1E4B}" = YouSendIt Express
"Layo1_PCB" = Layo1 PCB V10 V10 build 10.22 May 27, 2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"qiplus2_uninstall.exe" = Quite Imposing Plus 2.0 (English)
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Summa - WinPlot_is1" = Summa WinPlot
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"XnView_is1" = XnView 1.96.1
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/01/2010 6:21:12 | Computer Name = NEWDELL | Source = Windows Search Service | ID = 3013
Description = De vermelding <C:\DOCUMENTS AND SETTINGS\ADMIN\BUREAUBLAD\EMPLOYMENT
APPLICATION FORM _OFFICER_.PDF> in de hash-toewijzing kan niet worden bijgewerkt.

Context:
toepassing , catalogus SystemIndex Details: Een apparaat dat op het systeem is aangesloten,
werkt niet. (0x8007001f)

Error - 2/02/2010 10:19:18 | Computer Name = NEWDELL | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download....uthrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: The server name or address could not be resolved

Error - 2/02/2010 10:19:23 | Computer Name = NEWDELL | Source = crypt32 | ID = 131080
Description = Het bij <http://www.download....uthrootseq.txt>
opvragen van de automatische update van het basislijstvolgordenummer van derden
is mislukt met de fout: The server name or address could not be resolved

Error - 2/02/2010 10:23:49 | Computer Name = NEWDELL | Source = Windows Search Service | ID = 3013
Description = De vermelding <C:\DOCUMENTS AND SETTINGS\ADMIN\BUREAUBLAD\SERVICES
ESTHETIQUES.PDF> in de hash-toewijzing kan niet worden bijgewerkt. Context: toepassing
, catalogus SystemIndex Details: Een apparaat dat op het systeem is aangesloten,
werkt niet. (0x8007001f)

Error - 3/02/2010 5:35:18 | Computer Name = NEWDELL | Source = Windows Search Service | ID = 3013
Description = De vermelding <C:\DOCUMENTS AND SETTINGS\ADMIN\BUREAUBLAD\IN DE DEELNEMERSMAP\JET-INFOBLAD-OMSLAG.PDF>
in de hash-toewijzing kan niet worden bijgewerkt. Context: toepassing , catalogus
SystemIndex Details: Een apparaat dat op het systeem is aangesloten, werkt niet.
(0x8007001f)

Error - 3/02/2010 11:00:26 | Computer Name = NEWDELL | Source = Windows Search Service | ID = 3013
Description = De vermelding <C:\DOCUMENTS AND SETTINGS\ADMIN\ONLANGS GEOPEND\STORE
N GO (E).LNK> in de hash-toewijzing kan niet worden bijgewerkt. Context: toepassing
, catalogus SystemIndex Details: Een apparaat dat op het systeem is aangesloten,
werkt niet. (0x8007001f)

Error - 3/02/2010 11:00:26 | Computer Name = NEWDELL | Source = Windows Search Service | ID = 3013
Description = De vermelding <C:\DOCUMENTS AND SETTINGS\ADMIN\ONLANGS GEOPEND\STORE
N GO (E).LNK> in de hash-toewijzing kan niet worden bijgewerkt. Context: toepassing
, catalogus SystemIndex Details: Een apparaat dat op het systeem is aangesloten,
werkt niet. (0x8007001f)

Error - 5/02/2010 5:20:46 | Computer Name = NEWDELL | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 winword.exe, P2 12.0.4518.1014, P3
ntdll.dll, P4 5.1.2600.5512, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 8/02/2010 12:10:19 | Computer Name = NEWDELL | Source = Windows Search Service | ID = 3013
Description = De vermelding <C:\DOCUMENTS AND SETTINGS\ADMIN\BUREAUBLAD\BRIEF SHOP
VALENTIJN MYBOZAR.PDF> in de hash-toewijzing kan niet worden bijgewerkt. Context:
toepassing , catalogus SystemIndex Details: Een apparaat dat op het systeem is aangesloten,
werkt niet. (0x8007001f)

Error - 9/02/2010 3:37:06 | Computer Name = NEWDELL | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office PowerPoint.

[ OSession Events ]
Error - 11/05/2009 2:40:45 | Computer Name = NEWDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 36
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/06/2009 11:48:25 | Computer Name = NEWDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6596
seconds with 420 seconds of active time. This session ended with a crash.

Error - 25/06/2009 13:24:11 | Computer Name = NEWDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15567
seconds with 180 seconds of active time. This session ended with a crash.

Error - 19/10/2009 11:09:18 | Computer Name = NEWDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 78 seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/12/2009 12:49:49 | Computer Name = NEWDELL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 197
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/02/2010 3:52:11 | Computer Name = NEWDELL | Source = Service Control Manager | ID = 7000
Description = De Planner voor Automatische LiveUpdate-service kan vanwege de volgende
fout niet worden gestart: %%3

Error - 9/02/2010 3:52:11 | Computer Name = NEWDELL | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Roxio Hard Drive Watcher 9.

Error - 9/02/2010 3:57:12 | Computer Name = NEWDELL | Source = System Error | ID = 1003
Description = Foutcode; 1000007f, parameter1: 0000000d, parameter2: 00000000, parameter3:
00000000, parameter4: 00000000.

Error - 9/02/2010 3:57:44 | Computer Name = NEWDELL | Source = Service Control Manager | ID = 7000
Description = De Planner voor Automatische LiveUpdate-service kan vanwege de volgende
fout niet worden gestart: %%3

Error - 9/02/2010 3:57:44 | Computer Name = NEWDELL | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Roxio Hard Drive Watcher 9.

Error - 9/02/2010 3:59:23 | Computer Name = NEWDELL | Source = DCOM | ID = 10010
Description = De server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} heeft zich binnen
de vereiste termijn niet bij DCOM geregistreerd.

Error - 9/02/2010 4:01:23 | Computer Name = NEWDELL | Source = DCOM | ID = 10010
Description = De server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} heeft zich binnen
de vereiste termijn niet bij DCOM geregistreerd.

Error - 9/02/2010 4:03:24 | Computer Name = NEWDELL | Source = DCOM | ID = 10010
Description = De server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} heeft zich binnen
de vereiste termijn niet bij DCOM geregistreerd.

Error - 9/02/2010 4:25:18 | Computer Name = NEWDELL | Source = Service Control Manager | ID = 7000
Description = De Planner voor Automatische LiveUpdate-service kan vanwege de volgende
fout niet worden gestart: %%3

Error - 9/02/2010 4:25:18 | Computer Name = NEWDELL | Source = Service Control Manager | ID = 7009
Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
deze service: Roxio Hard Drive Watcher 9.


< End of report >

Edited by Lio_, 09 February 2010 - 02:57 AM.

  • 0

Advertisements

#2
RKinner
Posted 10 February 2010 - 02:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
This one looks like fun. You can see there are several infected USB drives with different infections (look in the O32/O33 sections of the OTL log)

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************************************
reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" /f

**********************************************************************

Start, Run, cmd, OK to bring up a new Command Prompt window. Rightclick and select Paste and the above text should appear. Make sure you got it all and then hit Enter.

Close the Command Prompt window.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

PS In addition to Flash_Disinfector there is a program called Autorun Eater v2.4
http://oldmcdonald.wordpress.com/

A bit odd with the goat logo but does what it promises.
  • 0

#3
Lio_
Posted 11 February 2010 - 02:49 AM

Lio_

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi ron

Thanks alot for the help!
never seen my PC boot up so fast.

Now the USB sticks are from clients so I can't really desinfect them since I don't have them here.

I've installed the autorun blocker with the goat (please make my day en tell me it'll also stop U3 from popping up everytime someone comes in with that)

Heres George's log (he says hi by the way)
ComboFix 10-02-10.04 - Admin 11/02/2010 8:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3326.2670 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Admin\Bureaublad\george.exe
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Admin\Menu Start\Programma's\Opstarten\OpenOffice.org 3.1 .lnk
c:\recycler\S-1-5-21-0020128135-6530807596-099895405-3970
c:\recycler\S-1-5-21-0022026910-4027117244-309695296-2878
c:\recycler\S-1-5-21-0128319125-9366705574-609130282-6540
c:\recycler\S-1-5-21-0166680435-2030279899-013669134-5087
c:\recycler\S-1-5-21-0168098449-5197812874-047054063-3806
c:\recycler\S-1-5-21-0236954102-4011580641-547098702-7635
c:\recycler\S-1-5-21-0461481997-5469415063-181747534-5594
c:\recycler\S-1-5-21-0651421735-6209668395-243281911-3265
c:\recycler\S-1-5-21-0707510043-3892283848-949579708-1446
c:\recycler\S-1-5-21-0711471113-8744191876-640877337-0224
c:\recycler\S-1-5-21-0825858120-0225850182-848819981-0161
c:\recycler\S-1-5-21-0887255672-1276812014-961644237-6745
c:\recycler\S-1-5-21-0913590557-3911305138-770187678-7241
c:\recycler\S-1-5-21-0931223009-5551727547-447974206-0373
c:\recycler\S-1-5-21-1069099044-5845698842-645041750-0700
c:\recycler\S-1-5-21-1134857907-1083689360-425593576-4496
c:\recycler\S-1-5-21-1216557138-7786180374-434856261-2282
c:\recycler\S-1-5-21-1409508197-3963987722-990081933-3326
c:\recycler\S-1-5-21-1453677002-0818109961-767036095-3848
c:\recycler\S-1-5-21-1616879055-0269964066-506106402-8894
c:\recycler\S-1-5-21-1636539427-5566235571-475796633-4804
c:\recycler\S-1-5-21-1696706501-4713613390-273710933-3306
c:\recycler\S-1-5-21-1767363473-9183395443-009746650-0532
c:\recycler\S-1-5-21-1788031255-1278661992-979112381-7259
c:\recycler\S-1-5-21-1837196092-1888627952-128707934-8310
c:\recycler\S-1-5-21-1931068471-8022663680-936274548-2684
c:\recycler\S-1-5-21-2003285653-4102941981-711517901-6388
c:\recycler\S-1-5-21-2116142809-2245204792-884471277-0628
c:\recycler\S-1-5-21-2140284738-7071825730-113591436-6019
c:\recycler\S-1-5-21-2182500785-2043779811-759347336-8829
c:\recycler\S-1-5-21-2193317408-5670081801-974661460-9729
c:\recycler\S-1-5-21-2193899957-6890076697-667247479-0239
c:\recycler\S-1-5-21-2327876527-7176273272-795119568-2548
c:\recycler\S-1-5-21-2475173355-0112557140-486073240-7780
c:\recycler\S-1-5-21-2521782165-3448096243-190233110-3178
c:\recycler\S-1-5-21-2531728188-4568594979-185974012-2586
c:\recycler\S-1-5-21-2558134792-2634392855-907205502-5820
c:\recycler\S-1-5-21-2658515698-9144875939-449326385-1524
c:\recycler\S-1-5-21-2684912736-8940382952-334972167-8114
c:\recycler\S-1-5-21-2687222864-1410418837-469684664-7515
c:\recycler\S-1-5-21-2693041128-5471260098-913711475-6530
c:\recycler\S-1-5-21-2846458007-5334365657-714370848-3426
c:\recycler\S-1-5-21-2850369358-6383945442-651010247-2954
c:\recycler\S-1-5-21-2871091594-9060984081-288700200-9941
c:\recycler\S-1-5-21-2900074855-6167082777-499844744-2188
c:\recycler\S-1-5-21-2934945024-3553783516-055747318-1310
c:\recycler\S-1-5-21-2946377890-7319254920-918489824-9701
c:\recycler\S-1-5-21-2948852339-7576668341-199570282-7268
c:\recycler\S-1-5-21-2956833132-5031444053-936076570-0291
c:\recycler\S-1-5-21-3037354717-2315367281-020263693-7689
c:\recycler\S-1-5-21-3068293190-0716202940-687115284-0341
c:\recycler\S-1-5-21-3165885971-0067244164-196412707-8954
c:\recycler\S-1-5-21-3238009210-6640336812-812652363-9862
c:\recycler\S-1-5-21-3494309518-4113871829-718998789-5848
c:\recycler\S-1-5-21-3510666874-5133723591-774420830-3503
c:\recycler\S-1-5-21-3603239711-5160628363-299341932-8566
c:\recycler\S-1-5-21-3605770054-1887014008-872657844-9121
c:\recycler\S-1-5-21-3658970309-4375958999-060084067-0454
c:\recycler\S-1-5-21-3689642240-1001096841-684166774-6524
c:\recycler\S-1-5-21-3769907844-7423744129-403900966-5878
c:\recycler\S-1-5-21-3777541319-5431750073-135460306-2495
c:\recycler\S-1-5-21-3900101448-9648885804-064795232-8460
c:\recycler\S-1-5-21-3910352410-2405221470-595856326-0849
c:\recycler\S-1-5-21-3953100819-2216688222-477377801-3319
c:\recycler\S-1-5-21-3967394208-4165912016-927759082-7762
c:\recycler\S-1-5-21-4012947516-7796502541-847009859-7219
c:\recycler\S-1-5-21-4044737146-3789632294-990303335-0002
c:\recycler\S-1-5-21-4065849413-7098655810-125649062-4397
c:\recycler\S-1-5-21-4210165684-0215948666-836314771-8733
c:\recycler\S-1-5-21-4347518811-9749944736-045839246-8723
c:\recycler\S-1-5-21-4394002900-6708329073-473073030-3956
c:\recycler\S-1-5-21-4472483683-4075000163-567432240-4571
c:\recycler\S-1-5-21-4552517604-8494919134-339319338-6396
c:\recycler\S-1-5-21-4577918740-9152907870-821308544-1965
c:\recycler\S-1-5-21-4598683171-7184985838-054744930-0033
c:\recycler\S-1-5-21-4643150702-0147053726-375214440-6582
c:\recycler\S-1-5-21-4652027309-7741586123-711627045-6890
c:\recycler\S-1-5-21-4801308297-0306874022-875872965-0663
c:\recycler\S-1-5-21-4992897444-1288143554-412154876-2187
c:\recycler\S-1-5-21-5015847040-5278535769-416933688-3127
c:\recycler\S-1-5-21-5079989976-2728318931-630340025-2183
c:\recycler\S-1-5-21-5093554686-4893668718-632783426-6435
c:\recycler\S-1-5-21-5127880233-2732865600-795569213-2725
c:\recycler\S-1-5-21-5220566475-1320641916-288189906-7852
c:\recycler\S-1-5-21-5251940579-3680556278-737317730-4844
c:\recycler\S-1-5-21-5275171265-4740804695-234669756-3624
c:\recycler\S-1-5-21-5309794482-5042972868-494123461-4619
c:\recycler\S-1-5-21-5327966287-9835440749-668531137-8798
c:\recycler\S-1-5-21-5429709984-5301614110-728394179-8934
c:\recycler\S-1-5-21-5460047902-6819134533-243595538-0531
c:\recycler\S-1-5-21-5524565457-3053829954-200989473-1214
c:\recycler\S-1-5-21-5571346033-2651518921-216717751-3462
c:\recycler\S-1-5-21-5589785856-3970787209-155164348-4052
c:\recycler\S-1-5-21-5664978411-6139445826-191536657-0200
c:\recycler\S-1-5-21-5762514583-3628556864-680100655-7269
c:\recycler\S-1-5-21-5882227282-9793775167-543755868-4885
c:\recycler\S-1-5-21-6041348054-1613636134-970008755-2242
c:\recycler\S-1-5-21-6091618299-2646952437-309870967-6993
c:\recycler\S-1-5-21-6164295364-8620992291-463780206-3094
c:\recycler\S-1-5-21-6345719156-3441895534-562132793-7940
c:\recycler\S-1-5-21-6398355917-7471212417-149673347-8117
c:\recycler\S-1-5-21-6459339552-1712763849-843136146-5623
c:\recycler\S-1-5-21-6467808413-8876491291-216150402-5963
c:\recycler\S-1-5-21-6580781641-6366771863-268470193-2074
c:\recycler\S-1-5-21-6611193447-7444874361-533420146-2599
c:\recycler\S-1-5-21-6651015305-9518685918-314884994-4551
c:\recycler\S-1-5-21-6687960556-3777432023-090066363-8829
c:\recycler\S-1-5-21-6717208888-7640734289-438412375-2875
c:\recycler\S-1-5-21-6807322507-9705019654-224511615-3635
c:\recycler\S-1-5-21-6857600658-9353371405-564535318-9579
c:\recycler\S-1-5-21-7000083273-3512644993-404892628-4437
c:\recycler\S-1-5-21-7044998522-4681501440-747940965-3362
c:\recycler\S-1-5-21-7051263447-5108547990-028745948-6600
c:\recycler\S-1-5-21-7193639761-7096908507-299183809-7591
c:\recycler\S-1-5-21-7248661265-9056027880-502993365-9200
c:\recycler\S-1-5-21-7324968929-6390343288-468535605-3210
c:\recycler\S-1-5-21-7346863336-1354571002-294505979-7814
c:\recycler\S-1-5-21-7439441160-1626044030-487124950-3878
c:\recycler\S-1-5-21-7501028288-7849840259-338212487-8545
c:\recycler\S-1-5-21-7514758212-0815843714-245824938-6081
c:\recycler\S-1-5-21-7541346671-0199627389-873417744-3740
c:\recycler\S-1-5-21-7713015845-2748044228-432781566-4103
c:\recycler\S-1-5-21-7715923270-9344481352-480063225-3406
c:\recycler\S-1-5-21-7798078308-4480159614-335093915-6476
c:\recycler\S-1-5-21-7808054014-2923294229-587550004-6543
c:\recycler\S-1-5-21-7822958038-0067091890-770836543-3475
c:\recycler\S-1-5-21-7857728861-2332603560-635244638-3652
c:\recycler\S-1-5-21-7895209687-0703474276-770873323-0532
c:\recycler\S-1-5-21-7911679295-6947431142-744235355-4586
c:\recycler\S-1-5-21-7978099294-4110928440-175661636-8983
c:\recycler\S-1-5-21-8044364770-8945108381-459896906-4766
c:\recycler\S-1-5-21-8127750167-6407003028-207495561-2545
c:\recycler\S-1-5-21-8319242483-9377602247-957361915-5440
c:\recycler\S-1-5-21-8326410662-4730707015-175333928-2406
c:\recycler\S-1-5-21-8492158111-6732380988-949513735-2747
c:\recycler\S-1-5-21-8518585142-3456706910-814736989-0239
c:\recycler\S-1-5-21-8519220788-4444549636-561750805-2657
c:\recycler\S-1-5-21-8751653866-5066237655-312289195-1440
c:\recycler\S-1-5-21-8856537448-2707396267-880057876-3191
c:\recycler\S-1-5-21-8920637823-3340495608-812278241-4379
c:\recycler\S-1-5-21-8945515400-9173487692-545361488-4021
c:\recycler\S-1-5-21-8948102130-9584928365-179585061-8161
c:\recycler\S-1-5-21-8960309751-4249110294-650037367-9451
c:\recycler\S-1-5-21-9093117276-9649560693-476590644-4794
c:\recycler\S-1-5-21-9194377279-9106300544-504006987-2767
c:\recycler\S-1-5-21-9244096891-9797628042-549878196-0464
c:\recycler\S-1-5-21-9302219476-6153399106-137678309-4331
c:\recycler\S-1-5-21-9445462896-9196255245-726097415-6073
c:\recycler\S-1-5-21-9594348092-2830747859-793248500-8534
c:\recycler\S-1-5-21-9600345024-1882615145-026821003-2920
c:\recycler\S-1-5-21-9613023731-4604481190-446130421-6887
c:\recycler\S-1-5-21-9624469828-1006780702-000890422-1904
c:\recycler\S-1-5-21-9633803467-8734731757-732771210-5162
c:\recycler\S-1-5-21-9660065217-3289345258-666135224-2895
c:\recycler\S-1-5-21-9672659490-7653262788-348222957-0572
c:\recycler\S-1-5-21-9919884483-5099588691-426704642-9315
c:\recycler\S-1-5-21-9968855292-9852537471-851510974-9769
c:\windows\system32\mswmpdat.tlb
D:\Autorun.inf

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-01-11 to 2010-02-11 ))))))))))))))))))))))))))))))
.

2010-02-11 07:50 . 2010-02-11 07:50 -------- d-----r- c:\program files\Norton Support
2010-02-11 07:28 . 2009-08-22 08:14 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-02-10 07:38 . 2010-02-03 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100209.052\NAVENG.SYS
2010-02-10 07:38 . 2010-02-03 09:00 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100209.052\NAVEX15.SYS
2010-02-10 07:38 . 2009-12-09 09:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100209.052\CCERASER.DLL
2010-02-10 07:38 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100209.052\ECMSVR32.DLL
2010-02-10 07:38 . 2009-09-13 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100209.052\EECTRL.SYS
2010-02-10 07:38 . 2009-09-13 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100209.052\NAVENG32.DLL
2010-02-10 07:38 . 2009-09-13 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100209.052\NAVEX32A.DLL
2010-02-10 07:38 . 2009-09-13 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100209.052\ERASER.SYS
2010-02-08 15:08 . 2010-02-08 15:08 -------- d-----w- c:\program files\ERUNT
2010-02-08 07:34 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSvix86.sys
2010-02-08 07:34 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSXpx86.sys
2010-02-08 07:34 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\Scxpx86.dll
2010-02-08 07:34 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSxpx86.dll
2010-02-08 07:34 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSviA64.sys
2010-02-02 14:55 . 2010-02-02 14:55 -------- d-----w- c:\program files\Defcon 17
2010-02-01 07:39 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSvix86.sys
2010-02-01 07:39 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSXpx86.sys
2010-02-01 07:39 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\Scxpx86.dll
2010-02-01 07:39 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSxpx86.dll
2010-02-01 07:39 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100128.002\IDSviA64.sys
2010-01-28 07:47 . 2006-03-29 09:11 1844 ----a-w- c:\windows\system32\RC96E1A0.dat
2010-01-28 07:47 . 2006-03-29 09:11 1159539 ----a-w- c:\windows\system32\RC96E140.DLL
2010-01-28 07:47 . 2006-01-18 09:47 1183744 ----a-w- c:\windows\system32\Ne45Cdat.dll
2010-01-28 07:46 . 2005-12-11 00:01 60928 ----a-w- c:\windows\system32\RIC641X.EXE
2010-01-28 07:46 . 2005-08-01 05:48 53248 ----a-w- c:\windows\system32\INF641PI.DLL
2010-01-27 11:34 . 2007-03-17 06:33 716800 ----a-r- c:\windows\system32\memorybar.exe
2010-01-27 11:21 . 2010-01-27 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-27 09:35 . 2010-01-27 09:35 -------- d-----w- c:\documents and settings\Admin\Application Data\onOne Software
2010-01-26 15:13 . 2010-01-26 15:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-01-26 13:51 . 2010-01-26 13:51 0 ----a-w- c:\windows\nsreg.dat
2010-01-26 13:51 . 2010-01-26 13:51 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
2010-01-26 13:51 . 2009-09-14 13:14 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-15 08:05 . 2010-01-15 08:05 -------- d-sh--w- c:\documents and settings\Admin\UserData
2010-01-14 13:20 . 2010-01-14 13:20 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-01-14 13:20 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 13:20 . 2010-01-14 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-14 13:20 . 2010-01-14 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-14 13:20 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-14 13:16 . 2010-01-14 13:17 -------- d-----w- c:\program files\Navilog1
2010-01-13 13:09 . 2010-01-13 13:09 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\IsolatedStorage
2010-01-13 13:07 . 2010-01-13 13:07 -------- d-----w- c:\program files\Iron Speed

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 14:42 . 2009-04-21 08:28 -------- d-----w- c:\program files\SummaWinplot
2010-02-09 13:54 . 2009-04-21 13:39 -------- d-----w- c:\documents and settings\Admin\Application Data\U3
2010-02-09 12:13 . 2009-04-21 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-29 08:44 . 2009-10-19 13:06 1 ----a-w- c:\documents and settings\Admin\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-28 07:49 . 2009-06-10 06:48 -------- d-----w- c:\documents and settings\Admin\Application Data\Apple Computer
2010-01-26 13:47 . 2010-01-26 13:47 -------- d-----w- c:\program files\Common Files\onOne Software Shared
2010-01-26 13:47 . 2010-01-26 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\onOne Software
2010-01-26 13:47 . 2010-01-26 13:47 -------- d-----w- c:\program files\onOne Software
2010-01-26 13:47 . 2009-04-21 06:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 11:48 . 2009-05-18 11:44 -------- d-----w- c:\documents and settings\Admin\Application Data\XnView
2010-01-06 13:32 . 2010-01-06 13:32 -------- d-----w- c:\program files\Citrix
2010-01-06 13:31 . 2010-01-06 13:31 70984 ----a-w- c:\documents and settings\Admin\g2mdlhlpx.exe
2009-12-24 13:54 . 2009-10-26 10:44 467336 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-16 14:38 . 2009-04-22 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-15 08:45 . 2009-12-10 07:40 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2009-12-10 07:43 . 2009-12-10 07:43 49152 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2009-12-10 07:43 . 2009-12-10 07:43 335872 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2009-12-10 07:42 . 2009-12-10 07:42 57344 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2009-11-25 08:28 . 2009-10-27 07:40 852784 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\dblgen11.dll
2009-11-25 08:28 . 2009-10-27 07:40 2168112 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2009-11-25 08:28 . 2009-10-27 07:40 205576 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2009-11-25 08:28 . 2009-10-27 07:40 1087752 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManager.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-01 1036288]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-12 13578240]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-01 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Command WorkStation 4.lnk - c:\program files\Fiery\Command WorkStation 4\cws 4.exe [2009-4-24 4337664]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2-2-2010 10:06 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2-2-2010 10:06 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2-2-2010 10:06 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100204.001\IDSXpx86.sys [8-2-2010 8:34 329592]
R2 EFI ES1000;EFI ES1000;c:\program files\Common Files\EFI\EFI ES-1000 Service\ES1000Service.exe [24-4-2009 10:57 9216]
R2 Fiery Bridge Mailbox Synchronization;Fiery Bridge Mailbox Synchronization;c:\program files\Fiery\Fiery Bridge\x86\MailboxSyncService.exe [24-4-2009 11:06 114688]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2-2-2010 10:06 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [13-9-2009 9:00 102448]
S0 cerc6;cerc6; [x]
S3 SUMMAUSB;Summa Cutter USB port 1 v6.2;c:\windows\system32\drivers\XPSP2USB.sys [21-6-2007 8:59 19968]
.
Inhoud van de 'Gedeelde Taken' map

2009-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Connection Wizard,ShellNext = iexplore
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingdoel converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {3D686393-263C-40F6-9E4E-AD686292FFC9} = 195.238.2.21 195.238.2.22
TCP: {45BABAB7-818D-42C0-8497-57C34EA97802} = 192.238.2.21,192.238.2.22
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\tkwgkvui.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 09:01
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
.
Voltooingstijd: 2010-02-11 09:02:45
ComboFix-quarantined-files.txt 2010-02-11 08:02

Pre-Run: 453.383.647.232 bytes beschikbaar
Post-Run: 453.621.559.296 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 62919B058EAABF97BC5B712A8AE8FC44
  • 0

#4
RKinner
Posted 11 February 2010 - 11:47 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Have to rename Combofix something and George was an idiot I went to high school with. Easy for people to remember anyway.

Your log looks pretty good. I do see this program which was probably a present from someone's USB drive.

c:\windows\system32\memorybar.exe

http://www.supertale...anual_v1033.pdf tells what it does.

You have two drivers with ? (can't read) or x (file not found) but both are legitimate.

I think we got everything. Any signs of a problem left?

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html
It takes a while (hours) and you have to turn off your antivirus while you are running it but it is pretty thorough.

If windows blocks the active x then try putting Bitdefender in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.bitdefender.com then ADD. OK.

If BitDefender comes back clean then you can uninstall or delete any tools we had you download and their logs. You can manually remove C:\george, C:\qoobox then put your system back the way it was (tho i would leave the hide extensions option unchecked.)


You do not have the latest Java. Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

Go ahead and run through the Malware Removal protocol
http://www.geekstogo...uide-t2852.html
on the other two machines and post their logs here. If they are both XP machines you can also do my first post on them.

Ron

Edited by RKinner, 11 February 2010 - 12:42 PM.

  • 0

#5
Lio_
Posted 12 February 2010 - 01:39 AM

Lio_

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi,

thx again for the help and the quick replies, I'm gonna do everything you told now.

the two other machines will be processed monday.


Thanks a lot for your help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP