VIRY.CZ

Už viackrát mi pri spúšťaní PC zobrazilo tú správu, že mám chýbajúci alebo poškodený súbor v cieľovom adresári c:/windows/system...Podarilo sa mi komp viackrát zapnúť aspoň cez Safe Mode, teraz napodiv normálne, avšak je strašne zavírený a bojím sa, že ho nabudúce nezapnem už vôbec

...
Vopred ďakujem za pomoc.

DDS (Ver_10-11-27.01) - NTFSx86
Run by Jakub at 8:31:34,09 on ne 28.11.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.88 [GMT 1:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\CmUCReye.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Documents and Settings\Jakub\My Documents\Preberanie\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://googleure.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
mWinlogon: Taskman=c:\documents and settings\jakub\application data\juzjf.exe
uWinlogon: Shell=c:\recycler\s-1-5-21-4349727068-6333880499-498343625-6351\nvapbar.exe,c:\recycler\s-1-5-21-3492822507-1643205622-369944611-5105\yv8g67.exe,explorer.exe,c:\documents and settings\jakub\application data\juzjf.exe
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {35065594-9169-4A34-B167-FC4865038E53} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [JMB36X Configure] c:\windows\system32\JMRaidTool.exe boot
mRun: [CmUCRRun] c:\windows\system32\CmUCReye.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UpdatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [NokiaMusic FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [wuaucldt] c:\windows\system32\wuaucldt.exe
mRun: [Regedit32] c:\windows\system32\regedit.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\0ggbssn.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\0kplbbx.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\0tpkk6w.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\1ieezqq.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\6ss6ee6.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\c3eezqqlccx.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\e3ggbssneez.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\eezk6ww6ii.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\f0lhcc6oo.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\fbww6ii6.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\s70tpkq70.exe
StartupFolder: c:\documents and settings\jakub\start menu\programs\startup\wwriiduupg.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\jakub\application data\dvdvideosoftiehelpers\youtubedownload.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxps://asp.photoprintit.de/microsite/5854/defaults/activex/ips/IPSUploader4.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {B96DF464-F62A-46C6-B2E4-E9F050499A76} = 217.119.117.28,217.119.113.244
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jakub\applic~1\mozilla\firefox\profiles\p7177uah.default\
FF - plugin: c:\documents and settings\jakub\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\jakub\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\docume~1\jakub\applic~1\mozilla\firefox\profiles\p7177uah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - c:\docume~1\jakub\applic~1\mozilla\firefox\profiles\p7177uah.default\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Extension: U Flv: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\docume~1\jakub\applic~1\mozilla\firefox\profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
FF - Extension: {5647f4b2-2f19-15dd-2d2b-7212613c2b46}: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\docume~1\jakub\applic~1\mozilla\firefox\profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 34312]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-7-1 468224]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [2009-7-9 72320]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2004-8-3 69120]
S2 ea26a79qboa;Asset Management Daemon;c:\windows\system32\venelyzu.exe --> c:\windows\system32\venelyzu.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-14 136176]
S3 jkzycxdn;jkzycxdn;\??\c:\windows\system32\drivers\jkzycxdn.sys --> c:\windows\system32\drivers\jkzycxdn.sys [?]
S3 rwaofnwl;rwaofnwl;\??\c:\windows\system32\drivers\rwaofnwl.sys --> c:\windows\system32\drivers\rwaofnwl.sys [?]
S3 yvhsauqu;yvhsauqu;\??\c:\windows\system32\drivers\yvhsauqu.sys --> c:\windows\system32\drivers\yvhsauqu.sys [?]

=============== Created Last 30 ================

2010-11-28 06:28:06 315392 ----a-w- c:\windows\system32\pyly.exe
2010-11-27 16:54:30 -------- d-----w- c:\program files\VirtualDJ
2010-11-27 10:28:50 30560 ----a-w- c:\windows\system32\drivers\wcscd.sys
2010-11-22 15:42:37 -------- d-----w- c:\docume~1\jakub\locals~1\applic~1\Electronic Arts
2010-11-21 21:26:31 256 ----a-w- C:\HDTV.exe
2010-11-20 14:31:17 85504 --sh--r- c:\docume~1\jakub\applic~1\juzjf.exe
2010-11-20 14:31:07 85504 ----a-w- C:\wifi32.exe
2010-11-15 19:30:41 90978 ----a-w- C:\winnt7.exe
2010-11-15 14:40:38 72192 --sh--r- c:\windows\nvsvc32.exe
2010-11-09 14:25:42 -------- d-----w- c:\docume~1\jakub\locals~1\applic~1\Unity
2010-11-08 06:25:54 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Norton
2010-11-08 06:25:53 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Symantec
2010-11-08 06:25:45 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\NortonInstaller
2010-11-06 10:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 10:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-11-03 17:09:47 -------- d-----w- C:\divx
2010-11-03 09:07:23 -------- d-----w- c:\program files\AllToAVI

==================== Find3M ====================

2010-11-28 06:18:23 98304 ----a-w- c:\windows\DUMP6b3d.tmp
2010-11-28 06:16:50 98304 ----a-w- c:\windows\DUMP6a14.tmp
2010-11-27 14:33:40 98304 ----a-w- c:\windows\DUMP70f9.tmp
2010-09-08 07:09:46 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-08 07:07:36 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-09-01 13:57:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

============= FINISH: 8:32:47,06 ===============

Zdravim a pekny den preji

Mate zazalohovana dulezita data a instalacni CD, vypada to na hodne naboreny system

Pracujte tedy v nouzovem rezimu prozatim

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

A ak sa môžem ešte opýtať, ako "vypnúť" ESET v Safe Mode? Lebo dole na lište nemám tú kolonku a nemám poňatia, ako to inak vypnúť...

Tak to tedy nereste a pokracujte dale

Ako pozerám, je tam stále nejaký problém s cdrom...

ComboFix 10-11-27.01 - Jakub 28.11.2010 16:02:07.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.204 [GMT 1:00]
Running from: c:\documents and settings\Jakub\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\common.data
c:\documents and settings\Jakub\Application Data\juzjf.exe
c:\documents and settings\Jakub\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\Jakub\secupdat.dat
c:\documents and settings\LocalService.NT AUTHORITY\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
c:\program files\FunWebProducts\Installr\Cache\000F99B6.exe
c:\program files\FunWebProducts\Installr\Cache\files.ini
c:\windows\nvsvc32.exe
c:\windows\system32\secupdat.dat

c:\windows\system32\drivers\cdrom.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-28 )))))))))))))))))))))))))))))))
.

2010-11-28 14:50 . 2010-11-28 14:50 2291 ----a-w- c:\windows\system32\drivers\fjrprqzs.sys
2010-11-28 14:19 . 2010-11-28 14:17 315392 ----a-w- c:\windows\system32\venelyzu.exe
2010-11-28 14:18 . 2010-11-28 14:18 82944 ----a-w- c:\windows\system32\drivers\xjuosbfv.sys
2010-11-28 14:17 . 2010-11-28 14:17 315392 ----a-w- c:\windows\system32\quoowohu.exe
2010-11-28 08:25 . 2010-11-28 08:25 1409 ----a-w- c:\windows\QTFont.for
2010-11-28 07:03 . 2010-11-28 14:15 98304 ----a-w- c:\windows\DUMP72ed.tmp
2010-11-28 06:28 . 2010-11-28 14:17 315392 ----a-w- c:\windows\system32\pyly.exe
2010-11-27 16:54 . 2010-11-27 16:54 -------- d-----w- c:\program files\VirtualDJ
2010-11-27 10:28 . 2010-11-27 10:28 30560 ----a-w- c:\windows\system32\drivers\wcscd.sys
2010-11-22 15:42 . 2010-11-22 15:42 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Application Data\Electronic Arts
2010-11-21 21:26 . 2010-11-21 21:26 256 ----a-w- C:\HDTV.exe
2010-11-20 14:31 . 2010-11-20 14:31 85504 ----a-w- C:\wifi32.exe
2010-11-15 19:30 . 2010-11-15 19:30 90978 ----a-w- C:\winnt7.exe
2010-11-09 14:25 . 2010-11-09 14:25 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Application Data\Unity
2010-11-08 06:25 . 2010-11-17 11:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2010-11-08 06:25 . 2010-11-08 06:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-03 17:09 . 2010-11-08 08:04 -------- d-----w- C:\divx
2010-11-03 09:07 . 2010-11-03 16:18 -------- d-----w- c:\program files\AllToAVI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 06:18 . 2009-07-08 17:47 98304 ----a-w- c:\windows\DUMP6b3d.tmp
2010-11-28 06:16 . 2009-07-08 17:47 98304 ----a-w- c:\windows\DUMP6a14.tmp
2010-11-27 14:33 . 2009-07-08 17:47 98304 ----a-w- c:\windows\DUMP70f9.tmp
2010-11-23 17:42 . 2004-08-03 20:59 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-09-08 07:09 . 2010-10-17 06:57 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-08 07:07 . 2010-10-17 06:57 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-09-01 13:57 . 2006-07-11 16:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-07-13_18.36.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-12-02 07:46 . 2006-12-02 07:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2006-12-01 23:46 . 2006-12-01 23:46 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
+ 2009-07-11 18:54 . 2009-07-11 18:54 65536 c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll
+ 2009-07-11 18:32 . 2009-07-11 18:32 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll
+ 2009-07-11 23:07 . 2009-07-11 23:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-11 23:19 . 2009-07-11 23:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2010-11-28 14:49 . 2010-11-28 14:49 16384 c:\windows\Temp\Perflib_Perfdata_568.dat
+ 2010-11-27 16:50 . 2001-04-27 15:11 24576 c:\windows\system32\SmartSubClass.dll
+ 2010-11-27 16:50 . 2001-10-14 00:48 28672 c:\windows\system32\SmartMenuXP.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 68592 c:\windows\system32\pxinsa64.exe
- 2009-07-09 08:31 . 2008-11-20 19:19 72176 c:\windows\system32\pxhpinst.exe
+ 2009-07-09 08:31 . 2010-08-12 04:07 72176 c:\windows\system32\pxhpinst.exe
+ 2009-07-09 08:31 . 2010-08-12 04:07 68080 c:\windows\system32\pxcpya64.exe
+ 2009-10-20 18:19 . 2009-10-20 18:19 53299 c:\windows\system32\pthreadVC.dll
- 2001-08-23 12:00 . 2010-06-24 07:05 79368 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-10-31 06:10 79368 c:\windows\system32\perfc009.dat
+ 2010-11-28 07:10 . 2010-11-28 07:10 81336 c:\windows\system32\GDIPFONTCACHEV1.DAT
+ 2010-11-27 16:50 . 2003-06-06 11:21 81920 c:\windows\system32\eSellerateControl350.dll
+ 2008-11-20 19:19 . 2010-08-12 04:07 45648 c:\windows\system32\drivers\PxHelp20.sys
+ 2009-10-20 18:19 . 2009-10-20 18:19 50704 c:\windows\system32\drivers\npf.sys
+ 2010-08-26 12:50 . 2010-08-26 12:50 18048 c:\windows\system32\drivers\lirsgt.sys
- 2008-07-01 07:04 . 2008-07-01 07:04 34312 c:\windows\system32\drivers\epfwtdir.sys
+ 2008-07-01 08:04 . 2008-07-01 08:04 34312 c:\windows\system32\drivers\epfwtdir.sys
+ 2008-07-01 07:57 . 2008-07-01 07:57 53256 c:\windows\system32\drivers\easdrv.sys
- 2008-07-01 06:57 . 2008-07-01 06:57 53256 c:\windows\system32\drivers\easdrv.sys
+ 2008-07-01 07:56 . 2008-07-01 07:56 39944 c:\windows\system32\drivers\eamon.sys
- 2008-07-01 06:56 . 2008-07-01 06:56 39944 c:\windows\system32\drivers\eamon.sys
+ 2010-03-10 19:29 . 2010-03-10 19:29 94208 c:\windows\system32\dpl100.dll
+ 2010-11-27 16:50 . 2001-06-21 20:13 81332 c:\windows\system32\BASS.DLL
+ 1999-01-12 09:35 . 1999-01-12 09:35 53760 c:\windows\speech\WrapSAPI.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 12800 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 53248 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-10-16 11:14 . 2010-10-16 11:14 21504 c:\windows\Installer\63c528.msi
- 2010-06-18 08:50 . 2010-06-18 08:50 10134 c:\windows\Installer\{A13F9DCF-7413-4F53-93F1-9925DCF709CF}\callmsi.exe
+ 2010-11-21 18:16 . 2010-11-21 18:16 10134 c:\windows\Installer\{A13F9DCF-7413-4F53-93F1-9925DCF709CF}\callmsi.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-09-17 14:15 . 2010-09-17 14:15 25214 c:\windows\Installer\{171E6C1E-B5FC-11DF-B115-005056C00008}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-09-17 14:15 . 2010-09-17 14:15 25214 c:\windows\Installer\{171E6C1E-B5FC-11DF-B115-005056C00008}\ARPPRODUCTICON.exe
+ 2010-11-22 15:27 . 2010-11-22 15:27 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-07-15 05:20 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB2229593\update\spcustom.dll
+ 2010-07-15 05:20 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB2229593\spmsg.dll
+ 1999-01-12 09:39 . 1999-01-12 09:39 6656 c:\windows\delttsul.exe
+ 2007-06-28 16:54 . 2007-06-28 16:54 180224 c:\windows\system32\xvidvfw.dll
+ 2007-06-28 16:52 . 2007-06-28 16:52 765952 c:\windows\system32\xvidcore.dll
+ 2009-10-20 18:19 . 2009-10-20 18:19 281104 c:\windows\system32\wpcap.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 100848 c:\windows\system32\vxblock.dll
+ 2009-01-28 18:50 . 2009-01-28 18:50 368640 c:\windows\system32\vobsub.dll
+ 2009-01-28 18:50 . 2009-01-28 18:50 153088 c:\windows\system32\unrar.dll
+ 2010-09-04 12:01 . 2010-09-04 12:03 663204 c:\windows\system32\Restore\rstrlog.dat
+ 2009-07-09 08:31 . 2010-08-12 04:07 440816 c:\windows\system32\pxwave.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 219632 c:\windows\system32\pxmas.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 126448 c:\windows\system32\pxinsi64.exe
+ 2009-07-09 08:31 . 2010-08-12 04:07 567792 c:\windows\system32\pxdrv.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 123888 c:\windows\system32\pxcpyi64.exe
+ 2009-07-09 08:31 . 2010-08-12 04:07 133616 c:\windows\system32\pxafs.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 698864 c:\windows\system32\px.dll
+ 2001-08-23 12:00 . 2010-10-31 06:10 461552 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-06-24 07:05 461552 c:\windows\system32\perfh009.dat
+ 2009-10-20 18:19 . 2009-10-20 18:19 100880 c:\windows\system32\Packet.dll
+ 2009-07-08 17:53 . 2010-11-28 06:20 292480 c:\windows\system32\FNTCACHE.DAT
+ 2010-08-26 12:50 . 2010-08-26 12:50 165376 c:\windows\system32\drivers\atksgt.sys
- 2009-07-09 01:04 . 2004-08-03 22:56 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2009-07-09 01:04 . 2010-06-14 14:30 743936 c:\windows\system32\dllcache\helpsvc.exe
+ 2010-02-19 19:27 . 2010-02-19 19:27 843776 c:\windows\system32\divx_xx16.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 839680 c:\windows\system32\divx_xx11.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx0c.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 847872 c:\windows\system32\divx_xx0a.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 856064 c:\windows\system32\divx_xx07.dll
+ 2010-02-19 19:27 . 2010-02-19 19:27 720384 c:\windows\system32\DivX.dll
+ 2008-12-21 21:46 . 2008-12-21 21:46 351744 c:\windows\system32\avisynth.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 195584 c:\windows\speech\Xvoice.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 203776 c:\windows\speech\XTel.Dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 208896 c:\windows\speech\Xlisten.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 128000 c:\windows\speech\Xcommand.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 173056 c:\windows\speech\VText.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 179712 c:\windows\speech\Vdict.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 156160 c:\windows\speech\vcmshl.dll
+ 1999-01-12 13:09 . 1999-01-12 13:09 380928 c:\windows\speech\vcmd.exe
+ 1999-01-12 13:19 . 1999-01-12 13:19 248832 c:\windows\speech\spchtel.dll
+ 1999-01-12 13:19 . 1999-01-12 13:19 562176 c:\windows\speech\speech.dll
+ 2009-07-09 01:04 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe
- 2009-07-09 01:04 . 2004-08-03 22:56 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
+ 2010-11-22 15:27 . 2006-03-31 10:27 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2006-02-03 06:40 578560 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-12-05 16:20 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-09-28 13:11 577536 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-07-22 16:21 577024 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-05-26 14:15 576000 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-03-18 16:23 567296 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-02-05 18:32 563712 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 223232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 178176 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 364544 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 159232 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 145920 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2010-08-26 12:49 . 2005-03-18 15:23 473600 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2010-08-29 15:13 . 2010-08-29 15:13 169472 c:\windows\Installer\4b4ff0.msi
+ 2010-08-04 13:13 . 2010-08-04 13:13 686080 c:\windows\Installer\4ab69.msp
+ 2010-07-14 14:45 . 2010-07-14 14:45 424960 c:\windows\Installer\496921.msi
+ 2010-11-22 15:25 . 2010-11-22 15:25 331264 c:\windows\Installer\258907.msi
+ 2010-09-17 14:15 . 2010-09-17 14:15 874496 c:\windows\Installer\222577.msi
+ 2010-11-21 18:16 . 2010-11-21 18:16 858624 c:\windows\Installer\14489.msi
+ 2010-11-21 18:16 . 2010-11-21 18:16 136448 c:\windows\Installer\{A13F9DCF-7413-4F53-93F1-9925DCF709CF}\egui.exe
- 2010-06-18 08:50 . 2010-06-18 08:50 136448 c:\windows\Installer\{A13F9DCF-7413-4F53-93F1-9925DCF709CF}\egui.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-09-22 16:10 . 2010-09-22 16:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0400000010\9.4.0\nppdf32.dll
+ 2009-03-06 01:37 . 2009-03-06 01:37 501640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SOA.DLL
+ 2008-10-26 05:26 . 2008-10-26 05:26 162680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCWIZ.DLL
+ 2010-11-27 16:50 . 2005-03-10 22:57 356352 c:\windows\eSellerateEngine.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-07-15 05:20 . 2010-02-22 17:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll
+ 2010-07-15 05:20 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst\spuninst.exe
+ 2010-07-15 05:20 . 2004-08-03 22:56 743936 c:\windows\$NtUninstallKB2229593$\helpsvc.exe
+ 2010-07-15 05:20 . 2010-02-22 17:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll
+ 2010-07-15 05:20 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB2229593\update\update.exe
+ 2010-07-15 05:20 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB2229593\spuninst.exe
+ 2010-07-14 05:33 . 2010-06-14 14:38 744448 c:\windows\$hf_mig$\KB2229593\SP3QFE\helpsvc.exe
+ 2010-07-14 05:33 . 2010-06-14 14:31 744448 c:\windows\$hf_mig$\KB2229593\SP3GDR\helpsvc.exe
+ 2010-07-14 05:33 . 2010-06-14 15:13 744448 c:\windows\$hf_mig$\KB2229593\SP2QFE\helpsvc.exe
+ 2009-07-11 18:46 . 2009-07-11 18:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 18:46 . 2009-07-11 18:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2009-07-09 08:31 . 2010-08-12 04:07 2120176 c:\windows\system32\pxsfs.dll
+ 2010-08-26 12:49 . 2004-12-01 14:53 2846720 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-08-26 12:49 . 2004-09-29 11:38 2676224 c:\windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-26 14:00 . 2010-07-26 14:00 5010944 c:\windows\Installer\6eb33.msp
+ 2010-07-10 18:14 . 2010-07-10 18:14 2850816 c:\windows\Installer\6eb1c.msp
+ 2010-10-11 13:41 . 2010-10-11 13:41 3946496 c:\windows\Installer\59833.msi
+ 2010-08-19 15:57 . 2010-08-19 15:57 3395584 c:\windows\Installer\4ab52.msp
+ 2010-07-14 14:50 . 2010-07-14 14:50 3726336 c:\windows\Installer\496925.msi
+ 2010-08-13 16:01 . 2010-08-13 16:01 8993280 c:\windows\Installer\3a176.msp
+ 2010-08-13 15:59 . 2010-08-13 15:59 8182272 c:\windows\Installer\3a15f.msp
+ 2010-08-13 16:02 . 2010-08-13 16:02 2545664 c:\windows\Installer\3a148.msp
+ 2010-08-13 16:00 . 2010-08-13 16:00 9404928 c:\windows\Installer\3a131.msp
+ 2010-09-17 04:06 . 2010-09-17 04:06 3355648 c:\windows\Installer\3a119.msp
+ 2010-05-20 17:57 . 2010-05-20 17:57 4989952 c:\windows\Installer\33bf8.msp
+ 2010-05-20 17:57 . 2010-05-20 17:57 5907456 c:\windows\Installer\33bf7.msp
+ 2010-06-11 09:03 . 2010-06-11 09:03 5021184 c:\windows\Installer\33bd7.msp
+ 2010-09-17 05:04 . 2010-09-17 05:04 9401856 c:\windows\Installer\2d1b2.msp
+ 2010-10-21 17:12 . 2010-10-21 17:12 3359744 c:\windows\Installer\2d19b.msp
+ 2010-10-07 17:43 . 2010-10-07 17:43 1980416 c:\windows\Installer\2d184.msp
+ 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\1b8d0.msp
- 2009-11-25 17:20 . 2010-06-12 10:05 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-25 17:20 . 2010-06-12 10:05 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-11-25 17:20 . 2010-11-11 04:58 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-09-16 01:08 . 2010-09-16 01:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA79201B7449A0400000010\9.4.0\authplay.dll
+ 2008-11-10 01:41 . 2008-11-10 01:41 2014584 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\PPTVIEW.EXE
+ 2010-11-22 15:27 . 2010-11-22 15:27 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-11-22 15:27 . 2010-11-22 15:27 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-07-10 18:06 . 2010-07-10 18:06 10120192 c:\windows\Installer\6eb05.msp
+ 2010-07-22 23:04 . 2010-07-22 23:04 11395072 c:\windows\Installer\4ab3b.msp
+ 2010-05-20 17:58 . 2010-05-20 17:58 12114432 c:\windows\Installer\33bc0.msp
+ 2009-03-06 01:37 . 2009-03-06 01:37 10222432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSACCESS.EXE
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-11-23 1060864]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-06 149280]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-02 2327840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"tekeboo"="c:\windows\system32\pyly.exe" [2010-11-28 315392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\Jakub\Start Menu\Programs\Startup\
0ggbssn.exe [2010-11-22 43008]
0kplbbx.exe [2010-11-21 43008]
0tpkk6w.exe [2010-11-21 43008]
1ieezqq.exe [2010-11-21 43008]
6ss6ee6.exe [2010-11-21 43008]
c3eezqqlccx.exe [2010-11-21 43008]
e3ggbssneez.exe [2010-11-22 43008]
eezk6ww6ii.exe [2010-11-21 43008]
f0lhcc6oo.exe [2010-11-21 43008]
fbww6ii6.exe [2010-11-21 43008]
s70tpkq70.exe [2010-11-21 43008]
wwriiduupg.exe [2010-11-21 43008]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Documents and Settings\\Jakub\\My Documents\\Preberanie\\P1876832.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 09:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 09:02 468224]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [9.7.2009 17:17 72320]
S2 ea26a79qboa;Asset Management Daemon;c:\windows\system32\venelyzu.exe [28.11.2010 15:19 315392]
S2 fjrprqzs;fjrprqzs;c:\windows\system32\drivers\fjrprqzs.sys [28.11.2010 15:50 2291]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.5.2010 14:08 136176]
S2 xjuosbfv;xjuosbfv;c:\windows\system32\drivers\xjuosbfv.sys [28.11.2010 15:18 82944]
S3 jkzycxdn;jkzycxdn;\??\c:\windows\System32\Drivers\jkzycxdn.sys --> c:\windows\System32\Drivers\jkzycxdn.sys [?]
S3 rwaofnwl;rwaofnwl;\??\c:\windows\System32\Drivers\rwaofnwl.sys --> c:\windows\System32\Drivers\rwaofnwl.sys [?]
S3 yvhsauqu;yvhsauqu;\??\c:\windows\System32\Drivers\yvhsauqu.sys --> c:\windows\System32\Drivers\yvhsauqu.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.6.2010 10:32 691696]

--- Other Services/Drivers In Memory ---

*Deregistered* - wcscd
.
Contents of the 'Scheduled Tasks' folder

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 13:08]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 13:08]

2010-11-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-07-11 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://googleure.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Jakub\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
TCP: {B96DF464-F62A-46C6-B2E4-E9F050499A76} = 217.119.117.28,217.119.113.244
FF - ProfilePath - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\
FF - plugin: c:\documents and settings\Jakub\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Jakub\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Extension: U Flv: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
FF - Extension: {5647f4b2-2f19-15dd-2d2b-7212613c2b46}: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-hqznrvcw
SafeBoot-xjuosbfv

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-28 16:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [9264]
? [8436]
? [10048]
? [10072]
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
"ImagePath"="\??\c:\windows\TEMP\cdfss"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D464A062-F82B-515C-7E24-09CE26AD1EDA}*]
"haikfoapifpgcbkk"=hex:6a,61,67,61,70,63,65,6d,63,62,69,6b,6e,6d,67,69,65,67,
6d,6a,00,f0
"iackhenlgadblagbko"=hex:69,61,64,62,6b,66,65,6c,6d,6c,6c,61,65,63,6e,62,6d,66,
00,00
.
Completion time: 2010-11-28 16:20:18
ComboFix-quarantined-files.txt 2010-11-28 15:20

Pre-Run: 8 532 340 736 bytes free
Post-Run: 13 079 769 088 bytes free

- - End Of File - - 1EB7FEE913D793918D3FB3C05C968F8A

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:files
P1876832.JPG-www.facebook.exe /s
c:\documents and settings\Jakub\Start Menu\Programs\Startup\*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Restore::
c:\windows\system32\drivers\cdrom.sys

SRPeek::
c:\windows\system32\drivers\cdrom.sys

Collect::
c:\windows\system32\venelyzu.exe
c:\windows\system32\drivers\fjrprqzs.sys
c:\windows\system32\drivers\xjuosbfv.sys
c:\windows\System32\Drivers\jkzycxdn.sys
c:\windows\System32\Drivers\rwaofnwl.sys
c:\windows\System32\Drivers\yvhsauqu.sys
c:\windows\system32\pyly.exe

Driver::
ea26a79qboa
fjrprqzs
xjuosbfv
jkzycxdn
rwaofnwl
yvhsauqu
wcscd

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

DDS::
uStart Page = hxxp://googleure.com

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Jakub\\My Documents\\Preberanie\\P1876832.JPG-www.facebook.exe"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cdfss]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"UpdatePDRShortCut"=-
NokiaMusic FastStart"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"DivXUpdate"=-
"tekeboo"=-

RegLock::
[HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D464A062-F82B-515C-7E24-09CE26AD1EDA}*]

RegNull::
[HKEY_USERS\S-1-5-21-839522115-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D464A062-F82B-515C-7E24-09CE26AD1EDA}*]

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Cez ten ComboFix mi to akosi nejde, lebo keď presuniem ten txt súbor na kolonku Combofix, tá hneď "zmodrie" a tým sa mi opäť spustí.
Z OTM:
All processes killed
========== FILES ==========
\Documents and Settings\Jakub\My Documents\Preberanie\P1876832.JPG-www.facebook.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\0ggbssn.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\0kplbbx.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\0tpkk6w.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\1ieezqq.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\6ss6ee6.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\c3eezqqlccx.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\e3ggbssneez.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\eezk6ww6ii.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\f0lhcc6oo.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\fbww6ii6.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\s70tpkq70.exe moved successfully.
c:\documents and settings\Jakub\Start Menu\Programs\Startup\wwriiduupg.exe moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET395.tmp moved successfully.
C:\WINDOWS\system32\SET399.tmp moved successfully.
C:\WINDOWS\system32\SET3A1.tmp moved successfully.
C:\WINDOWS\DUMP64d4.tmp moved successfully.
C:\WINDOWS\DUMP686e.tmp moved successfully.
C:\WINDOWS\DUMP6a14.tmp moved successfully.
C:\WINDOWS\DUMP6afe.tmp moved successfully.
C:\WINDOWS\DUMP6b3d.tmp moved successfully.
C:\WINDOWS\DUMP70f9.tmp moved successfully.
C:\WINDOWS\DUMP72ed.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\AppPatch\SET272.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP245.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP31E9.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP452.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP47D.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP736.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP824.tmp folder moved successfully.
C:\WINDOWS\Globalization\tl-PH-Nokia.tmp0 moved successfully.
C:\WINDOWS\Installer\MSIAF.tmp moved successfully.
C:\WINDOWS\Installer\MSIC8.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltD25.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\Temp\NS3.tmp moved successfully.
C:\WINDOWS\Temp\sdnC90B.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgends.tmp moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 487211529 bytes
->Temporary Internet Files folder emptied: 842735169 bytes
->Flash cache emptied: 132226 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jakub
->Temp folder emptied: 7197737 bytes
->Temporary Internet Files folder emptied: 1073130 bytes
->Java cache emptied: 73975430 bytes
->FireFox cache emptied: 79400462 bytes
->Flash cache emptied: 3097633 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1182868 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: windows
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3334938 bytes

Total Files Cleaned = 1 430,00 mb

OTM by OldTimer - Version 3.1.17.2 log created on 11292010_065343

Files moved on Reboot...
File C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\G5YV05YJ\board%26rnd%3D687495535%26fid%3D291484689%26bg1%3D28%26bg2%3D38%26bg3%3D0%26mlt%3D2%26ged%3D0%3A0%3AMGFiYjNmODQzZDkzOGNjYuIEploc0mCUbR6DqgBeGEVXYwJ7Rare-2nQpmByvSaB1M6onhegI&r=0 not found!
File C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\AAG43ZGW\aomy7aT6np2cn1YFUITPim4mBdP6rE4Wrm0tULpdTw4AUS3s38UVQ8VcZb8S6rvUtU3Wbj52bAmWqQvTErlPaBJSsQIRreoSWQiWGvP5bTxmWqmXTau4WYZdQsrD26nLoHErUH37YUfkUcFX67ul3P[1].gif not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ANURQDMN\metal brile not found!
File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0D2RSTUJ\evanna not found!

Registry entries deleted on Reboot...

No vsak ano, sken bude vypadat jako pri prvnim spusteni, ale provede i prikazy ve skriptu...Pokud by se seknul na vic jak pul hodky, tak jej aplikujte v nouzovem rezimu...

No a tu je druhý log z Combofixu:
ComboFix 10-11-28.05 - Jakub 29.11.2010 16:04:30.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.511.227 [GMT 1:00]
Running from: c:\documents and settings\Jakub\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jakub\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"

file zipped: c:\windows\system32\drivers\fjrprqzs.sys
file zipped: c:\windows\system32\drivers\xjuosbfv.sys
file zipped: c:\windows\system32\pyly.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\inst.exe
c:\documents and settings\Administrator\Application Data\SpyGuarder
c:\documents and settings\Administrator\Application Data\SpyGuarder\base.dat
c:\documents and settings\Administrator\Application Data\SpyGuarder\base2.dat
c:\documents and settings\Administrator\Application Data\SpyGuarder\Desc.dat
c:\documents and settings\Administrator\Application Data\SpyGuarder\spline.dat
c:\documents and settings\Administrator\Application Data\SpyGuarder\SpyGuarder.ini
c:\documents and settings\Administrator\Cookies\hpothb07.dat
c:\documents and settings\Administrator\Favorites\Thumbs.db
c:\documents and settings\All Users.WINDOWS\Application Data\common.data
c:\windows\system32\drivers\fjrprqzs.sys
c:\windows\system32\drivers\wcscd.sys
c:\windows\system32\drivers\xjuosbfv.sys

c:\windows\system32\drivers\cdrom.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CDFSS
-------\Legacy_EA26A79QBOA
-------\Legacy_FJRPRQZS
-------\Legacy_WCSCD
-------\Legacy_XJUOSBFV
-------\Service_cdfss
-------\Service_ea26a79qboa
-------\Service_fjrprqzs
-------\Service_jkzycxdn
-------\Service_rwaofnwl
-------\Service_wcscd
-------\Service_xjuosbfv
-------\Service_yvhsauqu

((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
.

2010-11-29 05:24 . 2010-11-29 05:24 -------- d-----w- C:\_OTM
2010-11-28 14:19 . 2010-11-28 14:17 315392 ----a-w- c:\windows\system32\pyly.exe
2010-11-28 14:17 . 2010-11-28 14:17 315392 ----a-w- c:\windows\system32\quoowohu.exe
2010-11-28 08:25 . 2010-11-28 08:25 1409 ----a-w- c:\windows\QTFont.for
2010-11-28 07:03 . 2010-11-29 14:23 90112 ----a-w- c:\windows\DUMP6dae.tmp
2010-11-28 07:03 . 2010-11-29 14:21 90112 ----a-w- c:\windows\DUMP703e.tmp
2010-11-27 16:54 . 2010-11-27 16:54 -------- d-----w- c:\program files\VirtualDJ
2010-11-22 15:42 . 2010-11-22 15:42 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Application Data\Electronic Arts
2010-11-21 21:26 . 2010-11-21 21:26 256 ----a-w- C:\HDTV.exe
2010-11-20 14:31 . 2010-11-20 14:31 85504 ----a-w- C:\wifi32.exe
2010-11-15 19:30 . 2010-11-15 19:30 90978 ----a-w- C:\winnt7.exe
2010-11-09 14:25 . 2010-11-09 14:25 -------- d-----w- c:\documents and settings\Jakub\Local Settings\Application Data\Unity
2010-11-08 06:25 . 2010-11-17 11:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton
2010-11-08 06:25 . 2010-11-08 06:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Symantec
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-03 17:09 . 2010-11-08 08:04 -------- d-----w- C:\divx
2010-11-03 09:07 . 2010-11-03 16:18 -------- d-----w- c:\program files\AllToAVI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-23 17:42 . 2004-08-03 20:59 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-09-08 07:09 . 2010-10-17 06:57 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-08 07:07 . 2010-10-17 06:57 50688 ----a-w- c:\windows\system32\ff_acm.acm
2010-09-01 13:57 . 2006-07-11 16:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\system32\dllcache\cdrom.sys [x]
[-] B669E9147C7BB835DA6FE335AF7FF73C 84800 \RP206\A0085795.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-09 7561216]
"nwiz"="nwiz.exe" [2006-03-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-09 86016]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-11-23 1060864]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-02 2327840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 09:04 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1.7.2008 09:02 468224]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [9.7.2009 17:17 72320]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.5.2010 14:08 136176]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.6.2010 10:32 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 13:08]

2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 13:08]

2010-11-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-07-11 05:18]
.
.
------- Supplementary Scan -------
.
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Jakub\Application Data\DVDVideoSoftIEHelpers\youtubedownload.htm
TCP: {B96DF464-F62A-46C6-B2E4-E9F050499A76} = 217.119.117.28,217.119.113.244
FF - ProfilePath - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\
FF - plugin: c:\documents and settings\Jakub\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Jakub\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Extension: U Flv: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
FF - Extension: {5647f4b2-2f19-15dd-2d2b-7212613c2b46}: {5647f4b2-2f19-15dd-2d2b-7212613c2b46} - c:\documents and settings\Jakub\Application Data\Mozilla\Firefox\Profiles\p7177uah.default\extensions\{5647f4b2-2f19-15dd-2d2b-7212613c2b46}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-29 16:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1612)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2010-11-29 16:34:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-29 15:34
ComboFix2.txt 2010-11-28 15:20

Pre-Run: 14 519 959 552 bytes free
Post-Run: 14 406 287 360 bytes free

- - End Of File - - BD3490AAD19CB44F1EDCE52388E082E2

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

c:\windows\system32\drivers\cdrom.sys
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Kliknete na Send File
Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
Vysledek analyzy sem vlozte (jako odkaz)

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

Do okna vlozte skript nize
Kód: Vybrat vše
```
:filefind
cdrom.sys
```
Kliknete na Look
Tlacitko Look se zmeni na Scanning a zsedne
Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte

SystemLook 04.09.10 by jpshortstuff
Log created at 15:39 on 07/12/2010 by Jakub
Administrator - Elevation successful

========== filefind ==========

Searching for "cdrom.sys"
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cdrom.sys --a---- 62976 bytes [18:40 13/04/2008] [18:40 13/04/2008] 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\system32\drivers\cdrom.sys --a---- 84800 bytes [20:59 03/08/2004] [17:42 23/11/2010] (Unable to calculate MD5)

-= EOF =-

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

FCopy::
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cdrom.sys | C:\WINDOWS\system32\drivers\cdrom.sys

Collect::
c:\windows\system32\pyly.exe
c:\windows\system32\quoowohu.exe
C:\wifi32.exe
C:\winnt7.exe

File::
c:\windows\DUMP6dae.tmp
c:\windows\DUMP703e.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Driver::
gupdate

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

VIRY.CZ

Problém so "systémom"

Problém so "systémom"

Re: Problém so "systémom"

Re: Problém so "systémom"

Re: Problém so "systémom"

Re: Problém so "systémom"

Re: Problém so "systémom"

Re: Problém so "systémom"

Re: Problém so "systémom"

Re: Problém so "systémom"

Re: Problém so "systémom"

Re: Problém so "systémom"

Re: Problém so "systémom"