trojan WIN32/olmarik ako na nej? prosim pomoc

[Neo_PN]

Zdravím chcel by som sa spytat ESET SMART SECURITY 4 mi vyhodil dneska hlasku ze neasiel trojana Olmarika v operacnej pameti da sa to nejako vymazat bez toho aby som musel preinstalovat komplet cely pocitac? Prosim pomozte dakujem velmi pekne. ESET este hlasil jedneho olmarika win32/olmarik.TX ale toho vyliecil ale je tam este jeden a ten je v tej operacnej pamati a nemozem ho vymazat prosim o radu dakujem velmi pekne.

[vyosek]

Zdravim a pekny den preji

reinstalem byste se teto mrchy nezbavil

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

• Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
• Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
• Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
• Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
• Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
• Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

Dejte log z RSIT - viz muj podpis

[Neo_PN]

Tak spravil som presne tak ako si mi povedal dufam ze ti mozem tykat tu je log ako si pisal ze mam poslat :

2011/07/24 09:59:56.0859 3356 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/24 09:59:57.0171 3356 ================================================================================
2011/07/24 09:59:57.0171 3356 SystemInfo:
2011/07/24 09:59:57.0171 3356
2011/07/24 09:59:57.0171 3356 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/24 09:59:57.0171 3356 Product type: Workstation
2011/07/24 09:59:57.0171 3356 ComputerName: NEO_PN
2011/07/24 09:59:57.0171 3356 UserName: Neo_PN
2011/07/24 09:59:57.0171 3356 Windows directory: C:\WINDOWS
2011/07/24 09:59:57.0171 3356 System windows directory: C:\WINDOWS
2011/07/24 09:59:57.0171 3356 Processor architecture: Intel x86
2011/07/24 09:59:57.0171 3356 Number of processors: 2
2011/07/24 09:59:57.0171 3356 Page size: 0x1000
2011/07/24 09:59:57.0171 3356 Boot type: Normal boot
2011/07/24 09:59:57.0171 3356 ================================================================================
2011/07/24 09:59:58.0234 3356 Initialize success
2011/07/24 10:00:02.0937 3620 ================================================================================
2011/07/24 10:00:02.0937 3620 Scan started
2011/07/24 10:00:02.0937 3620 Mode: Manual;
2011/07/24 10:00:02.0937 3620 ================================================================================
2011/07/24 10:00:04.0515 3620 Suspicious service (Hidden): gasfkykrjxdoyl
2011/07/24 10:00:04.0515 3620 gasfkykrjxdoyl - detected Rootkit.Win32.TDSS.tdl2 (0)
2011/07/24 10:00:06.0406 3620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/07/24 10:00:06.0421 3620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
2011/07/24 10:00:06.0437 3620 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
2011/07/24 10:00:06.0453 3620 ================================================================================
2011/07/24 10:00:06.0453 3620 Scan finished
2011/07/24 10:00:06.0453 3620 ================================================================================
2011/07/24 10:00:06.0468 3624 Detected object count: 1
2011/07/24 10:00:06.0468 3624 Actual detected object count: 1
2011/07/24 10:00:28.0437 3624 C:\WINDOWS\system32\drivers\gasfkytoyomovv.sys - will be deleted after reboot
2011/07/24 10:00:28.0437 3624 C:\WINDOWS\system32\gasfkyrtymevpp.dll - will be deleted after reboot
2011/07/24 10:00:28.0437 3624 C:\WINDOWS\system32\gasfkyjwnsmvdd.dat - will be deleted after reboot
2011/07/24 10:00:28.0437 3624 C:\WINDOWS\system32\gasfkyhonbmlwv.dll - will be deleted after reboot
2011/07/24 10:00:28.0437 3624 C:\WINDOWS\system32\gasfkyqxvpsonb.dat - will be deleted after reboot
2011/07/24 10:00:28.0437 3624 HKLM\SYSTEM\ControlSet001\services\gasfkykrjxdoyl - will be deleted after reboot
2011/07/24 10:00:28.0453 3624 HKLM\SYSTEM\ControlSet003\services\gasfkykrjxdoyl - will be deleted after reboot
2011/07/24 10:00:28.0468 3624 C:\WINDOWS\system32\drivers\gasfkytoyomovv.sys - will be deleted after reboot
2011/07/24 10:00:28.0468 3624 Rootkit.Win32.TDSS.tdl2(gasfkykrjxdoyl) - User select action: Delete
2011/07/24 10:00:41.0875 3320 Deinitialize success

[vyosek]

Tykat klidne muzes ale navody mam psane ve vykani, takze to musis trpet

Tak jedne mrchy jsme se zbavili, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Neo_PN]

Ok spravil som ako si mi poradil a tu je log s Combofixu :


ComboFix 11-07-23.04 - Neo_PN . 07. 2011 12:39:34.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3327.2723 [GMT 2:00]
Running from: c:\documents and settings\Neo_PN\Dokumenty\Preberanie\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-23 14:02 . 2011-07-23 14:02 -------- d-----w- C:\epsxe170
2011-07-22 11:46 . 2011-07-22 11:46 -------- d-----w- C:\spoolerlogs
2011-07-19 08:39 . 2011-07-19 08:39 -------- d-----w- C:\ATI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-17 13:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 04:21 . 2008-02-09 03:58 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 03:14 . 2008-02-09 02:43 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:05 . 2008-02-09 02:17 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58 . 2008-02-09 02:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:55 . 2008-02-09 03:04 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54 . 2008-02-09 02:36 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39 . 2008-02-09 02:55 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39 . 2007-10-12 18:01 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39 . 2008-02-09 02:55 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39 . 2008-02-09 02:55 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38 . 2008-02-09 02:24 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38 . 2008-02-09 02:55 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37 . 2008-02-09 02:53 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36 . 2008-02-09 02:52 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:31 . 2008-02-09 02:21 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27 . 2008-02-09 02:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22 . 2008-02-09 02:13 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-04-29 17:25 . 2004-08-17 13:49 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-25 14:47 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2004-08-17 13:49 1510912 ----a-w- c:\windows\system32\shdocvw.dll
2011-04-25 14:47 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 14:47 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:43 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2011-07-08 07:52 . 2011-07-19 10:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-22_14.36.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2009-07-11 18:54 . 2009-07-11 18:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 23:07 . 2009-07-11 23:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 23:19 . 2009-07-11 23:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 17:41 . 2009-07-11 17:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2009-06-28 21:42 . 2009-06-28 21:42 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2011-07-22 15:24 . 2011-07-22 15:24 82432 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2011-07-24 08:02 . 2011-07-24 08:02 16384 c:\windows\Temp\Perflib_Perfdata_2d0.dat
+ 2011-07-19 14:03 . 2007-11-30 03:39 18296 c:\windows\system32\spmsg.dll
- 2001-10-25 12:00 . 2011-07-22 13:50 67312 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2011-07-24 08:06 67312 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2011-07-22 13:50 77876 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2011-07-24 08:06 77876 c:\windows\system32\perfc005.dat
+ 2011-07-22 15:23 . 2011-05-18 08:13 75264 c:\windows\system32\nmwcdcls.dll
+ 2003-04-18 14:29 . 2003-04-18 14:29 82432 c:\windows\system32\msxml4r.dll
+ 2004-08-17 13:49 . 2008-05-19 04:33 18944 c:\windows\system32\msisip.dll
+ 2004-08-17 13:49 . 2008-05-18 23:57 95744 c:\windows\system32\msiexec.exe
+ 2011-07-22 15:27 . 2007-04-10 13:14 12424 c:\windows\system32\DRVSTORE\se3esdm2_9764AEB0AF92C101555E353C0F0D3CF5C63F33FA\i386\se3ecmnt.sys
+ 2011-07-22 15:27 . 2007-04-10 13:14 98568 c:\windows\system32\DRVSTORE\se3eobx2_4D2AF8EAA7B19E8748780FA6098D3AACC5D8D9F9\i386\se3eobex.sys
+ 2011-07-22 15:27 . 2007-04-10 13:14 12424 c:\windows\system32\DRVSTORE\se3eobx2_4D2AF8EAA7B19E8748780FA6098D3AACC5D8D9F9\i386\se3ecmnt.sys
+ 2011-07-22 15:27 . 2007-04-10 13:14 15112 c:\windows\system32\DRVSTORE\se3emdm2_B9A80A4AD6A3087EAEC451F69738F8F9B8EAC7FD\i386\se3emdfl.sys
+ 2011-07-22 15:27 . 2007-04-10 13:14 12424 c:\windows\system32\DRVSTORE\se3emdm2_B9A80A4AD6A3087EAEC451F69738F8F9B8EAC7FD\i386\se3ecmnt.sys
+ 2011-07-22 15:27 . 2007-04-10 13:14 12424 c:\windows\system32\DRVSTORE\se3ebus_278301E0E0E3254933BAAF4F06701023D35DABD9\i386\se3ewhnt.sys
+ 2011-07-22 15:27 . 2007-04-10 13:14 83080 c:\windows\system32\DRVSTORE\se3ebus_278301E0E0E3254933BAAF4F06701023D35DABD9\i386\se3ebus.sys
+ 2011-07-22 15:27 . 2007-11-02 10:47 12200 c:\windows\system32\DRVSTORE\s916sdm2_21F85660AA82023EA111CC6BDFE4E4EF2EDFED63\i386\s916cmnt.sys
+ 2011-07-22 15:27 . 2007-11-02 10:47 12200 c:\windows\system32\DRVSTORE\s916obx2_74455A9D7CF2BC68446FD3455ABFCCDA93FFD087\i386\s916cmnt.sys
+ 2011-07-22 15:27 . 2007-11-02 10:47 15016 c:\windows\system32\DRVSTORE\s916mdm2_85F2F98F689E64A6D6F619016E152C56854F40D7\i386\s916mdfl.sys
+ 2011-07-22 15:27 . 2007-11-02 10:47 12200 c:\windows\system32\DRVSTORE\s916mdm2_85F2F98F689E64A6D6F619016E152C56854F40D7\i386\s916cmnt.sys
+ 2011-07-22 15:27 . 2007-11-02 10:47 12200 c:\windows\system32\DRVSTORE\s916bus_3395190DF2FB782139DB9E18AA83FD42AAB0E78E\i386\s916whnt.sys
+ 2011-07-22 15:27 . 2007-11-02 10:47 83496 c:\windows\system32\DRVSTORE\s916bus_3395190DF2FB782139DB9E18AA83FD42AAB0E78E\i386\s916bus.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 25456 c:\windows\system32\DRVSTORE\s1039xndis_5952A0AAD3C6DBBE6575F425DAE68BDAE36E8C91\i386\s1039nd5.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 12400 c:\windows\system32\DRVSTORE\s1039unic_5952A0AAD3C6DBBE6575F425DAE68BDAE36E8C91\i386\s1039whnt.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 10992 c:\windows\system32\DRVSTORE\s1039unic_5952A0AAD3C6DBBE6575F425DAE68BDAE36E8C91\i386\s1039crnt.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 12528 c:\windows\system32\DRVSTORE\s1039sdm2_97A1A3C97AEE6794A5302A75CE74BED5CCEB4C66\i386\s1039cmnt.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 12528 c:\windows\system32\DRVSTORE\s1039obx2_D7B726896CDD620241A8FEE06D9CAF0E96BB78F2\i386\s1039cmnt.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 14960 c:\windows\system32\DRVSTORE\s1039mdm2_B7B37DE54A4A95E3632EDFFB0592928952707F9F\i386\s1039mdfl.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 12528 c:\windows\system32\DRVSTORE\s1039mdm2_B7B37DE54A4A95E3632EDFFB0592928952707F9F\i386\s1039cmnt.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 12400 c:\windows\system32\DRVSTORE\s1039bus_180E12A6A40076BC671A3975979A24C9D8807E07\i386\s1039whnt.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 98672 c:\windows\system32\DRVSTORE\s1039bus_180E12A6A40076BC671A3975979A24C9D8807E07\i386\s1039bus.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 12200 c:\windows\system32\DRVSTORE\s1029unic_E2833DA52D6071E994F1E09FD77AFFACB1DCDB59\i386\s1029whnt.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 10664 c:\windows\system32\DRVSTORE\s1029unic_E2833DA52D6071E994F1E09FD77AFFACB1DCDB59\i386\s1029crnt.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 12200 c:\windows\system32\DRVSTORE\s1029sdm2_51DE7A1504A451B1F8C6CB07CFBD4396DD597074\i386\s1029cmnt.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 12200 c:\windows\system32\DRVSTORE\s1029obx2_4AB3E196E98B41C0AB770E9A19507E4649D81F5B\i386\s1029cmnt.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 26024 c:\windows\system32\DRVSTORE\s1029ndis_E2833DA52D6071E994F1E09FD77AFFACB1DCDB59\i386\s1029nd5.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 15016 c:\windows\system32\DRVSTORE\s1029mdm2_1EBFEE4AA76CA9BF2E864044FCB6AF06E5C9F0EA\i386\s1029mdfl.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 12200 c:\windows\system32\DRVSTORE\s1029mdm2_1EBFEE4AA76CA9BF2E864044FCB6AF06E5C9F0EA\i386\s1029cmnt.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 12200 c:\windows\system32\DRVSTORE\s1029bus_A32FE7E86161C9C450E9322CC0ECF33784B7FF2C\i386\s1029whnt.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 90280 c:\windows\system32\DRVSTORE\s1029bus_A32FE7E86161C9C450E9322CC0ECF33784B7FF2C\i386\s1029bus.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 12200 c:\windows\system32\DRVSTORE\s1018unic_FEAFA99A4CC5D22FA160F403DF44383CD83239E6\i386\s1018whnt.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 10792 c:\windows\system32\DRVSTORE\s1018unic_FEAFA99A4CC5D22FA160F403DF44383CD83239E6\i386\s1018crnt.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 12200 c:\windows\system32\DRVSTORE\s1018sdm2_F94480F6877E7A9A99F7369F2F58A941F6D89E6D\i386\s1018cmnt.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 12200 c:\windows\system32\DRVSTORE\s1018obx2_C3832878A81CF4876C0D0C3A0154C287BA7CE85E\i386\s1018cmnt.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 26024 c:\windows\system32\DRVSTORE\s1018ndis_FEAFA99A4CC5D22FA160F403DF44383CD83239E6\i386\s1018nd5.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 15016 c:\windows\system32\DRVSTORE\s1018mdm2_04DE5B208CC99C4B44449915B49B2243EFAA4A13\i386\s1018mdfl.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 12200 c:\windows\system32\DRVSTORE\s1018mdm2_04DE5B208CC99C4B44449915B49B2243EFAA4A13\i386\s1018cmnt.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 12200 c:\windows\system32\DRVSTORE\s1018bus_D93C414004A897CEAC290AC60E9EAAC4A0E5AAA6\i386\s1018whnt.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 86824 c:\windows\system32\DRVSTORE\s1018bus_D93C414004A897CEAC290AC60E9EAAC4A0E5AAA6\i386\s1018bus.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 12200 c:\windows\system32\DRVSTORE\s0017unic_BB4DCB7C5F0783D4B48E0C375B1725378044DF2F\i386\s0017whnt.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 10792 c:\windows\system32\DRVSTORE\s0017unic_BB4DCB7C5F0783D4B48E0C375B1725378044DF2F\i386\s0017crnt.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 12200 c:\windows\system32\DRVSTORE\s0017sdm2_B9E615C0177324E64608E606C5BACDE21EAA633D\i386\s0017cmnt.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 12200 c:\windows\system32\DRVSTORE\s0017obx2_A3A3D079A0B5800EDAAA5F4412759AA097D63D6C\i386\s0017cmnt.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 26024 c:\windows\system32\DRVSTORE\s0017ndis_BB4DCB7C5F0783D4B48E0C375B1725378044DF2F\i386\s0017nd5.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 15016 c:\windows\system32\DRVSTORE\s0017mdm2_83F2C95A46E46AD749D51DDDADAD3F859682E916\i386\s0017mdfl.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 12200 c:\windows\system32\DRVSTORE\s0017mdm2_83F2C95A46E46AD749D51DDDADAD3F859682E916\i386\s0017cmnt.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 12200 c:\windows\system32\DRVSTORE\s0017bus_E2B55BAC406B9793A79B5AF9A81E5E8E137E6082\i386\s0017whnt.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 86824 c:\windows\system32\DRVSTORE\s0017bus_E2B55BAC406B9793A79B5AF9A81E5E8E137E6082\i386\s0017bus.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 12200 c:\windows\system32\DRVSTORE\s0016unic_9D1BEA0AD7AC1ECEA653A080CB50A95794EB54A6\i386\s0016whnt.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 10792 c:\windows\system32\DRVSTORE\s0016unic_9D1BEA0AD7AC1ECEA653A080CB50A95794EB54A6\i386\s0016crnt.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 12200 c:\windows\system32\DRVSTORE\s0016sdm2_49EC14686E23454842B5DD1E08A12351912F071A\i386\s0016cmnt.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 12200 c:\windows\system32\DRVSTORE\s0016obx2_A8E1C631CA004AB1BE81A3D48D308AF233F680BF\i386\s0016cmnt.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 25512 c:\windows\system32\DRVSTORE\s0016ndis_9D1BEA0AD7AC1ECEA653A080CB50A95794EB54A6\i386\s0016nd5.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 25128 c:\windows\system32\DRVSTORE\s0016ndis_9D1BEA0AD7AC1ECEA653A080CB50A95794EB54A6\i386\s0016nd3.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 15016 c:\windows\system32\DRVSTORE\s0016mdm2_682450892C06910A09004057C74387FB5E35E414\i386\s0016mdfl.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 12200 c:\windows\system32\DRVSTORE\s0016mdm2_682450892C06910A09004057C74387FB5E35E414\i386\s0016cmnt.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 12200 c:\windows\system32\DRVSTORE\s0016bus_CBA53D764D4AE1B85F201CB5EAAA002EFC57DFA2\i386\s0016whnt.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 89256 c:\windows\system32\DRVSTORE\s0016bus_CBA53D764D4AE1B85F201CB5EAAA002EFC57DFA2\i386\s0016bus.sys
+ 2011-07-22 15:23 . 2008-08-26 08:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys
+ 2011-07-22 15:23 . 2011-05-18 08:13 75264 c:\windows\system32\DRVSTORE\nmwcdnsuc_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-07-22 15:23 . 2011-05-18 08:13 75264 c:\windows\system32\DRVSTORE\nmwcdnsu_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-07-22 15:23 . 2011-05-18 08:13 75264 c:\windows\system32\DRVSTORE\ccdcmbo_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-07-22 15:23 . 2011-05-18 08:12 23168 c:\windows\system32\DRVSTORE\ccdcmbo_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmbo.sys
+ 2011-07-22 15:23 . 2011-05-18 08:13 75264 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcls.dll
+ 2011-07-22 15:23 . 2011-05-18 08:12 18176 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmb.sys
+ 2011-07-22 15:27 . 2008-01-18 14:16 12200 c:\windows\system32\DRVSTORE\a016sdm2_9FBFF1EEEB0015F5CA2F0634B300C450FF556BA3\i386\a016cmnt.sys
+ 2011-07-22 15:27 . 2008-01-18 14:16 12200 c:\windows\system32\DRVSTORE\a016obx2_3839048F455A46A4FF4033F897B7AAA7BF427B58\i386\a016cmnt.sys
+ 2011-07-22 15:27 . 2008-01-18 14:16 15016 c:\windows\system32\DRVSTORE\a016mdm2_8FC221937B2924C4F9CE55A0CA993E1DEF07D5BB\i386\a016mdfl.sys
+ 2011-07-22 15:27 . 2008-01-18 14:16 12200 c:\windows\system32\DRVSTORE\a016mdm2_8FC221937B2924C4F9CE55A0CA993E1DEF07D5BB\i386\a016cmnt.sys
+ 2011-07-22 15:27 . 2008-01-18 14:16 12200 c:\windows\system32\DRVSTORE\a016bus_DFCCFF5CDE2FABCF26C68FAA7371A787F2CF5BB9\i386\a016whnt.sys
+ 2011-07-22 15:27 . 2008-01-18 14:16 83880 c:\windows\system32\DRVSTORE\a016bus_DFCCFF5CDE2FABCF26C68FAA7371A787F2CF5BB9\i386\a016bus.sys
+ 2011-07-22 15:23 . 2008-08-26 08:26 18816 c:\windows\system32\drivers\pccsmcfd.sys
+ 2008-05-19 04:33 . 2008-05-19 04:33 18944 c:\windows\system32\dllcache\msisip.dll
+ 2008-05-18 23:57 . 2008-05-18 23:57 95744 c:\windows\system32\dllcache\msiexec.exe
+ 2011-07-18 15:04 . 2011-07-24 07:55 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-18 15:04 . 2011-07-22 13:46 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-18 15:04 . 2011-07-22 13:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-07-18 15:04 . 2011-07-24 07:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-07-22 15:04 . 2011-07-24 07:55 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-07-18 15:04 . 2011-07-22 13:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-07-22 15:23 . 2011-07-22 15:23 78336 c:\windows\Installer\15ea7a.msi
+ 2011-07-22 15:34 . 2011-07-22 15:34 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2011-07-22 15:31 . 2011-07-22 15:31 81920 c:\windows\Installer\{E5D03B2E-B2D4-477F-A60D-8E1969D821FA}\ARPPRODUCTICON.exe
+ 2011-07-22 15:23 . 2011-07-22 15:23 10134 c:\windows\Installer\{C373F7C4-05D2-4047-96D1-6AF30661C6AA}\ARPPRODUCTICON.exe
+ 2011-07-22 15:31 . 2011-07-22 15:31 60496 c:\windows\Installer\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}\ARPPRODUCTICON.exe
+ 2011-07-22 15:24 . 2011-07-22 15:24 53248 c:\windows\Installer\{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}\ARPPRODUCTICON.exe
+ 2011-07-22 15:34 . 2011-07-22 15:34 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2011-07-22 15:23 . 2011-07-22 15:23 24255 c:\windows\Installer\{2CC53A53-44F4-4667-8584-2FFC9ACB2242}\ARPPRODUCTICON.exe
+ 2011-07-22 15:24 . 2011-07-22 15:24 10134 c:\windows\Installer\{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}\ARPPRODUCTICON.exe
+ 2011-07-22 15:31 . 2011-07-22 15:31 10134 c:\windows\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
+ 2011-07-22 15:31 . 2011-07-22 15:31 11176 c:\windows\assembly\GAC_32\StorePluginInterface\1.1.0.0__7010de4470b07f04\StorePluginInterface.dll
+ 2004-08-17 13:48 . 2008-04-16 23:43 2560 c:\windows\system32\msimsg.dll
+ 2011-07-22 15:23 . 2011-05-18 08:09 8576 c:\windows\system32\DRVSTORE\nmwcdnsuc_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdnsuc.sys
+ 2011-07-22 15:23 . 2011-05-18 08:12 8192 c:\windows\system32\DRVSTORE\ccdcmbm_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\usbser_lowerflt.sys
+ 2011-07-22 15:23 . 2011-05-18 08:12 8192 c:\windows\system32\DRVSTORE\ccdcmbj_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\usbser_lowerfltj.sys
+ 2008-04-16 23:43 . 2008-04-16 23:43 2560 c:\windows\system32\dllcache\msimsg.dll
+ 2011-07-22 15:23 . 2011-07-22 15:23 3262 c:\windows\Installer\{2D99A593-C841-43A7-B7C9-D6F3AE70B756}\ARPPRODUCTICON.exe
+ 2011-07-22 15:31 . 2011-07-22 15:31 9640 c:\windows\assembly\GAC_32\policy.1.0.StorePluginInterface\1.0.0.0__7010de4470b07f04\policy.1.0.StorePluginInterface.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-11 23:12 . 2009-07-11 23:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-11 23:09 . 2009-07-11 23:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-11 23:08 . 2009-07-11 23:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2001-10-25 12:00 . 2011-07-24 08:06 432356 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2011-07-22 13:50 432356 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2011-07-24 08:06 428730 c:\windows\system32\perfh005.dat
- 2001-10-25 12:00 . 2011-07-22 13:50 428730 c:\windows\system32\perfh005.dat
+ 2009-12-22 11:56 . 2009-12-22 11:56 348160 c:\windows\system32\msvcr71.dll
+ 2009-12-22 11:56 . 2009-12-22 11:56 344064 c:\windows\system32\msvcr70.dll
+ 2009-12-22 11:56 . 2009-12-22 11:56 499712 c:\windows\system32\msvcp71.dll
+ 2004-08-17 13:49 . 2008-05-19 04:33 332800 c:\windows\system32\msihnd.dll
+ 2011-07-22 15:31 . 2011-07-22 15:31 234656 c:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe
+ 2011-07-22 15:31 . 2011-07-22 15:31 311456 c:\windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.dll
+ 2011-07-22 15:27 . 2007-04-10 13:14 100360 c:\windows\system32\DRVSTORE\se3esdm2_9764AEB0AF92C101555E353C0F0D3CF5C63F33FA\i386\se3emgmt.sys
+ 2011-07-22 15:27 . 2007-04-10 13:14 108552 c:\windows\system32\DRVSTORE\se3emdm2_B9A80A4AD6A3087EAEC451F69738F8F9B8EAC7FD\i386\se3emdm.sys
+ 2011-07-22 15:27 . 2009-09-03 02:34 581192 c:\windows\system32\DRVSTORE\sa0102adb_6B80C2E8586795E98C47F8FC9EA550361B9095DE\i386\WinUSBCoInstaller.dll
+ 2011-07-22 15:27 . 2011-06-20 09:20 581192 c:\windows\system32\DRVSTORE\sa0102adb_4990F574CE9AEF666AA27AC5D6CE9B76A40889F8\i386\WinUSBCoInstaller.dll
+ 2011-07-22 15:27 . 2009-09-03 02:34 581192 c:\windows\system32\DRVSTORE\sa0101usb_A3F1FE9E18AFD158DD342175A5E627D175134385\i386\WinUSBCoInstaller.dll
+ 2011-07-22 15:27 . 2007-11-02 10:47 103976 c:\windows\system32\DRVSTORE\s916sdm2_21F85660AA82023EA111CC6BDFE4E4EF2EDFED63\i386\s916mgmt.sys
+ 2011-07-22 15:27 . 2007-11-02 10:47 100008 c:\windows\system32\DRVSTORE\s916obx2_74455A9D7CF2BC68446FD3455ABFCCDA93FFD087\i386\s916obex.sys
+ 2011-07-22 15:27 . 2007-11-02 10:47 109992 c:\windows\system32\DRVSTORE\s916mdm2_85F2F98F689E64A6D6F619016E152C56854F40D7\i386\s916mdm.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 123504 c:\windows\system32\DRVSTORE\s1039unic_5952A0AAD3C6DBBE6575F425DAE68BDAE36E8C91\i386\s1039unic.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 117872 c:\windows\system32\DRVSTORE\s1039sdm2_97A1A3C97AEE6794A5302A75CE74BED5CCEB4C66\i386\s1039mgmt.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 113904 c:\windows\system32\DRVSTORE\s1039obx2_D7B726896CDD620241A8FEE06D9CAF0E96BB78F2\i386\s1039obex.sys
+ 2011-07-22 15:27 . 2010-03-15 09:38 124016 c:\windows\system32\DRVSTORE\s1039mdm2_B7B37DE54A4A95E3632EDFFB0592928952707F9F\i386\s1039mdm.sys
+ 2011-07-22 15:27 . 2009-05-25 12:35 116904 c:\windows\system32\DRVSTORE\s1029unic_E2833DA52D6071E994F1E09FD77AFFACB1DCDB59\i386\s1029unic.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 115880 c:\windows\system32\DRVSTORE\s1029sdm2_51DE7A1504A451B1F8C6CB07CFBD4396DD597074\i386\s1029mgmt.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 111912 c:\windows\system32\DRVSTORE\s1029obx2_4AB3E196E98B41C0AB770E9A19507E4649D81F5B\i386\s1029obex.sys
+ 2011-07-22 15:27 . 2009-05-25 12:34 122280 c:\windows\system32\DRVSTORE\s1029mdm2_1EBFEE4AA76CA9BF2E864044FCB6AF06E5C9F0EA\i386\s1029mdm.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 109864 c:\windows\system32\DRVSTORE\s1018unic_FEAFA99A4CC5D22FA160F403DF44383CD83239E6\i386\s1018unic.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 106208 c:\windows\system32\DRVSTORE\s1018sdm2_F94480F6877E7A9A99F7369F2F58A941F6D89E6D\i386\s1018mgmt.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 104744 c:\windows\system32\DRVSTORE\s1018obx2_C3832878A81CF4876C0D0C3A0154C287BA7CE85E\i386\s1018obex.sys
+ 2011-07-22 15:27 . 2009-03-25 15:48 114728 c:\windows\system32\DRVSTORE\s1018mdm2_04DE5B208CC99C4B44449915B49B2243EFAA4A13\i386\s1018mdm.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 109736 c:\windows\system32\DRVSTORE\s0017unic_BB4DCB7C5F0783D4B48E0C375B1725378044DF2F\i386\s0017unic.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 108328 c:\windows\system32\DRVSTORE\s0017sdm2_B9E615C0177324E64608E606C5BACDE21EAA633D\i386\s0017mgmt.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 104616 c:\windows\system32\DRVSTORE\s0017obx2_A3A3D079A0B5800EDAAA5F4412759AA097D63D6C\i386\s0017obex.sys
+ 2011-07-22 15:27 . 2008-10-21 08:22 114600 c:\windows\system32\DRVSTORE\s0017mdm2_83F2C95A46E46AD749D51DDDADAD3F859682E916\i386\s0017mdm.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 115752 c:\windows\system32\DRVSTORE\s0016unic_9D1BEA0AD7AC1ECEA653A080CB50A95794EB54A6\i386\s0016unic.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 114216 c:\windows\system32\DRVSTORE\s0016sdm2_49EC14686E23454842B5DD1E08A12351912F071A\i386\s0016mgmt.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 110632 c:\windows\system32\DRVSTORE\s0016obx2_A8E1C631CA004AB1BE81A3D48D308AF233F680BF\i386\s0016obex.sys
+ 2011-07-22 15:27 . 2008-05-16 10:33 120744 c:\windows\system32\DRVSTORE\s0016mdm2_682450892C06910A09004057C74387FB5E35E414\i386\s0016mdm.sys
+ 2011-07-22 15:23 . 2011-01-03 12:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll
+ 2011-07-22 15:23 . 2011-05-18 08:09 137600 c:\windows\system32\DRVSTORE\nmwcdnsu_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdnsu.sys
+ 2011-07-22 15:23 . 2011-05-18 08:13 605696 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\nmwcdcocls.dll
+ 2011-07-22 15:23 . 2011-05-18 08:13 123904 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\ccdcmbwu.dll
+ 2011-07-22 15:27 . 2008-01-18 14:16 104488 c:\windows\system32\DRVSTORE\a016sdm2_9FBFF1EEEB0015F5CA2F0634B300C450FF556BA3\i386\a016mgmt.sys
+ 2011-07-22 15:27 . 2008-01-18 14:16 100648 c:\windows\system32\DRVSTORE\a016obx2_3839048F455A46A4FF4033F897B7AAA7BF427B58\i386\a016obex.sys
+ 2011-07-22 15:27 . 2008-01-18 14:16 110504 c:\windows\system32\DRVSTORE\a016mdm2_8FC221937B2924C4F9CE55A0CA993E1DEF07D5BB\i386\a016mdm.sys
+ 2008-05-19 04:33 . 2008-05-19 04:33 332800 c:\windows\system32\dllcache\msihnd.dll
+ 2011-07-22 15:34 . 2011-07-22 15:34 432640 c:\windows\Installer\1dadab.msi
+ 2011-07-22 15:34 . 2011-07-22 15:34 429568 c:\windows\Installer\1dada0.msi
+ 2011-07-22 15:31 . 2011-07-22 15:31 568832 c:\windows\Installer\1dad83.msi
+ 2011-07-22 15:31 . 2011-07-22 15:31 219648 c:\windows\Installer\1dad70.msi
+ 2011-07-22 15:31 . 2011-07-22 15:31 424960 c:\windows\Installer\1dad61.msi
+ 2011-07-22 15:24 . 2011-07-22 15:25 689152 c:\windows\Installer\15eab1.msi
+ 2011-07-22 15:24 . 2011-07-22 15:24 737280 c:\windows\Installer\15eaa7.msi
+ 2011-07-22 15:23 . 2011-07-22 15:23 689664 c:\windows\Installer\15ea95.msi
+ 2011-07-22 15:23 . 2011-07-22 15:23 496128 c:\windows\Installer\15ea8c.msi
+ 2011-07-22 15:23 . 2011-07-22 15:23 337408 c:\windows\Installer\15ea83.msi
+ 2011-07-22 15:23 . 2011-07-22 15:23 215552 c:\windows\Installer\15ea71.msi
+ 2011-07-22 15:25 . 2011-07-22 15:25 287934 c:\windows\Installer\{07D77970-B205-460C-84E4-263F30455597}\ARPPRODUCTICON.exe
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2009-07-11 18:46 . 2009-07-11 18:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 18:46 . 2009-07-11 18:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-07-20 22:03 . 2009-07-20 22:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2008-09-30 14:42 . 2008-09-30 14:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2011-07-22 15:24 . 2011-07-22 15:24 1233920 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2009-07-20 22:05 . 2009-07-20 22:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-17 13:49 . 2008-05-19 04:33 4445184 c:\windows\system32\msi.dll
+ 2011-07-22 15:27 . 2009-09-03 02:34 1112288 c:\windows\system32\DRVSTORE\sa0102adb_6B80C2E8586795E98C47F8FC9EA550361B9095DE\i386\WdfCoInstaller01007.dll
+ 2011-07-22 15:27 . 2011-06-20 09:20 1112288 c:\windows\system32\DRVSTORE\sa0102adb_4990F574CE9AEF666AA27AC5D6CE9B76A40889F8\i386\WdfCoInstaller01007.dll
+ 2011-07-22 15:27 . 2009-09-03 02:34 1112288 c:\windows\system32\DRVSTORE\sa0101usb_A3F1FE9E18AFD158DD342175A5E627D175134385\i386\WdfCoInstaller01007.dll
+ 2011-07-22 15:23 . 2011-01-03 11:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll
+ 2011-07-22 15:23 . 2011-05-18 08:09 1461992 c:\windows\system32\DRVSTORE\ccdcmb_8DD24D1409E3E5A28AF250E6C12966A02CC4D11B\wdfcoinstaller01009.dll
+ 2008-05-19 04:33 . 2008-05-19 04:33 4445184 c:\windows\system32\dllcache\msi.dll
+ 2011-07-22 15:32 . 2011-07-22 15:32 6079488 c:\windows\Installer\1dad96.msi
+ 2011-07-22 15:31 . 2011-07-22 15:31 6106112 c:\windows\Installer\1dad8d.msi
+ 2011-07-22 15:31 . 2011-07-22 15:31 1093632 c:\windows\Installer\1dad79.msi
+ 2011-07-22 15:24 . 2011-07-22 15:24 3891712 c:\windows\Installer\15ea9e.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-07-13 966712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-01-16 209216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"c:\\Documents and Settings\\Neo_PN\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18. 7. 2011 17:59 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21. 12. 2010 15:04 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12. 1. 2011 16:41 810144]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [18. 7. 2011 17:22 36864]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [19. 7. 2011 14:00 44000]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [22. 7. 2011 17:27 155344]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 48968682
*Deregistered* - 48968682
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 07:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481032
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 85.237.225.250 192.168.0.1
FF - ProfilePath - c:\documents and settings\Neo_PN\Data aplikací\Mozilla\Firefox\Profiles\yqg3ehtf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&q=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-48968682.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 12:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2640)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-24 12:43:31
ComboFix-quarantined-files.txt 2011-07-24 10:43
.
Pre-Run: Volných bajtů: 32 153 112 576
Post-Run: Volných bajtů: 32 168 116 224
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT
.
- - End Of File - - FD9151CFB7BFB4E886DC0D7720A98E78

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Driver::
  48968682
  
  DDS::
  uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2481032
  
  Firefox::
  FF - ProfilePath - c:\documents and settings\Neo_PN\Data aplikací\Mozilla\Firefox\Profiles\yqg3ehtf.default\
  FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
  FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 2481032&q=
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "DAEMON Tools Lite"=-
  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
  "NokiaOviSuite2"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  "NeroFilterCheck"=-
  "NokiaMServer"=-
  "QuickTime Task"=-
  "SunJavaUpdateSched"=-
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Neo_PN]

Ahoj tak som spravil ako si mi poradi la posielam dalsi log s combofixu a este som aj zabudol dakujem ti strasne moc moc za vsetko a hlavne za to ze mi pomahas dakujem strasne moc este ras tu je log :


ComboFix 11-07-24.01 - Neo_PN . 07. 2011 21:07:53.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3327.2691 [GMT 2:00]
Running from: c:\documents and settings\Neo_PN\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Neo_PN\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_48968682
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-23 14:02 . 2011-07-23 14:02 -------- d-----w- C:\epsxe170
2011-07-22 11:46 . 2011-07-22 11:46 -------- d-----w- C:\spoolerlogs
2011-07-19 08:39 . 2011-07-19 08:39 -------- d-----w- C:\ATI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 11:35 . 2004-08-17 13:44 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 04:21 . 2008-02-09 03:58 6554624 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2011-05-25 03:14 . 2008-02-09 02:43 4059328 ----a-w- c:\windows\system32\ati3duag.dll
2011-05-25 03:05 . 2008-02-09 02:17 503808 ----a-w- c:\windows\system32\atiok3x2.dll
2011-05-25 02:58 . 2008-02-09 02:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:55 . 2008-02-09 03:04 302592 ----a-w- c:\windows\system32\ati2dvag.dll
2011-05-25 02:54 . 2008-02-09 02:36 3152384 ----a-w- c:\windows\system32\ativvaxx.dll
2011-05-25 02:39 . 2008-02-09 02:55 212992 ----a-w- c:\windows\system32\atipdlxx.dll
2011-05-25 02:39 . 2007-10-12 18:01 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2011-05-25 02:39 . 2008-02-09 02:55 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2011-05-25 02:39 . 2008-02-09 02:55 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-05-25 02:38 . 2008-02-09 02:24 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2011-05-25 02:38 . 2008-02-09 02:55 188416 ----a-w- c:\windows\system32\ati2evxx.dll
2011-05-25 02:37 . 2008-02-09 02:53 643072 ----a-w- c:\windows\system32\ati2evxx.exe
2011-05-25 02:36 . 2008-02-09 02:52 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2011-05-25 02:31 . 2008-02-09 02:21 651264 ----a-w- c:\windows\system32\atikvmag.dll
2011-05-25 02:27 . 2008-02-09 02:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2011-05-25 02:22 . 2008-02-09 02:13 856064 ----a-w- c:\windows\system32\ati2cqag.dll
2011-05-24 21:44 . 2011-05-24 21:44 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-04-29 17:25 . 2004-08-17 13:49 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-03 21:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-26 11:07 . 2004-08-17 13:49 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-08 07:52 . 2011-07-19 10:36 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-07-24_10.42.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-24 19:11 . 2011-07-24 19:11 16384 c:\windows\temp\Perflib_Perfdata_338.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2005-09-05 339968]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-01-16 209216]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"c:\\Documents and Settings\\Neo_PN\\Local Settings\\Data aplikací\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18. 7. 2011 17:59 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [21. 12. 2010 15:04 115008]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12. 1. 2011 16:41 810144]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [18. 7. 2011 17:22 36864]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [19. 7. 2011 14:00 44000]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [22. 7. 2011 17:27 155344]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-22 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 07:59]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 85.237.225.250 192.168.0.1
FF - ProfilePath - c:\documents and settings\Neo_PN\Data aplikací\Mozilla\Firefox\Profiles\yqg3ehtf.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-24 21:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1012)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(2564)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2011-07-24 21:14:18 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-24 19:14
ComboFix2.txt 2011-07-24 10:43
.
Pre-Run: Volných bajtů: 32 171 016 192
Post-Run: Volných bajtů: 32 076 378 112
.
- - End Of File - - 39DACC06E3C70D328FFEEC9E5E0A6DE5

[vyosek]

Prozatim neni zac, jak se chova PC

[Neo_PN]

vyborne olmarik sa uz neukazuje a mozilla tiez ide super ziadne znamky ako si tam pisal ze mi PC nestartoval alebo tak nie su je zo ok a este ak sa ta mozem spytat ako sa mi takeho nejake svinstvo sem dostalo nevies prosim ta?? alebo ako sa vyvarovat aby sa mi to uz nestalo moze to byt koli tomu ze som si sem nainstaloval novu verziu Mozilla 5???? mam mat nejaky soft nainstalovany ktory mi zabrani aby sa taketo vyrusi dostavali do operacnej pamate?? este toto mi prosim porad dakujeeem ) este ras za cas a ochotu ani nevies ako moc si mi pomohol . Mam tento WIN nainstalovany asi 5 dni a uz mi tam skocil olmarik nechapem tomu .

[vyosek]

On nebyl v operacni pameti ale v mbr sektoru disku - bohuzel ESET to takhle zobrazuje

Doporucuji kompletni zmenu hesel - TDL rootkit je rad krade a jeste radeji si o nich povida s okolim

Zabezpeceni PC je dostatecne - tedy doufam ze ten ESET neni cracknuty, to by pak mohlo vysvetlit jak se tam dostal

Nejdulezitejsi pri ochrane PC je vsak rozum = neklikat na kdejakou blikajici ci skakajici blbinu, nenavstevovat temna zakouti webu (porno, warez), vyhybat se crackum\keygenum apod

Odinstalujte Combofix

• Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
• Napiste ComboFix /Uninstall
• Stisknete Enter
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Napis jak se podarilo a co PC

[Neo_PN]

Rozum je jasne to vjem neboj asi to bude tym keygenom pocitam presnejsie na quick office symbian keygen pri vypnuti esetu on mi to aj ukazoval ale ja som neboj obozretny. Takze mas pravdu no ESET je legalny original si ho platim takze neboj ten je ok idem na tie testiky este a potom napisem zatial velke DAKUJEM este ras .

[vyosek]

Ok, pak tedy napis...keygeny a cracky jsou nejlepsi cesta k haveti

[Neo_PN]

To mas pravdu......tak setko uklidene vycistene presne podla navodu ako si mi napisal a setko ide rychlo krasne a bez problemov este raz dakujem uz som si aj nasiel kam mam poslat peniazky ak budu nejake navyse ale kedse som zo slovenska ide to len cez paypal takze uvidim ci si ho spravim ale tebe velmi pekne dakujem a prajem prijemny vecer keby nieco tak sa urcite ozvem ale dufam ze uz urcite nie a keby nahodou tak len v pripade ze by som ti zaprial pekny den . Maj sa zatial a este ras dakujem

[vyosek]

Za podporu fora jmenem celeho tymu Ti dekuji

Nemas zac, rado se stalo Pekny vecer i Tobe a treba nekdy navidenou