• Registrarse
  • Iniciar sesión


  • Resultados 1 al 8 de 8

    Win32/Olmarik.TDL4 Troyano

    Hola este es mi primer post :) Tengo un problema con este Troyano, no lo puedo eliminar :( Las cosas que probé hasta ahora fueron: - MalwareBytes-Anty Malware - TDSSKiller, no lo puedo correr, intente ...

    1. #1
      Usuario Avatar de Siemnok
      Registrado
      sep 2012
      Ubicación
      Buenos Aires
      Mensajes
      4

      Malware Win32/Olmarik.TDL4 Troyano

      Hola este es mi primer post :)
      Tengo un problema con este Troyano, no lo puedo eliminar :(

      Las cosas que probé hasta ahora fueron:
      - MalwareBytes-Anty Malware
      - TDSSKiller, no lo puedo correr, intente cambiarle el nombre/extención y nada.
      - También intenté borrarlo a mano, pero no puedo acceder a muchos directorios dentro de Users, como si no tuviera permisos de administrador.

      El troyano lo detecta el NOd32:
      8/9/2012 7:56:39 AM Análisis en el inicio memoria operativa Memoria operativa Win32/Olmarik.TDL4 Troyano no es posible su desinfección HOME\Leo


      Muchas gracias por su tiempo.
      Última edición por Siemnok fecha: 09/09/12 a las 07:06:06

    2. #2
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      Re: Win32/Olmarik.TDL4 Troyano

      Hola Siemnok Bienvenido a infospyware

      En tu próxima respuesta péganos los reportes de las herramientas utilizadas.

      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    3. #3
      Usuario Avatar de Siemnok
      Registrado
      sep 2012
      Ubicación
      Buenos Aires
      Mensajes
      4

      Re: Win32/Olmarik.TDL4 Troyano

      Gracias por la bienvenida :)

      Use DDS para los logs:

      .
      DDS (Ver_2011-08-26.01) - NTFSAMD64
      Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
      Run by Leo at 10:16:49 on 2012-09-08
      Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2194 [GMT -3:00]
      .
      AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
      SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      .
      ============== Running Processes ===============
      .
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
      C:\Windows\system32\svchost.exe -k RPCSS
      C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
      C:\Windows\system32\atiesrxx.exe
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\UnsignedThemesSvc.exe
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\atieclxx.exe
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
      C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
      C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
      C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
      C:\Windows\System32\svchost.exe -k HPZ12
      C:\Windows\System32\svchost.exe -k HPZ12
      C:\Windows\SysWOW64\PnkBstrA.exe
      C:\Windows\SysWOW64\PnkBstrB.exe
      C:\Program Files (x86)\Planex\Common\RalinkRegistryWriter.exe
      C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Program Files (x86)\Tunngle\TnglCtrl.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Windows\System32\alg.exe
      C:\Windows\system32\svchost.exe -k HPService
      C:\Windows\System32\svchost.exe -k LocalServicePeerNet
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Windows\system32\DllHost.exe
      C:\Windows\System32\svchost.exe -k secsvcs
      C:\Program Files\Windows Media Player\wmpnetwk.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskhost.exe
      C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
      C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\Microsoft IntelliType Pro\itype.exe
      C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
      C:\Program Files (x86)\RocketDock\RocketDock.exe
      C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
      C:\Users\Leo\Local Settings\Apps\F.lux\flux.exe
      C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files (x86)\Planex\Common\RaUI.exe
      C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
      C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
      C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
      C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
      C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
      C:\Windows\system32\conhost.exe
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      C:\Windows\system32\NOTEPAD.EXE
      C:\Windows\System32\svchost.exe -k WerSvcGroup
      C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
      C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
      C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
      C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\conhost.exe
      C:\Windows\SysWOW64\cscript.exe
      .
      ============== Pseudo HJT Report ===============
      .
      uInternet Settings,ProxyOverride = 192.168.*.*;*.local
      mWinlogon: Userinit=userinit.exe,
      BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
      BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
      BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
      BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
      BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
      BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
      EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
      uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
      uRun: [Steam] "H:\Steam\steam.exe" -silent
      uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
      uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
      uRun: [F.lux] "C:\Users\Leo\Local Settings\Apps\F.lux\flux.exe" /noshow
      uRun: [Google Update] "C:\Users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
      mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
      mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
      mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      mRun: [<NO NAME>]
      mRun: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
      mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
      mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
      StartupFolder: C:\Users\Leo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Leo\AppData\Roaming\Dropbox\bin\Dropbox.exe
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
      StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PLANEX~1.LNK - C:\Program Files (x86)\Planex\Common\RaUI.exe
      mPolicies-explorer: NoActiveDesktop = 1 (0x1)
      mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
      mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
      mPolicies-system: EnableLUA = 0 (0x0)
      mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
      mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
      IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
      IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
      IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
      IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
      IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      Trusted Zone: clonewarsadventures.com
      Trusted Zone: freerealms.com
      Trusted Zone: soe.com
      Trusted Zone: sony.com
      DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
      DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
      DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      TCP: DhcpNameServer = 200.42.4.203 200.49.130.40
      TCP: Interfaces\{0E5927F1-B36D-4CF3-B043-8D8A721F621E} : DhcpNameServer = 200.42.4.203 200.49.130.40
      Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
      Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
      Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
      Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
      SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
      mASetup: {SFMQ4M5D-TGLO-833R-G2RI-6L81C0X272LQ} - C:\Windows\system\system.exe
      BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      BHO-X64: HP Print Enhancer - No File
      BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
      BHO-X64: AMD SteadyVideo BHO - No File
      BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
      BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
      BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
      BHO-X64: SkypeIEPluginBHO - No File
      BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
      BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
      BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      BHO-X64: HP Smart BHO Class - No File
      EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
      EB-X64: {5802D092-1784-4908-8CDB-99B6842D353D} - No File
      mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
      mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
      mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      mRun-x64: [(Default)]
      mRun-x64: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe
      mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
      mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
      SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tryy8m62.default\
      FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
      FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
      FF - component: C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tryy8m62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
      FF - component: C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tryy8m62.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
      FF - component: C:\Users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tryy8m62.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
      FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
      FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
      FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
      FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
      FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
      FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
      FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
      FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
      FF - plugin: C:\Users\Leo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
      FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
      FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
      FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
      FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
      .
      ---- FIREFOX POLICIES ----
      FF - user.js: network.http.max-persistent-connections-per-server - 4
      FF - user.js: nglayout.initialpaint.delay - 600
      FF - user.js: content.notify.interval - 600000
      FF - user.js: content.max.tokenizing.time - 1800000
      FF - user.js: content.switch.threshold - 600000
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
      R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
      R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-1-25 55056]
      R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-1-25 61712]
      R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
      R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
      R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
      R2 CDMA Device Service;CDMA Device Service;C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-9-18 159232]
      R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
      R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-4-7 810120]
      R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
      R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
      R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-4-26 223088]
      R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Planex\Common\RalinkRegistryWriter.exe [2010-7-7 54272]
      R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-1-25 931640]
      R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-8-6 548264]
      R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-8-21 1019328]
      R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]
      R2 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-7-16 741624]
      R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
      R2 uxpatch;uxpatch;\??\C:\Windows\system32\drivers\uxpatch.sys --> C:\Windows\system32\drivers\uxpatch.sys [?]
      R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
      R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
      R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
      R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
      R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
      R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
      R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\Windows\system32\DRIVERS\tap0901t.sys --> C:\Windows\system32\DRIVERS\tap0901t.sys [?]
      S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
      S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
      S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-11 136176]
      S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-1 655944]
      S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
      S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
      S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
      S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe --> c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
      S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
      S3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
      S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-11 136176]
      S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
      S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
      S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
      S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
      S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
      S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
      S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers\pssdk41.sys [?]
      S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\rt2870.sys --> C:\Windows\system32\DRIVERS\rt2870.sys [?]
      S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
      S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
      S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
      S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
      S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
      S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
      S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
      S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
      S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
      S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 430424]
      .
      =============== Created Last 30 ================
      .
      2012-09-08 11:58:24 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D159B867-0EB3-4113-B5BF-991B2DC2A869}\offreg.dll
      2012-09-07 11:44:03 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D159B867-0EB3-4113-B5BF-991B2DC2A869}\mpengine.dll
      2012-09-03 22:38:26 -------- d-----w- C:\Program Files (x86)\ESET
      2012-09-01 13:38:31 -------- d-----w- C:\Users\Leo\AppData\Roaming\Malwarebytes
      2012-09-01 13:37:57 -------- d-----w- C:\ProgramData\Malwarebytes
      2012-09-01 13:37:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
      2012-09-01 12:11:58 110080 ----a-w- C:\Users\Leo\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
      2012-09-01 12:11:58 110080 ----a-w- C:\Users\Leo\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
      2012-09-01 12:11:57 110080 ----a-w- C:\Users\Leo\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
      2012-09-01 12:11:57 -------- d-----w- C:\sh4ldr
      2012-09-01 12:11:57 -------- d-----w- C:\Program Files\Enigma Software Group
      2012-09-01 12:11:35 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
      2012-08-28 11:39:54 -------- d-----w- C:\Program Files (x86)\AMD APP
      2012-08-24 12:04:36 -------- d-----w- C:\Users\Leo\AppData\Local\SIX_Projects
      2012-08-22 00:41:19 -------- d-----w- C:\Users\Leo\AppData\Local\Dreambelievers
      2012-08-22 00:40:55 -------- d-----w- C:\Program Files (x86)\Pokemon Online
      2012-08-18 18:33:45 -------- d-----w- C:\Users\Leo\romannurik-code
      2012-08-18 18:31:07 -------- d-----w- C:\Program Files (x86)\Git
      2012-08-18 18:22:42 -------- d-----w- C:\Users\Leo\.ssh
      2012-08-18 18:20:41 -------- d-----w- C:\Users\Leo\AppData\Local\GitHub
      2012-08-18 18:20:39 -------- d-----w- C:\Users\Leo\AppData\Roaming\GitHub
      2012-08-15 11:35:17 59392 ----a-w- C:\Windows\System32\browcli.dll
      2012-08-15 11:35:17 136704 ----a-w- C:\Windows\System32\browser.dll
      2012-08-15 11:35:16 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
      2012-08-15 11:35:14 503808 ----a-w- C:\Windows\System32\srcore.dll
      2012-08-15 11:35:13 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
      2012-08-15 11:35:08 751104 ----a-w- C:\Windows\System32\win32spl.dll
      2012-08-15 11:35:07 67072 ----a-w- C:\Windows\splwow64.exe
      2012-08-15 11:35:07 559104 ----a-w- C:\Windows\System32\spoolsv.exe
      2012-08-15 11:35:07 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
      2012-08-15 11:35:03 3148800 ----a-w- C:\Windows\System32\win32k.sys
      2012-08-15 11:34:37 956928 ----a-w- C:\Windows\System32\localspl.dll
      2012-08-13 11:31:02 -------- d-----w- C:\ProgramData\Splashtop
      2012-08-13 11:30:20 -------- d-----w- C:\Users\Leo\AppData\Local\{BB3E1258-9A73-4A91-BE1F-249B31DCD5EF}
      .
      ==================== Find3M ====================
      .
      2012-08-15 03:08:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-08-15 03:08:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
      2012-07-28 04:09:20 5538984 ----a-w- C:\Windows\SysWow64\atiumdag.dll
      2012-07-28 04:07:44 10278912 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
      2012-07-28 03:43:12 70144 ----a-w- C:\Windows\System32\coinst_8.982.dll
      2012-07-28 03:19:34 24935424 ----a-w- C:\Windows\System32\atio6axx.dll
      2012-07-28 02:50:10 20546560 ----a-w- C:\Windows\SysWow64\atioglxx.dll
      2012-07-28 02:15:50 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
      2012-07-28 02:15:42 931328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
      2012-07-28 02:13:56 1100288 ----a-w- C:\Windows\System32\aticfx64.dll
      2012-07-28 0240 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
      2012-07-28 0234 534528 ----a-w- C:\Windows\System32\atieclxx.exe
      2012-07-28 02:09:44 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
      2012-07-28 02:08:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
      2012-07-28 02:08:04 21504 ----a-w- C:\Windows\System32\atimuixx.dll
      2012-07-28 02:07:58 59392 ----a-w- C:\Windows\System32\atiedu64.dll
      2012-07-28 02:07:52 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
      2012-07-28 02:07:10 6430208 ----a-w- C:\Windows\SysWow64\atidxx32.dll
      2012-07-28 01:51:12 7052288 ----a-w- C:\Windows\System32\atidxx64.dll
      2012-07-28 01:47:40 187392 ----a-w- C:\Windows\System32\clinfo.exe
      2012-07-28 01:47:24 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
      2012-07-28 01:47:16 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
      2012-07-28 01:47:10 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
      2012-07-28 01:47:06 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
      2012-07-28 01:46:56 16464896 ----a-w- C:\Windows\System32\amdocl64.dll
      2012-07-28 01:46:06 13013504 ----a-w- C:\Windows\SysWow64\amdocl.dll
      2012-07-28 01:41:32 4266496 ----a-w- C:\Windows\System32\atiumd6a.dll
      2012-07-28 01:35:10 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
      2012-07-28 01:35:08 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
      2012-07-28 01:35:02 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
      2012-07-28 01:35:00 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
      2012-07-28 01:34:48 16034304 ----a-w- C:\Windows\System32\aticaldd64.dll
      2012-07-28 01:32:32 4751872 ----a-w- C:\Windows\SysWow64\atiumdva.dll
      2012-07-28 01:30:10 13605888 ----a-w- C:\Windows\SysWow64\aticaldd.dll
      2012-07-28 01:25:52 6676480 ----a-w- C:\Windows\System32\atiumd64.dll
      2012-07-28 01:15:32 540160 ----a-w- C:\Windows\System32\atiadlxx.dll
      2012-07-28 01:15:22 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
      2012-07-28 01:15:12 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
      2012-07-28 01:15:08 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
      2012-07-28 01:15:08 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
      2012-07-28 01:15:04 41984 ----a-w- C:\Windows\System32\atig6txx.dll
      2012-07-28 01:14:56 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
      2012-07-28 01:14:46 368640 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
      2012-07-28 01:13:54 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
      2012-07-28 01:13:48 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
      2012-07-28 01:13:40 103936 ----a-w- C:\Windows\System32\atiu9p64.dll
      2012-07-28 01:13:32 83456 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
      2012-07-28 01:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
      2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
      2012-07-28 01:08:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
      2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
      2012-07-28 01:08:36 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
      2012-07-06 01:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
      2012-07-06 01:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
      2012-07-05 21:11:18 87488 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
      2012-07-05 2124 34720 ----a-w- C:\Windows\System32\LMIport.dll
      2012-07-05 2122 80800 ----a-w- C:\Windows\System32\LMIinit.dll
      2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
      2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
      2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
      2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
      2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
      2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
      2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
      2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
      2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
      2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
      .
      ============= FINISH: 10:25:29.88 ===============


      Y después tengo este, pero no encontre la opción para attachear archivos asi que lo subi a mediafire: Editado.

      Normas de Infospyware: Políticas del Foro de InfoSpyware

      2.3 No está permitido brindar/publicar directamente enlaces directos a la descarga de programas y/o aplicaciones, mucho menos enlaces a sitios de Hostings como "RapidShare", "HotFile", "Megaupload" o similar. Los programas recomendados y necesarios para atender el 90% de los casos del foro se encuentran disponibles en nuestra Web principal InfoSpyware, por lo que utilice los programas de ahí provistos o contáctese con alguno de los moderadores para solicitar el uso de algún otro programa.

      Me olvidé de mencionar que la PC me anda muy lenta a l igual que los exploradores Firefox/Chrome
      Última edición por Xtreme Hero fecha: 09/09/12 a las 07:11:21

    4. #4
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      Re: Win32/Olmarik.TDL4 Troyano

      Hola de nuevo,

      Por favor, paciencia, no estoy las 24 horas del día disponible.

      Realiza lo siguiente:

      Descarga EOlmarikRemover

      Ejecuta EOlmarikRemover y espera a que termine el proceso de desinfección.


      En modo normal


      Descarga la herramienta ComboFix.exe y guárdala en el escritorio.
      • Desactiva temporalmente el Antivirus y/o Antispyware.
      • Cierra todas las ventanas abiertas.
      • Haz doble clic al archivo ComboFix.exe para continuar. Es Importante instalar Recovery Console si es solicitado por ComboFix.
      • Cuando termine, generará un registro en C:\ComboFix.txt.
      • *Nota* Mientras ComboFix este trabajando no mover el mouse ya que pararía su proceso.
      • *Nota* ComboFix puede reiniciar automáticamente el PC para completar el proceso de eliminación.
      Atención!! No use ComboFix a menos que se le haya indicado específicamente en su mensaje por un integrante de nuestro Staff. Es una herramienta de gran alcance destinada por su creador a ser usada bajo la orientación y supervisión de un experto, no para uso privado. El uso de ComboFix incorrectamente podría generar problemas en su sistema. Por favor, lea las "Negaciones de la Garantía" de ComboFix.
      • Reinicia y pega el reporte de C:\ComboFix.txt en este mismo mensaje.



      En tu próxima respuesta nos pegas ambos reportes comentando cómo funciona el sistema.

      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de Siemnok
      Registrado
      sep 2012
      Ubicación
      Buenos Aires
      Mensajes
      4

      Re: Win32/Olmarik.TDL4 Troyano

      Buenas mis disculpas por ser tan insistente, es que el post habia quedado una paginas a tras :)

      La primer tools no la pude correr, me da este mensaje:
      "Sorry, your OS is not supported"



      Combofix:
      ComboFix 12-09-09.02 - Leo 09/09/2012 9:48.1.2 - x64
      Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2285 [GMT -3:00]
      Running from: c:\users\Leo\Desktop\ComboFix.exe
      AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
      SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
      SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      * Created a new restore point
      .
      .
      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      c:\programdata\BPvtbPC5NC2sT6
      c:\users\Leo\AppData\Local\assembly\tmp
      c:\users\Leo\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
      c:\users\Leo\AppData\Roaming\FFSJ
      c:\users\Leo\AppData\Roaming\FFSJ\FFSJ.cfg
      c:\windows\pkunzip.pif
      c:\windows\pkzip.pif
      c:\windows\SysWow64\muzapp.exe
      c:\windows\SysWow64\System32\MASetupCleaner.exe
      c:\windows\SysWow64\System32\muzapp.exe
      D:\install.exe
      .
      ----- File Replicators -----
      .
      c:\program files (x86)\Git\bin\git.exe
      c:\program files (x86)\Git\libexec\git-core\git-add.exe
      c:\program files (x86)\Git\libexec\git-core\git-annotate.exe
      c:\program files (x86)\Git\libexec\git-core\git-apply.exe
      c:\program files (x86)\Git\libexec\git-core\git-archive.exe
      c:\program files (x86)\Git\libexec\git-core\git-bisect--helper.exe
      c:\program files (x86)\Git\libexec\git-core\git-blame.exe
      c:\program files (x86)\Git\libexec\git-core\git-branch.exe
      c:\program files (x86)\Git\libexec\git-core\git-bundle.exe
      c:\program files (x86)\Git\libexec\git-core\git-cat-file.exe
      c:\program files (x86)\Git\libexec\git-core\git-check-attr.exe
      c:\program files (x86)\Git\libexec\git-core\git-check-ref-format.exe
      c:\program files (x86)\Git\libexec\git-core\git-checkout-index.exe
      c:\program files (x86)\Git\libexec\git-core\git-checkout.exe
      c:\program files (x86)\Git\libexec\git-core\git-cherry-pick.exe
      c:\program files (x86)\Git\libexec\git-core\git-cherry.exe
      c:\program files (x86)\Git\libexec\git-core\git-clean.exe
      c:\program files (x86)\Git\libexec\git-core\git-clone.exe
      c:\program files (x86)\Git\libexec\git-core\git-column.exe
      c:\program files (x86)\Git\libexec\git-core\git-commit-tree.exe
      c:\program files (x86)\Git\libexec\git-core\git-commit.exe
      c:\program files (x86)\Git\libexec\git-core\git-config.exe
      c:\program files (x86)\Git\libexec\git-core\git-count-objects.exe
      c:\program files (x86)\Git\libexec\git-core\git-describe.exe
      c:\program files (x86)\Git\libexec\git-core\git-diff-files.exe
      c:\program files (x86)\Git\libexec\git-core\git-diff-index.exe
      c:\program files (x86)\Git\libexec\git-core\git-diff-tree.exe
      c:\program files (x86)\Git\libexec\git-core\git-diff.exe
      c:\program files (x86)\Git\libexec\git-core\git-fast-export.exe
      c:\program files (x86)\Git\libexec\git-core\git-fetch-pack.exe
      c:\program files (x86)\Git\libexec\git-core\git-fetch.exe
      c:\program files (x86)\Git\libexec\git-core\git-fmt-merge-msg.exe
      c:\program files (x86)\Git\libexec\git-core\git-for-each-ref.exe
      c:\program files (x86)\Git\libexec\git-core\git-format-patch.exe
      c:\program files (x86)\Git\libexec\git-core\git-fsck-objects.exe
      c:\program files (x86)\Git\libexec\git-core\git-fsck.exe
      c:\program files (x86)\Git\libexec\git-core\git-gc.exe
      c:\program files (x86)\Git\libexec\git-core\git-get-tar-commit-id.exe
      c:\program files (x86)\Git\libexec\git-core\git-grep.exe
      c:\program files (x86)\Git\libexec\git-core\git-hash-object.exe
      c:\program files (x86)\Git\libexec\git-core\git-help.exe
      c:\program files (x86)\Git\libexec\git-core\git-index-pack.exe
      c:\program files (x86)\Git\libexec\git-core\git-init-db.exe
      c:\program files (x86)\Git\libexec\git-core\git-init.exe
      c:\program files (x86)\Git\libexec\git-core\git-log.exe
      c:\program files (x86)\Git\libexec\git-core\git-ls-files.exe
      c:\program files (x86)\Git\libexec\git-core\git-ls-remote.exe
      c:\program files (x86)\Git\libexec\git-core\git-ls-tree.exe
      c:\program files (x86)\Git\libexec\git-core\git-mailinfo.exe
      c:\program files (x86)\Git\libexec\git-core\git-mailsplit.exe
      c:\program files (x86)\Git\libexec\git-core\git-merge-base.exe
      c:\program files (x86)\Git\libexec\git-core\git-merge-file.exe
      c:\program files (x86)\Git\libexec\git-core\git-merge-index.exe
      c:\program files (x86)\Git\libexec\git-core\git-merge-ours.exe
      c:\program files (x86)\Git\libexec\git-core\git-merge-recursive.exe
      c:\program files (x86)\Git\libexec\git-core\git-merge-subtree.exe
      c:\program files (x86)\Git\libexec\git-core\git-merge-tree.exe
      c:\program files (x86)\Git\libexec\git-core\git-merge.exe
      c:\program files (x86)\Git\libexec\git-core\git-mktag.exe
      c:\program files (x86)\Git\libexec\git-core\git-mktree.exe
      c:\program files (x86)\Git\libexec\git-core\git-mv.exe
      c:\program files (x86)\Git\libexec\git-core\git-name-rev.exe
      c:\program files (x86)\Git\libexec\git-core\git-notes.exe
      c:\program files (x86)\Git\libexec\git-core\git-pack-objects.exe
      c:\program files (x86)\Git\libexec\git-core\git-pack-redundant.exe
      c:\program files (x86)\Git\libexec\git-core\git-pack-refs.exe
      c:\program files (x86)\Git\libexec\git-core\git-patch-id.exe
      c:\program files (x86)\Git\libexec\git-core\git-peek-remote.exe
      c:\program files (x86)\Git\libexec\git-core\git-prune-packed.exe
      c:\program files (x86)\Git\libexec\git-core\git-prune.exe
      c:\program files (x86)\Git\libexec\git-core\git-push.exe
      c:\program files (x86)\Git\libexec\git-core\git-read-tree.exe
      c:\program files (x86)\Git\libexec\git-core\git-receive-pack.exe
      c:\program files (x86)\Git\libexec\git-core\git-reflog.exe
      c:\program files (x86)\Git\libexec\git-core\git-remote-ext.exe
      c:\program files (x86)\Git\libexec\git-core\git-remote-fd.exe
      c:\program files (x86)\Git\libexec\git-core\git-remote.exe
      c:\program files (x86)\Git\libexec\git-core\git-replace.exe
      c:\program files (x86)\Git\libexec\git-core\git-repo-config.exe
      c:\program files (x86)\Git\libexec\git-core\git-rerere.exe
      c:\program files (x86)\Git\libexec\git-core\git-reset.exe
      c:\program files (x86)\Git\libexec\git-core\git-rev-list.exe
      c:\program files (x86)\Git\libexec\git-core\git-rev-parse.exe
      c:\program files (x86)\Git\libexec\git-core\git-revert.exe
      c:\program files (x86)\Git\libexec\git-core\git-rm.exe
      c:\program files (x86)\Git\libexec\git-core\git-send-pack.exe
      c:\program files (x86)\Git\libexec\git-core\git-shortlog.exe
      c:\program files (x86)\Git\libexec\git-core\git-show-branch.exe
      c:\program files (x86)\Git\libexec\git-core\git-show-ref.exe
      c:\program files (x86)\Git\libexec\git-core\git-show.exe
      c:\program files (x86)\Git\libexec\git-core\git-stage.exe
      c:\program files (x86)\Git\libexec\git-core\git-status.exe
      c:\program files (x86)\Git\libexec\git-core\git-stripspace.exe
      c:\program files (x86)\Git\libexec\git-core\git-symbolic-ref.exe
      c:\program files (x86)\Git\libexec\git-core\git-tag.exe
      c:\program files (x86)\Git\libexec\git-core\git-tar-tree.exe
      c:\program files (x86)\Git\libexec\git-core\git-unpack-file.exe
      c:\program files (x86)\Git\libexec\git-core\git-unpack-objects.exe
      c:\program files (x86)\Git\libexec\git-core\git-update-index.exe
      c:\program files (x86)\Git\libexec\git-core\git-update-ref.exe
      c:\program files (x86)\Git\libexec\git-core\git-update-server-info.exe
      c:\program files (x86)\Git\libexec\git-core\git-upload-archive.exe
      c:\program files (x86)\Git\libexec\git-core\git-var.exe
      c:\program files (x86)\Git\libexec\git-core\git-verify-pack.exe
      c:\program files (x86)\Git\libexec\git-core\git-verify-tag.exe
      c:\program files (x86)\Git\libexec\git-core\git-whatchanged.exe
      c:\program files (x86)\Git\libexec\git-core\git-write-tree.exe
      c:\program files (x86)\Git\libexec\git-core\git.exe
      .
      .
      ((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
      .
      .
      2012-09-09 13:35 . 2012-09-09 13:35 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
      2012-09-09 13:35 . 2012-09-09 13:35 -------- d-----w- c:\users\Default\AppData\Local\temp
      2012-09-09 13:35 . 2012-09-09 13:35 -------- d-----w- c:\users\Sil\AppData\Local\temp
      2012-09-07 11:44 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D159B867-0EB3-4113-B5BF-991B2DC2A869}\mpengine.dll
      2012-09-01 13:38 . 2012-09-01 13:38 -------- d-----w- c:\users\Leo\AppData\Roaming\Malwarebytes
      2012-09-01 13:37 . 2012-09-01 13:37 -------- d-----w- c:\programdata\Malwarebytes
      2012-09-01 13:37 . 2012-09-01 13:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
      2012-09-01 12:11 . 2012-09-01 12:11 110080 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconD7F16134.exe
      2012-09-01 12:11 . 2012-09-01 12:11 110080 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\Icon1226A4C5.exe
      2012-09-01 12:11 . 2012-09-01 12:12 -------- d-----w- C:\sh4ldr
      2012-09-01 12:11 . 2012-09-01 12:11 110080 ----a-w- c:\users\Leo\AppData\Roaming\Microsoft\Installer\{8C5C34C7-BC6B-4831-8B2C-6535FE63E502}\IconF7A21AF7.exe
      2012-09-01 12:11 . 2012-09-01 12:11 -------- d-----w- c:\program files\Enigma Software Group
      2012-09-01 12:11 . 2012-09-01 12:12 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
      2012-08-28 11:40 . 2012-08-28 11:40 -------- d-----w- c:\programdata\ATI
      2012-08-28 11:39 . 2012-08-28 11:39 -------- d-----w- c:\program files (x86)\AMD APP
      2012-08-24 12:04 . 2012-08-24 12:04 -------- d-----w- c:\users\Leo\AppData\Local\SIX_Projects
      2012-08-22 00:41 . 2012-08-22 00:41 -------- d-----w- c:\users\Leo\AppData\Local\Dreambelievers
      2012-08-22 00:40 . 2012-08-22 00:41 -------- d-----w- c:\program files (x86)\Pokemon Online
      2012-08-18 18:33 . 2012-08-18 18:33 -------- d-----w- c:\users\Leo\romannurik-code
      2012-08-18 18:31 . 2012-08-18 18:32 -------- d-----w- c:\program files (x86)\Git
      2012-08-18 18:22 . 2012-08-18 18:22 -------- d-----w- c:\users\Leo\.ssh
      2012-08-18 18:20 . 2012-08-18 18:28 -------- d-----w- c:\users\Leo\AppData\Local\GitHub
      2012-08-18 18:20 . 2012-08-18 18:20 -------- d-----w- c:\users\Leo\AppData\Roaming\GitHub
      2012-08-15 11:35 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
      2012-08-15 11:35 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
      2012-08-15 11:35 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
      2012-08-15 11:35 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
      2012-08-15 11:35 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
      2012-08-15 11:35 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
      2012-08-15 11:35 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
      2012-08-15 11:35 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
      2012-08-15 11:35 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
      2012-08-15 11:35 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
      2012-08-15 11:35 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
      2012-08-15 11:34 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
      2012-08-13 11:31 . 2012-08-13 11:31 -------- d-----w- c:\programdata\Splashtop
      2012-08-13 11:30 . 2012-08-13 11:30 -------- d-----w- c:\users\Leo\AppData\Local\{BB3E1258-9A73-4A91-BE1F-249B31DCD5EF}
      .
      .
      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2012-08-15 11:27 . 2009-11-08 10:56 62134624 ----a-w- c:\windows\system32\MRT.exe
      2012-08-15 03:08 . 2012-03-31 10:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
      2012-08-15 03:08 . 2011-05-15 12:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
      2012-07-28 04:09 . 2011-09-03 20:14 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
      2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
      2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
      2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
      2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
      2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
      2012-07-28 02:15 . 2011-09-03 20:12 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
      2012-07-28 02:13 . 2009-12-11 20:34 1100288 ----a-w- c:\windows\system32\aticfx64.dll
      2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
      2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
      2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
      2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
      2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
      2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
      2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
      2012-07-28 02:07 . 2012-04-06 02:13 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
      2012-07-28 01:51 . 2009-12-11 20:31 7052288 ----a-w- c:\windows\system32\atidxx64.dll
      2012-07-28 01:47 . 2012-07-28 01:47 187392 ----a-w- c:\windows\system32\clinfo.exe
      2012-07-28 01:47 . 2012-07-28 01:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
      2012-07-28 01:47 . 2012-07-28 01:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
      2012-07-28 01:47 . 2012-07-28 01:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
      2012-07-28 01:47 . 2012-07-28 01:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
      2012-07-28 01:46 . 2012-07-28 01:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
      2012-07-28 01:46 . 2012-07-28 01:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
      2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
      2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
      2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
      2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
      2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
      2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
      2012-07-28 01:32 . 2011-09-03 20:12 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
      2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
      2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
      2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
      2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
      2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
      2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
      2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
      2012-07-28 01:13 . 2009-12-11 19:50 129536 ----a-w- c:\windows\system32\atiuxp64.dll
      2012-07-28 01:13 . 2012-04-06 01:09 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
      2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
      2012-07-28 01:13 . 2010-05-05 01:22 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
      2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
      2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
      2012-07-06 01:06 . 2012-07-16 01:23 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
      2012-07-06 01:06 . 2010-12-25 01:58 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
      2012-07-05 21:11 . 2012-07-16 01:18 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
      2012-07-05 21:10 . 2012-07-16 01:18 34720 ----a-w- c:\windows\system32\LMIport.dll
      2012-07-05 21:10 . 2012-07-16 01:18 80800 ----a-w- c:\windows\system32\LMIinit.dll
      .
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2011-12-05 19:17 94208 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2011-12-05 19:17 94208 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2011-12-05 19:17 94208 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2011-12-05 19:17 94208 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
      .
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
      "Steam"="h:\steam\steam.exe" [2012-08-04 1353080]
      "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-30 21432]
      "F.lux"="c:\users\Leo\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
      "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
      "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
      "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
      "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
      "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
      "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
      "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
      "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
      "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
      "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
      .
      c:\users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      Dropbox.lnk - c:\users\Leo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
      .
      c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
      HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
      Planex Wireless Utility.lnk - c:\program files (x86)\Planex\Common\RaUI.exe [2010-7-7 1568768]
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "ConsentPromptBehaviorAdmin"= 0 (0x0)
      "ConsentPromptBehaviorUser"= 3 (0x3)
      "EnableLUA"= 0 (0x0)
      "EnableUIADesktopToggle"= 0 (0x0)
      "PromptOnSecureDesktop"= 0 (0x0)
      .
      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
      Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
      "HKLM"=c:\windows\system\system.exe
      "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
      "HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
      "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
      "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
      "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
      .
      R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
      R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
      R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
      R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
      R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
      R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
      R3 ALSysIO;ALSysIO;c:\users\Leo\AppData\Local\Temp\ALSysIO64.sys [x]
      R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
      R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [x]
      R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-21 99384]
      R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
      R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
      R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088]
      R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
      R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
      R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
      R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
      R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
      R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
      R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
      R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
      R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
      R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
      R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2012-04-15 51776]
      R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-21 203320]
      R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
      R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
      R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
      R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]
      R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-15 1255736]
      R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
      R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
      R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-06 868848]
      R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
      S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-01-25 63760]
      S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-08 139704]
      S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
      S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-01-25 55056]
      S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-01-25 61712]
      S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
      S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
      S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
      S2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-08-02 159232]
      S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-08 163888]
      S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-04-08 810120]
      S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-08 124760]
      S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
      S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-01-25 931640]
      S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-08-07 548264]
      S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
      S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-07-15 741624]
      S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
      S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 30568]
      S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
      S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
      S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
      S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
      S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]
      S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]
      S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
      .
      .
      --- Other Services/Drivers In Memory ---
      .
      *NewlyCreated* - WS2IFSL
      .
      [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
      .
      Contents of the 'Scheduled Tasks' folder
      .
      2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
      - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 03:08]
      .
      2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 01:11]
      .
      2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 01:11]
      .
      2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-426816942-16390753-694045178-1001Core.job
      - c:\users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 17:59]
      .
      2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-426816942-16390753-694045178-1001UA.job
      - c:\users\Leo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-03 17:59]
      .
      .
      --------- X64 Entries -----------
      .
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
      2011-12-05 19:17 97792 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
      2011-12-05 19:17 97792 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
      2011-12-05 19:17 97792 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
      2011-12-05 19:17 97792 ----a-w- c:\users\Leo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
      "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-08 2839840]
      "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
      "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
      "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-30 3521464]
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "LoadAppInit_DLLs"=0x0
      .
      ------- Supplementary Scan -------
      .
      uLocal Page = c:\windows\system32\blank.htm
      mLocal Page = c:\windows\SysWOW64\blank.htm
      uInternet Settings,ProxyOverride = 192.168.*.*;*.local
      IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
      Trusted Zone: clonewarsadventures.com
      Trusted Zone: freerealms.com
      Trusted Zone: soe.com
      Trusted Zone: sony.com
      TCP: DhcpNameServer = 200.42.4.203 200.49.130.40
      FF - ProfilePath - c:\users\Leo\AppData\Roaming\Mozilla\Firefox\Profiles\tryy8m62.default\
      FF - user.js: network.http.max-persistent-connections-per-server - 4
      FF - user.js: nglayout.initialpaint.delay - 600
      FF - user.js: content.notify.interval - 600000
      FF - user.js: content.max.tokenizing.time - 1800000
      FF - user.js: content.switch.threshold - 600000
      .
      - - - - ORPHANS REMOVED - - - -
      .
      Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
      Wow6432Node-HKLM-Run-mumservice - c:\program files\Motorola\Software Update\mumservice.exe
      BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
      HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
      AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
      AddRemove-BattlEye for A2 - h:\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
      .
      .
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------
      .
      [HKEY_USERS\S-1-5-21-426816942-16390753-694045178-1001\Software\SecuROM\License information*]
      "datasecu"=hex:f0,7f,35,b5,29,a0,20,f2,8f,ba,6d,39,a3,97,43,47,12,ac,dd,c7,2e,
      78,40,b0,a6,dc,a5,12,e9,1f,0e,6b,04,b7,83,e6,6f,e9,d5,a9,38,da,e3,4a,fa,14,\
      "rkeysecu"=hex:e7,be,44,82,89,9c,9c,e0,7b,e4,ac,38,1d,44,fa,46
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
      @Denied: (A 2) (Everyone)
      @="FlashBroker"
      "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
      "Enabled"=dword:00000001
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
      @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Shockwave Flash Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
      @="0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
      @="ShockwaveFlash.ShockwaveFlash.10"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="ShockwaveFlash.ShockwaveFlash"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
      @Denied: (A 2) (Everyone)
      @="Macromedia Flash Factory Object"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
      @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
      "ThreadingModel"="Apartment"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
      @="FlashFactory.FlashFactory.1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
      @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
      @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
      @="1.0"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
      @="FlashFactory.FlashFactory"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
      @Denied: (A 2) (Everyone)
      @="IFlashBroker3"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
      @="{00020424-0000-0000-C000-000000000046}"
      .
      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
      "Version"="1.0"
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
      @Denied: (A) (Users)
      @Denied: (A) (Everyone)
      @Allowed: (B 1 2 3 4 5) (S-1-5-20)
      "BlindDial"=dword:00000000
      .
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
      @Denied: (Full) (Everyone)
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      c:\program files (x86)\Bonjour\mDNSResponder.exe
      c:\windows\SysWOW64\PnkBstrA.exe
      c:\windows\SysWOW64\PnkBstrB.exe
      c:\program files (x86)\Planex\Common\RalinkRegistryWriter.exe
      c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
      c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
      c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
      c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
      .
      **************************************************************************
      .
      Completion time: 2012-09-09 11:05:58 - machine was rebooted
      ComboFix-quarantined-files.txt 2012-09-09 14:05
      .
      Pre-Run: 35,316,404,224 bytes free
      Post-Run: 39,008,477,184 bytes free
      .
      - - End Of File - - B4CA6BCA0D789EEE5271BC9EE3E0CFC8




      Ahora mejore el rendimiento de la PC, antes en el escritoria hacia click derecho y tardaba en aparecer el menú.

      Pero cuando reinicio la PC, luego del amalisis con Combofix NOd32 sifue registrando el troyano.
      Otra cosa que noté es que los navegadores sigue estando super lentos.

      Otra cosa es que tampoco puedo entrar a MY Documents o Application Data, me dice que necesito permisos y soy administrador.

      Alguna idea sobre esto?
      Puse el log arriba.

      Otra vez, perdon por el doble post. Pero quedo perdido un paginas atras.

    6. #6
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      Re: Win32/Olmarik.TDL4 Troyano

      Hola de nuevo,

      Cita Originalmente publicado por Siemnok Ver Mensaje
      Alguna idea sobre esto?
      Puse el log arriba.

      Otra vez, perdon por el doble post. Pero quedo perdido un paginas atras.
      No importa que se acumulen en las páginas del foro, yo lo tengo en mis suscripciones, por lo que no se pierde

      Realiza lo siguiente:

      Descarga AswMBR.exe a Tu escritorio.

      • Haz doble clic en AswMBR.exe para ejecutarlo.


      • Haz clic en el botón "Scan" para empezar la búsqueda.



      • Guarda el reporte aswASW.log en el escritorio.


      En Tu próxima respuesta, pones el reporte generado.

      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de Siemnok
      Registrado
      sep 2012
      Ubicación
      Buenos Aires
      Mensajes
      4

      Re: Win32/Olmarik.TDL4 Troyano

      Hola Xtreme, gracias por responder:

      No puedo correr la tool, si quiero correr el exe, no pasa nada. También probé lanzarlo desde la consola de windows y nada.

      Lo tendría que hacer en modo a prueba de fallos?

    8. #8
      Ex-Colaborador Avatar de Xtreme Hero
      Registrado
      dic 2010
      Ubicación
      España
      Mensajes
      9.014

      Re: Win32/Olmarik.TDL4 Troyano

      Hola de nuevo,

      Perdona por el retraso. Puede que mis respuestas se alarguen en días durante este mes.

      Por favor, pruébala en modo a prueba de fallos.

      Salu2
      Lucha Hasta El Final

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.