Logfile of random's system information tool 1.06 (written by random/random)
Run by Chyno at 2010-01-05 09:56:03
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (38%) free of 38 GB
Total RAM: 503 MB (11% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:18, on 5. 1. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\qtplugin.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\uTorrent\utorrent.exe
C:\ComplexWebServer\apache\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ComplexWebServer\mysql\bin\mysqld-nt.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\ComplexWebServer\apache\bin\apache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\wincmd\TOTALCMD.EXE
C:\ComplexWebServer\http_docs\RSIT.exe
C:\Program Files\trend micro\Chyno.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe wjqd.rqo avqbc
O3 - Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - (no file)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LFAgent] C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe -start
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [uTorrent] "c:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [instanteyedropper] "C:\Program Files\InstantEyedropper\InstantEyedropper.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.sk/comp/Signersk.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0033171328
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DF08C82-196D-4047-B65B-C14A0570A32F}: NameServer = 192.168.1.1,4.2.2.5
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: CWS_Apache_80 - Apache Software Foundation - C:\ComplexWebServer\apache\bin\apache.exe
O23 - Service: CWS_Apache_8080 - Apache Software Foundation - C:\ComplexWebServer\apache\bin\apache.exe
O23 - Service: CWS_MySQL_3306 - Unknown owner - C:\ComplexWebServer\mysql\bin\mysqld-nt.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
--
End of file - 6591 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008UA.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{35065594-9169-4A34-B167-FC4865038E53}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"LFAgent"=C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe [2005-09-24 566272]
"RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe [2010-01-04 305152]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"uTorrent"=c:\Program Files\uTorrent\utorrent.exe [2009-02-05 270128]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"instanteyedropper"=C:\Program Files\InstantEyedropper\InstantEyedropper.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\µTorrent\utorrent.exe"="C:\Program Files\µTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\uTorrent.exe"="C:\Program Files\uTorrent.exe:*:Disabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Disabled:ICQ6"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2010-01-04 22:10:00 ----AC---- C:\WINDOWS\system32\qtplugin.exe
2010-01-04 15:03:41 ----DC---- C:\řš
2009-12-19 21:21:47 ----AC---- C:\WINDOWS\IE4 Error Log.txt
2009-12-19 21:21:20 ----AC---- C:\WINDOWS\iexplore.ini
2009-12-19 21:19:01 ----DC---- C:\Program Files\MultipleIEs
2009-12-17 21:35:57 ----AC---- C:\WINDOWS\tdlp32.ini
2009-12-17 21:32:01 ----DC---- C:\Program Files\Xara
2009-12-17 21:32:01 ----DC---- C:\Program Files\Common Files\Xara
2009-12-11 18:55:46 ----DC---- C:\Program Files\Atomic Bomberman
2009-12-06 17:46:45 ----DC---- C:\rsit
======List of files/folders modified in the last 1 months======
2010-01-05 09:56:09 ----DC---- C:\Program Files\trend micro
2010-01-05 09:56:03 ----DC---- C:\WINDOWS\Prefetch
2010-01-05 09:54:51 ----AC---- C:\WINDOWS\wincmd.ini
2010-01-05 09:54:39 ----DC---- C:\WINDOWS\temp
2010-01-05 09:51:14 ----DC---- C:\WINDOWS\system32\ias
2010-01-05 09:50:33 ----DC---- C:\WINDOWS\system32\CatRoot2
2010-01-04 22:38:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-04 22:37:41 ----DC---- C:\Documents and Settings\Chyno\Application Data\uTorrent
2010-01-04 22:10:00 ----DC---- C:\WINDOWS\system32
2010-01-04 20:52:29 ----AC---- C:\WINDOWS\wcx_ftp.ini
2010-01-04 19:53:36 ----DC---- C:\Program Files\Mozilla Firefox
2010-01-04 17:35:30 ----DC---- C:\Program Files\Opera
2010-01-04 15:32:55 ----AC---- C:\WINDOWS\WDICT32.INI
2009-12-31 16:47:58 ----DC---- C:\Program Files\PS Pad
2009-12-27 13:49:47 ----DC---- C:\A-Foto Olympus
2009-12-25 17:08:36 ----SDC---- C:\WINDOWS\Downloaded Program Files
2009-12-20 21:06:46 ----DC---- C:\WINDOWS
2009-12-19 21:19:01 ----DC---- C:\Program Files
2009-12-17 21:32:31 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-12-17 21:32:01 ----DC---- C:\Program Files\Common Files
2009-12-17 21:31:26 ----DC---- C:\Program Files\Common Files\InstallShield
2009-12-17 18:28:47 ----RSDC---- C:\WINDOWS\Fonts
2009-12-13 16:50:35 ----AC---- C:\WINDOWS\win.ini
2009-12-12 10:32:34 ----DC---- C:\_Odkazy_
2009-12-12 10:30:51 ----DC---- C:\ComplexWebServer
2009-12-07 17:42:47 ----DC---- C:\WINDOWS\system32\ShellExt
2009-12-07 17:42:08 ----SHDC---- C:\WINDOWS\Installer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 LF30FS;LF30FS; \??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys []
R2 WinFLdrv;WinFLdrv; C:\WINDOWS\system32\WinFLdrv.sys [2009-11-30 10752]
R2 WinVd32;WinVd32; \??\C:\WINDOWS\system32\WinVd32.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-03-31 16640]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2004-03-31 30235]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-04 25280]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-06-08 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-06 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 BT848;CxVCap, WDM Video Capture; C:\WINDOWS\system32\drivers\cxvcap.sys [2002-03-12 107200]
S2 BTTUNER;BtTuner, WDM TvTuner; C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-03-08 18944]
S2 BTXBAR;BtXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\BTXBAR.sys [1999-07-22 13308]
S2 CXXBAR;CxXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\CXXBAR.sys [2002-03-12 15696]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-13 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-13 78496]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2004-03-31 146684]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-03-31 52856]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-01-08 223128]
S3 GMSIPCI;GMSIPCI; \??\R:\INSTALL\GMSIPCI.SYS []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\System32\DRIVERS\k750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\System32\DRIVERS\k750obex.sys [2007-05-24 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PSTRIP;PSTRIP; \??\C:\WINDOWS\System32\DRIVERS\PSTRIP.SYS []
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-06-29 72704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe [2004-03-31 135168]
R2 CWS_Apache_80;CWS_Apache_80; C:\ComplexWebServer\apache\bin\apache.exe [2005-10-09 20541]
R2 CWS_MySQL_3306;CWS_MySQL_3306; C:\ComplexWebServer\mysql\bin\mysqld-nt.exe [2006-11-06 3604480]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-27 152984]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-02-01 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 CWS_Apache_8080;CWS_Apache_8080; C:\ComplexWebServer\apache\bin\apache.exe [2005-10-09 20541]
S2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-01 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-02-01 360192]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
Ahoj.
1) Pouzi >>toto<<.
2) Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users", "Lop" aj "Purity Check" a "File Scan" zmen na 7 dni miesto 30. Do policka pod nazvom "Custom Scans/Fixes" skopiruj:
Potom klikni na "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.
1) Pouzi >>toto<<.
2) Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users", "Lop" aj "Purity Check" a "File Scan" zmen na 7 dni miesto 30. Do policka pod nazvom "Custom Scans/Fixes" skopiruj:
Kód: Vybrat vše
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
CREATERESTOREPOINTJa som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
EOlmarikRemover.exe hlasi "Unable to clean the rootkit"
OTL.Txt:
OTL logfile created on: 5. 1. 2010 11:10:54 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Chyno\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041b | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy
503,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 41,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 14,29 Gb Free Space | 38,35% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 103,09 Gb Free Space | 92,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 4,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PC_COMPAQ
Current User Name: Chyno
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.01.05 11:06:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
PRC - [2010.01.04 22:09:54 | 00,305,152 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\qtplugin.exe
PRC - [2009.11.20 19:01:18 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009.06.29 06:47:05 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009.05.14 14:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.05.14 14:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.04.13 19:00:46 | 04,327,936 | ---- | M] (Prog-Soft s.r.o.) -- C:\Program Files\PS Pad\PSPad.exe
PRC - [2009.02.05 19:30:00 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\utorrent.exe
PRC - [2009.02.01 13:36:40 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008.12.27 18:24:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008.10.01 10:12:36 | 00,691,748 | ---- | M] (C. Ghisler & Co.) -- C:\wincmd\TOTALCMD.EXE
PRC - [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007.09.02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007.06.13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.13 19:29:00 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006.11.06 15:24:36 | 03,604,480 | ---- | M] () -- C:\ComplexWebServer\mysql\bin\mysqld-nt.exe
PRC - [2005.10.09 18:17:00 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\ComplexWebServer\apache\bin\Apache.exe
PRC - [2005.09.24 17:40:54 | 00,566,272 | ---- | M] (Everstrike Software) -- C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe
PRC - [2004.03.31 16:13:32 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
========== Modules (SafeList) ==========
MOD - [2010.01.05 11:06:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
MOD - [2007.09.02 13:57:36 | 00,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2004.08.04 08:57:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009.07.24 19:31:59 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009.06.29 06:47:05 | 00,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.05.14 14:54:22 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 14:47:54 | 00,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.02.01 13:36:40 | 00,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.02.01 13:36:34 | 00,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.01.01 12:38:04 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.12.27 18:24:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008.12.11 13:31:36 | 00,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.11.20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.06.15 15:55:00 | 00,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.11.06 15:24:36 | 03,604,480 | ---- | M] () [Auto | Running] -- C:\ComplexWebServer\mysql\bin\mysqld-nt.exe -- (CWS_MySQL_3306)
SRV - [2006.09.29 11:48:06 | 00,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2005.10.09 18:17:00 | 00,020,541 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\ComplexWebServer\apache\bin\apache.exe -- (CWS_Apache_8080)
SRV - [2005.10.09 18:17:00 | 00,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\ComplexWebServer\apache\bin\apache.exe -- (CWS_Apache_80)
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.03.31 16:13:32 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) [Auto | Running] -- C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2003.07.28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Disabled | Running] -- -- (EOlmarikFix)
DRV - [2009.11.30 00:02:25 | 00,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\WinVd32.sys -- (WinVd32)
DRV - [2009.11.30 00:02:16 | 00,010,752 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2009.05.14 14:49:26 | 00,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.05.14 14:49:26 | 00,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.05.14 14:49:22 | 00,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.05.14 14:47:14 | 00,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 14:41:10 | 00,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.03.04 20:50:19 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.10.07 23:23:04 | 00,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008.04.17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007.11.16 10:55:00 | 00,165,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2007.11.13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007.06.08 19:55:57 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (Pcouffin)
DRV - [2007.05.24 12:30:40 | 00,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2007.02.22 10:15:56 | 00,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.02.22 10:15:14 | 00,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007.02.22 10:15:14 | 00,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007.02.22 10:15:14 | 00,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006.08.25 04:47:00 | 00,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006.01.08 19:19:53 | 00,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006.01.08 19:18:16 | 00,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005.11.06 14:05:48 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005.09.29 18:01:51 | 00,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.09.01 11:03:04 | 00,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\imagedrv.sys -- (Imagedrv)
DRV - [2005.08.10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.07.07 15:26:04 | 00,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005.07.07 15:26:00 | 00,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.07.07 15:25:58 | 00,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.07.07 15:25:52 | 00,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.06.21 17:12:34 | 00,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005.05.16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.11.19 18:07:00 | 00,101,488 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys -- (LF30FS)
DRV - [2004.08.04 06:59:42 | 00,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004.05.13 14:00:04 | 00,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 12:19:36 | 00,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.03.31 16:13:34 | 00,016,640 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004.03.31 16:13:32 | 00,146,684 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004.03.31 16:13:32 | 00,052,856 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.03.31 16:13:32 | 00,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004.03.31 16:13:30 | 01,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003.12.01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 13:22:08 | 00,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.05.27 16:05:42 | 00,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003.03.13 17:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2003.03.13 11:14:28 | 00,112,288 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003.03.13 11:14:16 | 00,078,496 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002.03.12 01:08:48 | 00,107,200 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cxvcap.sys -- (BT848)
DRV - [2002.03.12 01:08:48 | 00,015,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cxxbar.sys -- (CXXBAR)
DRV - [2001.08.23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001.08.23 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2001.03.08 03:30:00 | 00,018,944 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\bttuner.sys -- (BTTUNER)
DRV - [1999.07.22 02:28:00 | 00,013,308 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\btxbar.sys -- (BTXBAR)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DigitalPowered Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://localhost/"
FF - prefs.js..extensions.enabledItems: {b317125e-2f10-4388-bf1f-2c31c6cd89ed}:2.0.4.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {cc409fe8-42b4-405b-a9fa-02dfcffbedde}:1.5.8.6
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.1
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.19 14:21:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.19 14:21:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.08.25 14:57:23 | 00,000,000 | ---D | M]
[2008.08.26 14:13:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Extensions
[2009.11.08 18:59:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions
[2009.11.08 18:59:26 | 00,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009.04.24 18:29:54 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions\{cc409fe8-42b4-405b-a9fa-02dfcffbedde}
[2009.09.30 21:29:25 | 00,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009.05.27 00:13:54 | 00,000,890 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\conduit.xml
[2010.12.31 15:12:33 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-1.xml
[2008.12.31 21:05:37 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-2.xml
[2009.02.17 09:55:39 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-3.xml
[2009.03.18 10:17:33 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-4.xml
[2009.12.26 10:03:39 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-5.xml
[2008.12.15 15:45:18 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin.xml
[2009.11.08 18:59:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.28 13:02:10 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.06.10 19:01:47 | 00,000,000 | ---D | M] (DigitalPowered Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}
[2009.12.19 14:21:40 | 00,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2009.12.19 14:21:40 | 00,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2009.12.19 14:21:40 | 00,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2009.12.19 14:21:40 | 00,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2009.12.19 14:21:40 | 00,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml
O1 HOSTS File: (698 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\WebBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [LFAgent] C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe (Everstrike Software)
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe (Nero AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-343818398-179605362-839522115-1008..\Run: [instanteyedropper] C:\Program Files\InstantEyedropper\InstantEyedropper.exe File not found
O4 - HKU\S-1-5-21-343818398-179605362-839522115-1008..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-343818398-179605362-839522115-1008..\Run: [uTorrent] c:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} https://ib24.csob.sk/comp/Signersk.cab (SigVer Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0033171328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 5253009259 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D10CDB6E-AE6D-27CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/ ... earadj.cab (CTAdjust Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (wjqd.rqo) - File not found
O20 - HKLM Winlogon: Shell - (avqbc) - File not found
O20 - HKLM Winlogon: UIHost - (C:\Documents) - C:\Documents [2006.06.18 17:20:58 | 00,000,000 | R--D | M]
O20 - HKLM Winlogon: UIHost - (and) - File not found
O20 - HKLM Winlogon: UIHost - (Settings\All) - File not found
O20 - HKLM Winlogon: UIHost - (Users\Application) - File not found
O20 - HKLM Winlogon: UIHost - (Data\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Software\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Utilities\WinStyler\tu_logonui.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuálna domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.01.05 09:51:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54891125151891456)
========== Files/Folders - Created Within 7 Days ==========
[2010.01.05 11:06:09 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
[2010.01.05 11:06:00 | 00,328,032 | ---- | C] (ESET spol. s r.o.) -- C:\Documents and Settings\Chyno\Desktop\EOlmarikRemover.exe
[2010.01.04 22:10:00 | 00,305,152 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\qtplugin.exe
[2010.01.04 15:03:41 | 00,000,000 | ---D | C] -- C:\řš
[2009.08.23 10:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.05.17 11:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009.04.01 16:38:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009.01.04 17:48:17 | 12,717,920 | ---- | C] (Intel ) -- C:\Program Files\PRO2KXP_v13_4.exe
[2007.03.22 17:03:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2003.10.06 00:22:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
========== Files - Modified Within 7 Days ==========
[2010.01.05 11:06:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
[2010.01.05 11:06:00 | 00,328,032 | ---- | M] (ESET spol. s r.o.) -- C:\Documents and Settings\Chyno\Desktop\EOlmarikRemover.exe
[2010.01.05 11:00:00 | 00,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.01.05 11:00:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Úklid 1 kliknutím.job
[2010.01.05 10:54:03 | 00,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008UA.job
[2010.01.05 09:54:51 | 00,004,100 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.01.05 09:50:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.05 09:49:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.05 09:49:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.04 22:38:53 | 07,077,888 | ---- | M] () -- C:\Documents and Settings\Chyno\NTUSER.DAT
[2010.01.04 22:38:33 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Chyno\ntuser.ini
[2010.01.04 22:09:54 | 00,305,152 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\qtplugin.exe
[2010.01.04 21:33:37 | 00,072,154 | -H-- | M] () -- C:\TREEINFO.WC
[2010.01.04 20:52:29 | 00,001,105 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010.01.04 15:32:55 | 00,003,289 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.01.03 22:54:03 | 00,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008Core.job
[2010.01.02 21:52:01 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Chyno\PUTTY.RND
[2009.12.30 21:23:51 | 00,003,268 | ---- | M] () -- C:\Documents and Settings\Chyno\My Documents\admin
========== Files Created - No Company Name ==========
[2009.12.30 21:23:50 | 00,003,268 | ---- | C] () -- C:\Documents and Settings\Chyno\My Documents\admin
[2009.12.19 21:21:20 | 00,003,623 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2009.12.17 21:35:57 | 00,000,031 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2009.11.30 00:02:25 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2009.09.30 21:35:58 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.09.15 21:35:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SpeechPad.INI
[2009.08.23 10:09:26 | 00,013,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\oxunolaha.dl
[2009.08.23 10:09:25 | 00,016,708 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\guvunav._sy
[2009.08.23 10:09:25 | 00,014,612 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\enuku.lib
[2009.08.20 20:21:23 | 00,016,989 | ---- | C] () -- C:\Documents and Settings\Chyno\Application Data\fymitafuh.db
[2009.08.20 20:21:21 | 00,019,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\laxegecyd.ban
[2009.07.27 20:11:46 | 00,000,107 | ---- | C] () -- C:\WINDOWS\winradio.ini
[2009.07.26 19:36:03 | 00,000,871 | ---- | C] () -- C:\Documents and Settings\Chyno\Application Data\coreavc.ini
[2009.07.07 20:33:28 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Chyno\Application Data\NMM-MetaData.db
[2009.05.27 20:08:44 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.04.16 22:52:48 | 02,076,672 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2009.04.16 22:52:48 | 00,166,912 | ---- | C] () -- C:\WINDOWS\System32\libmcrypt.dll
[2008.12.28 13:24:36 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.09.28 14:00:52 | 00,000,048 | ---- | C] () -- C:\WINDOWS\APCBT.ini
[2008.09.13 10:15:42 | 00,001,105 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.08.27 21:02:50 | 00,004,100 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.07.25 14:46:38 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Chyno\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.06 09:23:45 | 00,177,152 | ---- | C] () -- C:\Program Files\uTorrent.exe
[2008.02.05 13:28:20 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\Chyno\Local Settings\Application Data\setup.txt
[2007.06.11 14:44:59 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.03.29 22:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007.01.30 18:12:15 | 00,265,512 | R--- | C] () -- C:\WINDOWS\System32\drivers\BT848.sys
[2007.01.10 07:44:26 | 01,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006.11.27 18:24:18 | 00,002,407 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006.11.05 16:07:09 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006.10.12 19:21:46 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2006.10.10 19:42:11 | 00,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2006.09.28 13:51:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.28 13:39:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\dbgout.INI
[2006.05.22 06:11:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mpegableX4live.INI
[2006.01.18 17:17:53 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.01.08 19:18:16 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006.01.08 19:18:16 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0829.sys
[2006.01.04 20:15:47 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006.01.04 20:15:47 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005.12.27 15:04:37 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005.12.18 13:52:01 | 00,003,645 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2005.12.18 13:52:01 | 00,000,028 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2005.12.18 13:51:59 | 00,003,289 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2005.12.06 17:00:33 | 00,001,969 | ---- | C] () -- C:\WINDOWS\level.ini
[2005.11.28 17:56:59 | 00,544,724 | ---- | C] () -- C:\WINDOWS\System32\RWDL6DHW.DLL
[2005.11.13 19:55:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005.10.14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.06.19 20:05:05 | 00,008,630 | ---- | C] () -- C:\WINDOWS\System32\datkkq32.dll
[2005.05.29 02:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2004.03.31 16:13:32 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2004.03.31 16:13:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004.03.31 16:13:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2004.03.31 16:13:32 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2004.03.31 16:13:30 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2004.03.31 16:13:30 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2004.03.31 16:13:30 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004.02.15 09:55:53 | 00,000,333 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004.02.15 09:54:34 | 00,001,677 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004.01.04 14:15:24 | 00,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004.01.01 14:15:26 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003.11.28 22:59:18 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003.11.28 22:59:18 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003.11.28 22:59:18 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003.01.07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.08.29 04:41:00 | 00,004,032 | ---- | C] () -- C:\WINDOWS\boot.sys
[2002.03.21 15:39:02 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.20 22:01:06 | 00,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1998.03.22 13:50:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
========== LOP Check ==========
[2005.11.06 14:05:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009.08.14 22:59:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009.06.29 06:57:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2006.01.07 18:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games
[2009.01.31 13:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009.05.17 11:10:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008.12.28 13:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.07.07 20:22:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006.09.28 13:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\My Pictures
[2005.11.13 17:40:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground Demo
[2006.11.27 19:07:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009.07.07 20:30:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007.02.06 15:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2009.06.18 20:05:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2005.07.01 11:38:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SME Kuramatic
[2009.08.22 08:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.02.01 13:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008.12.25 20:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009.02.01 13:34:42 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.11.30 00:10:59 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Chyno\Application Data\.#
[2009.09.15 21:25:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Acapela Group
[2008.07.07 23:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ACD Systems
[2009.01.31 21:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\CoSoSys
[2009.05.17 11:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ESET
[2008.11.04 21:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Free&Easy Font Viewer
[2009.01.04 12:15:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ICQ
[2008.07.28 13:25:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ICQLite
[2008.12.06 15:36:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\LimeWire
[2009.12.01 16:40:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Nokia
[2009.07.27 14:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Nokia Multimedia Player
[2008.10.09 23:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Opera
[2009.12.01 16:37:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\PC Suite
[2009.05.17 21:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Radical Software Ltd
[2009.02.01 13:36:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\TuneUp Software
[2009.01.31 13:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Uniblue
[2010.01.05 11:20:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\uTorrent
[2009.04.12 10:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Vso
[2009.01.01 15:01:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\X-Chat 2
[2009.07.28 19:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Xilisoft Corporation
[2006.05.30 22:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\ACD Systems
[2006.09.05 11:28:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\Ascaron Entertainment
[2009.07.29 13:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\ESET
[2009.04.17 18:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\ICQ
[2009.04.05 20:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ľuboš\Application Data\ACD Systems
[2010.01.05 11:00:00 | 00,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010.01.05 11:00:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\Úklid 1 kliknutím.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004.08.04 08:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.04 08:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 08:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\cache\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004.08.04 08:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.04 08:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 08:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009.02.06 19:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004.08.04 08:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.04 08:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 08:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004.08.04 06:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.04 06:59:42 | 00,095,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002.08.29 02:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004.08.04 07:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.04 07:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
< %SYSTEMDRIVE%\viamraid.sys /s /md5 >
< %SYSTEMDRIVE%\nvata.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
OTL.Txt:
OTL logfile created on: 5. 1. 2010 11:10:54 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Chyno\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041b | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy
503,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 41,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 14,29 Gb Free Space | 38,35% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 103,09 Gb Free Space | 92,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 4,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PC_COMPAQ
Current User Name: Chyno
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.01.05 11:06:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
PRC - [2010.01.04 22:09:54 | 00,305,152 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\qtplugin.exe
PRC - [2009.11.20 19:01:18 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009.06.29 06:47:05 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009.05.14 14:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.05.14 14:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.04.13 19:00:46 | 04,327,936 | ---- | M] (Prog-Soft s.r.o.) -- C:\Program Files\PS Pad\PSPad.exe
PRC - [2009.02.05 19:30:00 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\utorrent.exe
PRC - [2009.02.01 13:36:40 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008.12.27 18:24:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008.10.01 10:12:36 | 00,691,748 | ---- | M] (C. Ghisler & Co.) -- C:\wincmd\TOTALCMD.EXE
PRC - [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007.09.02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007.06.13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.13 19:29:00 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006.11.06 15:24:36 | 03,604,480 | ---- | M] () -- C:\ComplexWebServer\mysql\bin\mysqld-nt.exe
PRC - [2005.10.09 18:17:00 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\ComplexWebServer\apache\bin\Apache.exe
PRC - [2005.09.24 17:40:54 | 00,566,272 | ---- | M] (Everstrike Software) -- C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe
PRC - [2004.03.31 16:13:32 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
========== Modules (SafeList) ==========
MOD - [2010.01.05 11:06:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
MOD - [2007.09.02 13:57:36 | 00,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2004.08.04 08:57:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - [2009.07.24 19:31:59 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009.06.29 06:47:05 | 00,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.05.14 14:54:22 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 14:47:54 | 00,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.02.01 13:36:40 | 00,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.02.01 13:36:34 | 00,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.01.01 12:38:04 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.12.27 18:24:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008.12.11 13:31:36 | 00,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.11.20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.06.15 15:55:00 | 00,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.11.06 15:24:36 | 03,604,480 | ---- | M] () [Auto | Running] -- C:\ComplexWebServer\mysql\bin\mysqld-nt.exe -- (CWS_MySQL_3306)
SRV - [2006.09.29 11:48:06 | 00,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2005.10.09 18:17:00 | 00,020,541 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\ComplexWebServer\apache\bin\apache.exe -- (CWS_Apache_8080)
SRV - [2005.10.09 18:17:00 | 00,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\ComplexWebServer\apache\bin\apache.exe -- (CWS_Apache_80)
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.03.31 16:13:32 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) [Auto | Running] -- C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2003.07.28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Disabled | Running] -- -- (EOlmarikFix)
DRV - [2009.11.30 00:02:25 | 00,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\WinVd32.sys -- (WinVd32)
DRV - [2009.11.30 00:02:16 | 00,010,752 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2009.05.14 14:49:26 | 00,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.05.14 14:49:26 | 00,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.05.14 14:49:22 | 00,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.05.14 14:47:14 | 00,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 14:41:10 | 00,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.03.04 20:50:19 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.10.07 23:23:04 | 00,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008.04.17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007.11.16 10:55:00 | 00,165,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2007.11.13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007.06.08 19:55:57 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (Pcouffin)
DRV - [2007.05.24 12:30:40 | 00,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2007.02.22 10:15:56 | 00,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.02.22 10:15:14 | 00,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007.02.22 10:15:14 | 00,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007.02.22 10:15:14 | 00,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006.08.25 04:47:00 | 00,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006.01.08 19:19:53 | 00,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006.01.08 19:18:16 | 00,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005.11.06 14:05:48 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005.09.29 18:01:51 | 00,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.09.01 11:03:04 | 00,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\imagedrv.sys -- (Imagedrv)
DRV - [2005.08.10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.07.07 15:26:04 | 00,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005.07.07 15:26:00 | 00,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.07.07 15:25:58 | 00,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.07.07 15:25:52 | 00,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.06.21 17:12:34 | 00,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005.05.16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.11.19 18:07:00 | 00,101,488 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys -- (LF30FS)
DRV - [2004.08.04 06:59:42 | 00,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004.05.13 14:00:04 | 00,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 12:19:36 | 00,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.03.31 16:13:34 | 00,016,640 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004.03.31 16:13:32 | 00,146,684 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004.03.31 16:13:32 | 00,052,856 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.03.31 16:13:32 | 00,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004.03.31 16:13:30 | 01,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003.12.01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 13:22:08 | 00,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.05.27 16:05:42 | 00,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003.03.13 17:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2003.03.13 11:14:28 | 00,112,288 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003.03.13 11:14:16 | 00,078,496 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002.03.12 01:08:48 | 00,107,200 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cxvcap.sys -- (BT848)
DRV - [2002.03.12 01:08:48 | 00,015,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cxxbar.sys -- (CXXBAR)
DRV - [2001.08.23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001.08.23 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2001.03.08 03:30:00 | 00,018,944 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\bttuner.sys -- (BTTUNER)
DRV - [1999.07.22 02:28:00 | 00,013,308 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\btxbar.sys -- (BTXBAR)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DigitalPowered Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://localhost/"
FF - prefs.js..extensions.enabledItems: {b317125e-2f10-4388-bf1f-2c31c6cd89ed}:2.0.4.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {cc409fe8-42b4-405b-a9fa-02dfcffbedde}:1.5.8.6
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.1
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.19 14:21:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.19 14:21:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.08.25 14:57:23 | 00,000,000 | ---D | M]
[2008.08.26 14:13:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Extensions
[2009.11.08 18:59:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions
[2009.11.08 18:59:26 | 00,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009.04.24 18:29:54 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions\{cc409fe8-42b4-405b-a9fa-02dfcffbedde}
[2009.09.30 21:29:25 | 00,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009.05.27 00:13:54 | 00,000,890 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\conduit.xml
[2010.12.31 15:12:33 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-1.xml
[2008.12.31 21:05:37 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-2.xml
[2009.02.17 09:55:39 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-3.xml
[2009.03.18 10:17:33 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-4.xml
[2009.12.26 10:03:39 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-5.xml
[2008.12.15 15:45:18 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin.xml
[2009.11.08 18:59:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.28 13:02:10 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.06.10 19:01:47 | 00,000,000 | ---D | M] (DigitalPowered Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}
[2009.12.19 14:21:40 | 00,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2009.12.19 14:21:40 | 00,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2009.12.19 14:21:40 | 00,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2009.12.19 14:21:40 | 00,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2009.12.19 14:21:40 | 00,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml
O1 HOSTS File: (698 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\WebBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [LFAgent] C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe (Everstrike Software)
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe (Nero AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-343818398-179605362-839522115-1008..\Run: [instanteyedropper] C:\Program Files\InstantEyedropper\InstantEyedropper.exe File not found
O4 - HKU\S-1-5-21-343818398-179605362-839522115-1008..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-343818398-179605362-839522115-1008..\Run: [uTorrent] c:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} https://ib24.csob.sk/comp/Signersk.cab (SigVer Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0033171328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 5253009259 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D10CDB6E-AE6D-27CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/ ... earadj.cab (CTAdjust Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (wjqd.rqo) - File not found
O20 - HKLM Winlogon: Shell - (avqbc) - File not found
O20 - HKLM Winlogon: UIHost - (C:\Documents) - C:\Documents [2006.06.18 17:20:58 | 00,000,000 | R--D | M]
O20 - HKLM Winlogon: UIHost - (and) - File not found
O20 - HKLM Winlogon: UIHost - (Settings\All) - File not found
O20 - HKLM Winlogon: UIHost - (Users\Application) - File not found
O20 - HKLM Winlogon: UIHost - (Data\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Software\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Utilities\WinStyler\tu_logonui.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuálna domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.01.05 09:51:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54891125151891456)
========== Files/Folders - Created Within 7 Days ==========
[2010.01.05 11:06:09 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
[2010.01.05 11:06:00 | 00,328,032 | ---- | C] (ESET spol. s r.o.) -- C:\Documents and Settings\Chyno\Desktop\EOlmarikRemover.exe
[2010.01.04 22:10:00 | 00,305,152 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\qtplugin.exe
[2010.01.04 15:03:41 | 00,000,000 | ---D | C] -- C:\řš
[2009.08.23 10:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.05.17 11:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009.04.01 16:38:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009.01.04 17:48:17 | 12,717,920 | ---- | C] (Intel ) -- C:\Program Files\PRO2KXP_v13_4.exe
[2007.03.22 17:03:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2003.10.06 00:22:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
========== Files - Modified Within 7 Days ==========
[2010.01.05 11:06:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
[2010.01.05 11:06:00 | 00,328,032 | ---- | M] (ESET spol. s r.o.) -- C:\Documents and Settings\Chyno\Desktop\EOlmarikRemover.exe
[2010.01.05 11:00:00 | 00,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.01.05 11:00:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Úklid 1 kliknutím.job
[2010.01.05 10:54:03 | 00,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008UA.job
[2010.01.05 09:54:51 | 00,004,100 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.01.05 09:50:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.05 09:49:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.05 09:49:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.04 22:38:53 | 07,077,888 | ---- | M] () -- C:\Documents and Settings\Chyno\NTUSER.DAT
[2010.01.04 22:38:33 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Chyno\ntuser.ini
[2010.01.04 22:09:54 | 00,305,152 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\qtplugin.exe
[2010.01.04 21:33:37 | 00,072,154 | -H-- | M] () -- C:\TREEINFO.WC
[2010.01.04 20:52:29 | 00,001,105 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010.01.04 15:32:55 | 00,003,289 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.01.03 22:54:03 | 00,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008Core.job
[2010.01.02 21:52:01 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Chyno\PUTTY.RND
[2009.12.30 21:23:51 | 00,003,268 | ---- | M] () -- C:\Documents and Settings\Chyno\My Documents\admin
========== Files Created - No Company Name ==========
[2009.12.30 21:23:50 | 00,003,268 | ---- | C] () -- C:\Documents and Settings\Chyno\My Documents\admin
[2009.12.19 21:21:20 | 00,003,623 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2009.12.17 21:35:57 | 00,000,031 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2009.11.30 00:02:25 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2009.09.30 21:35:58 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.09.15 21:35:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SpeechPad.INI
[2009.08.23 10:09:26 | 00,013,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\oxunolaha.dl
[2009.08.23 10:09:25 | 00,016,708 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\guvunav._sy
[2009.08.23 10:09:25 | 00,014,612 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\enuku.lib
[2009.08.20 20:21:23 | 00,016,989 | ---- | C] () -- C:\Documents and Settings\Chyno\Application Data\fymitafuh.db
[2009.08.20 20:21:21 | 00,019,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\laxegecyd.ban
[2009.07.27 20:11:46 | 00,000,107 | ---- | C] () -- C:\WINDOWS\winradio.ini
[2009.07.26 19:36:03 | 00,000,871 | ---- | C] () -- C:\Documents and Settings\Chyno\Application Data\coreavc.ini
[2009.07.07 20:33:28 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Chyno\Application Data\NMM-MetaData.db
[2009.05.27 20:08:44 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.04.16 22:52:48 | 02,076,672 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2009.04.16 22:52:48 | 00,166,912 | ---- | C] () -- C:\WINDOWS\System32\libmcrypt.dll
[2008.12.28 13:24:36 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.09.28 14:00:52 | 00,000,048 | ---- | C] () -- C:\WINDOWS\APCBT.ini
[2008.09.13 10:15:42 | 00,001,105 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.08.27 21:02:50 | 00,004,100 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.07.25 14:46:38 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Chyno\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.06 09:23:45 | 00,177,152 | ---- | C] () -- C:\Program Files\uTorrent.exe
[2008.02.05 13:28:20 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\Chyno\Local Settings\Application Data\setup.txt
[2007.06.11 14:44:59 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.03.29 22:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007.01.30 18:12:15 | 00,265,512 | R--- | C] () -- C:\WINDOWS\System32\drivers\BT848.sys
[2007.01.10 07:44:26 | 01,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006.11.27 18:24:18 | 00,002,407 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006.11.05 16:07:09 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006.10.12 19:21:46 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2006.10.10 19:42:11 | 00,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2006.09.28 13:51:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.28 13:39:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\dbgout.INI
[2006.05.22 06:11:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mpegableX4live.INI
[2006.01.18 17:17:53 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.01.08 19:18:16 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006.01.08 19:18:16 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0829.sys
[2006.01.04 20:15:47 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006.01.04 20:15:47 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005.12.27 15:04:37 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005.12.18 13:52:01 | 00,003,645 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2005.12.18 13:52:01 | 00,000,028 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2005.12.18 13:51:59 | 00,003,289 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2005.12.06 17:00:33 | 00,001,969 | ---- | C] () -- C:\WINDOWS\level.ini
[2005.11.28 17:56:59 | 00,544,724 | ---- | C] () -- C:\WINDOWS\System32\RWDL6DHW.DLL
[2005.11.13 19:55:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005.10.14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.06.19 20:05:05 | 00,008,630 | ---- | C] () -- C:\WINDOWS\System32\datkkq32.dll
[2005.05.29 02:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2004.03.31 16:13:32 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2004.03.31 16:13:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004.03.31 16:13:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2004.03.31 16:13:32 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2004.03.31 16:13:30 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2004.03.31 16:13:30 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2004.03.31 16:13:30 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004.02.15 09:55:53 | 00,000,333 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004.02.15 09:54:34 | 00,001,677 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004.01.04 14:15:24 | 00,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004.01.01 14:15:26 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003.11.28 22:59:18 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003.11.28 22:59:18 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003.11.28 22:59:18 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003.01.07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.08.29 04:41:00 | 00,004,032 | ---- | C] () -- C:\WINDOWS\boot.sys
[2002.03.21 15:39:02 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.20 22:01:06 | 00,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1998.03.22 13:50:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
========== LOP Check ==========
[2005.11.06 14:05:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009.08.14 22:59:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009.06.29 06:57:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2006.01.07 18:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games
[2009.01.31 13:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009.05.17 11:10:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008.12.28 13:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.07.07 20:22:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006.09.28 13:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\My Pictures
[2005.11.13 17:40:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground Demo
[2006.11.27 19:07:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009.07.07 20:30:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007.02.06 15:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2009.06.18 20:05:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2005.07.01 11:38:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SME Kuramatic
[2009.08.22 08:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.02.01 13:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008.12.25 20:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009.02.01 13:34:42 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.11.30 00:10:59 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Chyno\Application Data\.#
[2009.09.15 21:25:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Acapela Group
[2008.07.07 23:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ACD Systems
[2009.01.31 21:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\CoSoSys
[2009.05.17 11:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ESET
[2008.11.04 21:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Free&Easy Font Viewer
[2009.01.04 12:15:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ICQ
[2008.07.28 13:25:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ICQLite
[2008.12.06 15:36:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\LimeWire
[2009.12.01 16:40:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Nokia
[2009.07.27 14:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Nokia Multimedia Player
[2008.10.09 23:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Opera
[2009.12.01 16:37:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\PC Suite
[2009.05.17 21:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Radical Software Ltd
[2009.02.01 13:36:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\TuneUp Software
[2009.01.31 13:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Uniblue
[2010.01.05 11:20:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\uTorrent
[2009.04.12 10:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Vso
[2009.01.01 15:01:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\X-Chat 2
[2009.07.28 19:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Xilisoft Corporation
[2006.05.30 22:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\ACD Systems
[2006.09.05 11:28:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\Ascaron Entertainment
[2009.07.29 13:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\ESET
[2009.04.17 18:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\ICQ
[2009.04.05 20:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ľuboš\Application Data\ACD Systems
[2010.01.05 11:00:00 | 00,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010.01.05 11:00:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\Úklid 1 kliknutím.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004.08.04 08:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.04 08:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 08:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\cache\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004.08.04 08:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.04 08:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 08:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009.02.06 19:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004.08.04 08:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.04 08:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 08:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004.08.04 06:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.04 06:59:42 | 00,095,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002.08.29 02:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004.08.04 07:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.04 07:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
< %SYSTEMDRIVE%\viamraid.sys /s /md5 >
< %SYSTEMDRIVE%\nvata.sys /s /md5 >
========== Alternate Data Streams ==========
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
Extras.Txt
OTL Extras logfile created on: 5. 1. 2010 11:10:54 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Chyno\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041b | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy
503,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 41,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 14,29 Gb Free Space | 38,35% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 103,09 Gb Free Space | 92,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 4,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PC_COMPAQ
Current User Name: Chyno
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 0
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\µTorrent\utorrent.exe" = C:\Program Files\µTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\uTorrent.exe" = C:\Program Files\uTorrent.exe:*:Disabled:µTorrent -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Disabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}" = Lock Folder XP 3.6
"{5FAAF230-8E1C-4295-ADFA-829BFE895850}" = SAPI51
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{66F94F05-52D0-475D-8E35-D6F3ABD813BE}" = ESET Smart Security
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"7-Zip" = 7-Zip 4.65
"AVI ReComp" = AVI ReComp 1.2.3
"FRC - Football Result Creator" = FRC - Football Result Creator
"GIF Animator" = Microsoft GIF Animator
"HijackThis" = HijackThis 2.0.2
"ID2220Voices" = Infovox Desktop 2.220 voices
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"MultipleIEs_is1" = MultipleIEs
"Nokia PC Suite" = Nokia PC Suite
"WIC" = Windows Imaging Component
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30. 4. 2009 9:29:47 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.
Error - 30. 4. 2009 11:07:19 | Computer Name = PC_COMPAQ | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie opera.exe, verzia 9.60.10447.0, zlyhanie modulu
jvm.dll, verzia 11.0.0.16, adresa zlyhania 0x0016f202.
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.
[ DriverScanne Events ]
Error - 30. 4. 2009 9:29:47 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 30. 4. 2009 11:07:19 | Computer Name = PC_COMPAQ | Source = Application Error | ID = 1000
Description =
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
[ DriverScanne Events ]
Error - 30. 4. 2009 9:29:47 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 30. 4. 2009 11:07:19 | Computer Name = PC_COMPAQ | Source = Application Error | ID = 1000
Description =
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
[ System Events ]
Error - 18. 4. 2007 9:41:41 | Computer Name = PC_COMPAQ | Source = W32Time | ID = 39452701
Description = Poskytovateľ času NtpClient je nakonfigurovaný tak, aby získaval čas
z jedného alebo viacerých časových zdrojov, žiadny zo zdrojov však nie je momentálne
prístupný. Počas 14 minút nebude uskutočnený žiadny pokus o skontaktovanie zdroja.
NtpClient
nemá žiadny zdroj presného času.
Error - 18. 4. 2007 9:41:47 | Computer Name = PC_COMPAQ | Source = RemoteAccess | ID = 20013
Description = Komunikačné zariadenie pripojené k portu COM4 nie je funkčné.
Error - 18. 4. 2007 9:42:05 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby BtTuner, WDM TvTuner zlyhalo kvôli nasledujúcej chybe:
%%1058
Error - 18. 4. 2007 9:42:05 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby BtXBar, WDM Crossbar zlyhalo kvôli nasledujúcej chybe:
%%1058
Error - 18. 4. 2007 9:42:05 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby CxXBar, WDM Crossbar zlyhalo kvôli nasledujúcej chybe:
%%1058
Error - 18. 4. 2007 9:56:44 | Computer Name = PC_COMPAQ | Source = W32Time | ID = 39452689
Description = Poskytovateľ času NtpClient: Pri vyhľadávaní ručne nakonfigurovaného
partnera
time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhľadávanie
servera DNS znova o 30 min. Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom
v čase nedosiahnuteľnosti hostiteľa. (0x80072751)
Error - 18. 4. 2007 9:56:44 | Computer Name = PC_COMPAQ | Source = W32Time | ID = 39452701
Description = Poskytovateľ času NtpClient je nakonfigurovaný tak, aby získaval čas
z jedného alebo viacerých časových zdrojov, žiadny zo zdrojov však nie je momentálne
prístupný. Počas 29 minút nebude uskutočnený žiadny pokus o skontaktovanie zdroja.
NtpClient
nemá žiadny zdroj presného času.
Error - 3. 1. 2050 18:12:17 | Computer Name = PC_COMPAQ | Source = RemoteAccess | ID = 20013
Description = Komunikačné zariadenie pripojené k portu COM4 nie je funkčné.
Error - 4. 9. 2007 7:20:28 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby CxVCap, WDM Video Capture zlyhalo kvôli nasledujúcej
chybe: %%1058
Error - 4. 9. 2007 7:20:28 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby BtTuner, WDM TvTuner zlyhalo kvôli nasledujúcej chybe:
%%1058
[ TuneUp Events ]
Error - 22. 8. 2009 2:27:02 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:27:02', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','7044',0)
Error - 22. 8. 2009 2:27:18 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:27:18', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','6512',0)
Error - 22. 8. 2009 2:27:33 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:27:33', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','6688',0)
Error - 22. 8. 2009 2:30:04 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:30:04', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','10088',0)
Error - 22. 8. 2009 2:35:48 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:35:48', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','8404',0)
Error - 22. 8. 2009 3:07:28 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 09:07:28', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1912',0)
Error - 22. 8. 2009 3:10:55 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 09:10:55', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2404',0)
Error - 22. 8. 2009 3:42:13 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 09:42:13', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3664',0)
Error - 22. 8. 2009 4:07:00 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 10:07:00', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3900',0)
Error - 25. 8. 2009 9:55:03 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-25 15:55:03', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\unins000.exe','528',0)
< End of report >
OTL Extras logfile created on: 5. 1. 2010 11:10:54 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Chyno\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041b | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy
503,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 41,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 14,29 Gb Free Space | 38,35% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 103,09 Gb Free Space | 92,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 4,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PC_COMPAQ
Current User Name: Chyno
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 0
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\µTorrent\utorrent.exe" = C:\Program Files\µTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\uTorrent.exe" = C:\Program Files\uTorrent.exe:*:Disabled:µTorrent -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Disabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}" = Lock Folder XP 3.6
"{5FAAF230-8E1C-4295-ADFA-829BFE895850}" = SAPI51
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{66F94F05-52D0-475D-8E35-D6F3ABD813BE}" = ESET Smart Security
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"7-Zip" = 7-Zip 4.65
"AVI ReComp" = AVI ReComp 1.2.3
"FRC - Football Result Creator" = FRC - Football Result Creator
"GIF Animator" = Microsoft GIF Animator
"HijackThis" = HijackThis 2.0.2
"ID2220Voices" = Infovox Desktop 2.220 voices
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"MultipleIEs_is1" = MultipleIEs
"Nokia PC Suite" = Nokia PC Suite
"WIC" = Windows Imaging Component
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30. 4. 2009 9:29:47 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.
Error - 30. 4. 2009 11:07:19 | Computer Name = PC_COMPAQ | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie opera.exe, verzia 9.60.10447.0, zlyhanie modulu
jvm.dll, verzia 11.0.0.16, adresa zlyhania 0x0016f202.
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.
[ DriverScanne Events ]
Error - 30. 4. 2009 9:29:47 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 30. 4. 2009 11:07:19 | Computer Name = PC_COMPAQ | Source = Application Error | ID = 1000
Description =
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
[ DriverScanne Events ]
Error - 30. 4. 2009 9:29:47 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 30. 4. 2009 11:07:19 | Computer Name = PC_COMPAQ | Source = Application Error | ID = 1000
Description =
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =
[ System Events ]
Error - 18. 4. 2007 9:41:41 | Computer Name = PC_COMPAQ | Source = W32Time | ID = 39452701
Description = Poskytovateľ času NtpClient je nakonfigurovaný tak, aby získaval čas
z jedného alebo viacerých časových zdrojov, žiadny zo zdrojov však nie je momentálne
prístupný. Počas 14 minút nebude uskutočnený žiadny pokus o skontaktovanie zdroja.
NtpClient
nemá žiadny zdroj presného času.
Error - 18. 4. 2007 9:41:47 | Computer Name = PC_COMPAQ | Source = RemoteAccess | ID = 20013
Description = Komunikačné zariadenie pripojené k portu COM4 nie je funkčné.
Error - 18. 4. 2007 9:42:05 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby BtTuner, WDM TvTuner zlyhalo kvôli nasledujúcej chybe:
%%1058
Error - 18. 4. 2007 9:42:05 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby BtXBar, WDM Crossbar zlyhalo kvôli nasledujúcej chybe:
%%1058
Error - 18. 4. 2007 9:42:05 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby CxXBar, WDM Crossbar zlyhalo kvôli nasledujúcej chybe:
%%1058
Error - 18. 4. 2007 9:56:44 | Computer Name = PC_COMPAQ | Source = W32Time | ID = 39452689
Description = Poskytovateľ času NtpClient: Pri vyhľadávaní ručne nakonfigurovaného
partnera
time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhľadávanie
servera DNS znova o 30 min. Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom
v čase nedosiahnuteľnosti hostiteľa. (0x80072751)
Error - 18. 4. 2007 9:56:44 | Computer Name = PC_COMPAQ | Source = W32Time | ID = 39452701
Description = Poskytovateľ času NtpClient je nakonfigurovaný tak, aby získaval čas
z jedného alebo viacerých časových zdrojov, žiadny zo zdrojov však nie je momentálne
prístupný. Počas 29 minút nebude uskutočnený žiadny pokus o skontaktovanie zdroja.
NtpClient
nemá žiadny zdroj presného času.
Error - 3. 1. 2050 18:12:17 | Computer Name = PC_COMPAQ | Source = RemoteAccess | ID = 20013
Description = Komunikačné zariadenie pripojené k portu COM4 nie je funkčné.
Error - 4. 9. 2007 7:20:28 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby CxVCap, WDM Video Capture zlyhalo kvôli nasledujúcej
chybe: %%1058
Error - 4. 9. 2007 7:20:28 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby BtTuner, WDM TvTuner zlyhalo kvôli nasledujúcej chybe:
%%1058
[ TuneUp Events ]
Error - 22. 8. 2009 2:27:02 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:27:02', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','7044',0)
Error - 22. 8. 2009 2:27:18 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:27:18', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','6512',0)
Error - 22. 8. 2009 2:27:33 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:27:33', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','6688',0)
Error - 22. 8. 2009 2:30:04 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:30:04', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','10088',0)
Error - 22. 8. 2009 2:35:48 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:35:48', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','8404',0)
Error - 22. 8. 2009 3:07:28 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 09:07:28', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1912',0)
Error - 22. 8. 2009 3:10:55 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 09:10:55', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2404',0)
Error - 22. 8. 2009 3:42:13 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 09:42:13', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3664',0)
Error - 22. 8. 2009 4:07:00 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 10:07:00', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3900',0)
Error - 25. 8. 2009 9:55:03 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-25 15:55:03', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\unins000.exe','528',0)
< End of report >
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
1) Stiahni Defogger. Spust, klik na "Disable" -> "OK". V mieste spustenia by sa mal zjavit log, ten sem vloz.
2) Skopiruj v OTL do policka pod nazvom "Custom Scans/Fixes":
Klikni na "Run Fix". Program zacne pracovat, mozny je restart PC. Po nom by sa ti mal objavit log, ten by som rad videl.
2) Skopiruj v OTL do policka pod nazvom "Custom Scans/Fixes":
Kód: Vybrat vše
:otl
DRV - File not found [Kernel | Disabled | Running] -- -- (EOlmarikFix)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\URLSearchHook: - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://localhost/"
[2010.12.31 15:12:33 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-1.xml
[2008.12.31 21:05:37 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-2.xml
[2009.02.17 09:55:39 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-3.xml
[2009.03.18 10:17:33 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-4.xml
[2009.12.26 10:03:39 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-5.xml
[2008.12.15 15:45:18 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin.xml
O3 - HKLM\..\Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\WebBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe (Nero AG)
O4 - HKU\S-1-5-21-343818398-179605362-839522115-1008..\Run: [instanteyedropper] C:\Program Files\InstantEyedropper\InstantEyedropper.exe File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} https://ib24.csob.sk/comp/Signersk.cab (SigVer Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0033171328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 5253009259 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D10CDB6E-AE6D-27CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/ ... earadj.cab (CTAdjust Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (wjqd.rqo) - File not found
O20 - HKLM Winlogon: Shell - (avqbc) - File not found
O20 - HKLM Winlogon: UIHost - (C:\Documents) - C:\Documents [2006.06.18 17:20:58 | 00,000,000 | R--D | M]
O20 - HKLM Winlogon: UIHost - (and) - File not found
O20 - HKLM Winlogon: UIHost - (Settings\All) - File not found
O20 - HKLM Winlogon: UIHost - (Users\Application) - File not found
O20 - HKLM Winlogon: UIHost - (Data\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Software\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Utilities\WinStyler\tu_logonui.exe) - File not found
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
:commands
[emptytemp]
[createrestorepoint]
[reboot]Ja som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
Neviem, asi som spravil nieco zle, ale neviem najst log z Defroggera.
01052010_190051.txt:
All processes killed
========== OTL ==========
Error: No service named EOlmarikFix was found to stop!
Unable to stop service EOlmarikFix!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "http://localhost/" removed from browser.startup.homepage
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{35065594-9169-4A34-B167-FC4865038E53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35065594-9169-4A34-B167-FC4865038E53}\ not found.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}\ not found.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{35065594-9169-4A34-B167-FC4865038E53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35065594-9169-4A34-B167-FC4865038E53}\ not found.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMonitor1 deleted successfully.
C:\WINDOWS\system32\qtplugin.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Run\\instanteyedropper deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\WINDOWS\Downloaded Program Files\QTPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C580BBF700}
C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Starting removal of ActiveX control {4ADC518E-B607-11D4-B395-0001020F4519}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ADC518E-B607-11D4-B395-0001020F4519}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ADC518E-B607-11D4-B395-0001020F4519}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ADC518E-B607-11D4-B395-0001020F4519}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ADC518E-B607-11D4-B395-0001020F4519}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ADC518E-B607-11D4-B395-0001020F4519}\ not found.
Starting removal of ActiveX control {62475759-9E84-458E-A1AB-5D2C442ADFDE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ not found.
Starting removal of ActiveX control {6414512B-B978-451D-A0D8-FCFDF33E833C}
C:\WINDOWS\Downloaded Program Files\wuweb.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D10CDB6E-AE6D-27CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.297\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553530000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.287\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.285\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Starting removal of ActiveX control {DE22A7AB-A739-4C58-AD52-21F9CD6306B7}
C:\WINDOWS\Downloaded Program Files\clearadj.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:rundll32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:wjqd.rqo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:avqbc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:C:\Documents deleted successfully.
C:\Documents\My Pictures\Sample Pictures folder moved successfully.
C:\Documents\My Pictures folder moved successfully.
C:\Documents\My Music\Sample Music folder moved successfully.
C:\Documents\My Music folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Obrázky folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\MEDIA\Office97 folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\MEDIA folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\WOLF folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\STREET folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\PUZZLE folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\PRINCE folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\MAHJONG folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\FORMULA folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\DUCK folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games folder moved successfully.
C:\Documents\Moje dokumenty\Rastík folder moved successfully.
C:\Documents\Moje dokumenty folder moved successfully.
C:\Documents folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:and deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Settings\All deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Users\Application deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Data\TuneUp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Software\TuneUp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Utilities\WinStyler\tu_logonui.exe deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Chyno
->Temp folder emptied: 861839 bytes
->Temporary Internet Files folder emptied: 9507204 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46321684 bytes
->Google Chrome cache emptied: 19385175 bytes
->Opera cache emptied: 230592 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: DISKMAGS
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Patrik
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Scorpions WinCheater2.06
User: user
User: Ľuboš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 19468376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13001628 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 379734 bytes
Total Files Cleaned = 104,00 mb
Restore point Set: OTL Restore Point (64424509440)
OTL by OldTimer - Version 3.1.21.0 log created on 01052010_190051
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
01052010_190051.txt:
All processes killed
========== OTL ==========
Error: No service named EOlmarikFix was found to stop!
Unable to stop service EOlmarikFix!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "http://localhost/" removed from browser.startup.homepage
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{35065594-9169-4A34-B167-FC4865038E53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35065594-9169-4A34-B167-FC4865038E53}\ not found.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}\ not found.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{35065594-9169-4A34-B167-FC4865038E53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35065594-9169-4A34-B167-FC4865038E53}\ not found.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMonitor1 deleted successfully.
C:\WINDOWS\system32\qtplugin.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Run\\instanteyedropper deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\WINDOWS\Downloaded Program Files\QTPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C580BBF700}
C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Starting removal of ActiveX control {4ADC518E-B607-11D4-B395-0001020F4519}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ADC518E-B607-11D4-B395-0001020F4519}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ADC518E-B607-11D4-B395-0001020F4519}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ADC518E-B607-11D4-B395-0001020F4519}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ADC518E-B607-11D4-B395-0001020F4519}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ADC518E-B607-11D4-B395-0001020F4519}\ not found.
Starting removal of ActiveX control {62475759-9E84-458E-A1AB-5D2C442ADFDE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ not found.
Starting removal of ActiveX control {6414512B-B978-451D-A0D8-FCFDF33E833C}
C:\WINDOWS\Downloaded Program Files\wuweb.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D10CDB6E-AE6D-27CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.297\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553530000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.287\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.285\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Starting removal of ActiveX control {DE22A7AB-A739-4C58-AD52-21F9CD6306B7}
C:\WINDOWS\Downloaded Program Files\clearadj.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:rundll32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:wjqd.rqo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:avqbc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:C:\Documents deleted successfully.
C:\Documents\My Pictures\Sample Pictures folder moved successfully.
C:\Documents\My Pictures folder moved successfully.
C:\Documents\My Music\Sample Music folder moved successfully.
C:\Documents\My Music folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Obrázky folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\MEDIA\Office97 folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\MEDIA folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\WOLF folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\STREET folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\PUZZLE folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\PRINCE folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\MAHJONG folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\FORMULA folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\DUCK folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games folder moved successfully.
C:\Documents\Moje dokumenty\Rastík folder moved successfully.
C:\Documents\Moje dokumenty folder moved successfully.
C:\Documents folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:and deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Settings\All deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Users\Application deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Data\TuneUp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Software\TuneUp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Utilities\WinStyler\tu_logonui.exe deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Chyno
->Temp folder emptied: 861839 bytes
->Temporary Internet Files folder emptied: 9507204 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46321684 bytes
->Google Chrome cache emptied: 19385175 bytes
->Opera cache emptied: 230592 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: DISKMAGS
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Patrik
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Scorpions WinCheater2.06
User: user
User: Ľuboš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 19468376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13001628 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 379734 bytes
Total Files Cleaned = 104,00 mb
Restore point Set: OTL Restore Point (64424509440)
OTL by OldTimer - Version 3.1.21.0 log created on 01052010_190051
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
Nevadi, dalsi krok:
1) Start -> Spustit -> (napis) CMD /K COPY /V "C:\WINDOWS\ServicePackFiles\i386\atapi.sys" "c:\atapi.sys"
Enter. Malo by sa otvir okno a v nom by mal byt napis v zmysle, ze subor bol uspesne skopirovany.
2) Stiahni Avenger. Spust ho a suhlas s podmienkami atd.
Do bieleho pola v strede programu vloz skript:
Stlac "Execute" -> "Yes". Restart a vloz log.
1) Start -> Spustit -> (napis) CMD /K COPY /V "C:\WINDOWS\ServicePackFiles\i386\atapi.sys" "c:\atapi.sys"
Enter. Malo by sa otvir okno a v nom by mal byt napis v zmysle, ze subor bol uspesne skopirovany.
2) Stiahni Avenger. Spust ho a suhlas s podmienkami atd.
Do bieleho pola v strede programu vloz skript:
Kód: Vybrat vše
Files to move:
C:\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sysJa som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
1) OK
2)
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\atapi.sys|C:\WINDOWS\system32\drivers\atapi.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
2)
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\atapi.sys|C:\WINDOWS\system32\drivers\atapi.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
Vyborne. Este si to potvrdime 
Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.
Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!
Ja som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
ComboFix 10-01-04.01 - Chyno . 01. 2010 20:42:47.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.503.324 [GMT 1:00]
Running from: c:\documents and settings\Chyno\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documents\judy.vbs
c:\documents and settings\All Users\Documents\tomexuhin.reg
c:\documents and settings\Chyno\Application Data\.#
C:\LOG.TXT
c:\windows\system32\ikafa.inf
.
((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-05 18:00 . 2010-01-05 18:00 -------- dc----w- C:\_OTL
2009-12-19 20:21 . 2009-12-19 20:21 16384 -c--a-w- c:\windows\MSIMGSIZ.DAT
2009-12-19 20:19 . 2009-12-19 20:19 -------- dc----w- c:\program files\MultipleIEs
2009-12-17 20:32 . 2009-12-19 20:04 -------- dc----w- c:\program files\Xara
2009-12-17 20:32 . 2009-12-17 20:32 -------- dc----w- c:\program files\Common Files\Xara
2009-12-11 17:55 . 2009-12-11 17:56 -------- dc----w- c:\program files\Atomic Bomberman
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 19:25 . 2008-12-24 08:42 -------- dc----w- c:\documents and settings\Chyno\Application Data\uTorrent
2010-01-06 18:54 . 2008-07-06 06:07 7077888 ----a-w- c:\documents and settings\Chyno\NTUSER.DAT
2010-01-05 17:08 . 2008-10-09 22:05 -------- dc----w- c:\program files\Opera
2010-01-05 08:56 . 2009-08-22 08:09 -------- dc----w- c:\program files\trend micro
2009-12-31 15:47 . 2009-05-03 10:39 -------- dc----w- c:\program files\PS Pad
2009-12-18 19:37 . 2008-07-23 09:49 100424 -c--a-w- c:\documents and settings\Chyno\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-17 20:32 . 2003-10-06 10:13 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-12-17 20:31 . 2003-10-06 10:12 -------- dc----w- c:\program files\Common Files\InstallShield
2009-12-02 20:01 . 2009-06-10 17:41 -------- dc----w- c:\program files\Counter-Strike 1.6 V40
2009-12-01 15:40 . 2009-07-07 19:29 -------- dc----w- c:\documents and settings\Chyno\Application Data\Nokia
2009-12-01 15:37 . 2009-07-07 19:25 -------- dc----w- c:\documents and settings\Chyno\Application Data\PC Suite
2009-11-29 23:23 . 2009-11-29 22:41 -------- dc----w- c:\program files\Lock Folder XP
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Everstrike Software
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Common Files\Everstrike Software
2009-11-29 23:02 . 2009-11-29 23:02 180224 -c--a-w- c:\windows\system32\WinVd32.sys
2009-11-29 23:02 . 2009-11-29 23:02 7680 -c--a-w- c:\windows\system32\WinFLsrv.exe
2009-11-29 23:02 . 2009-11-29 22:35 -------- dc----w- c:\program files\ABC Lock
2009-11-23 22:18 . 2006-10-10 18:41 249856 -c----w- c:\windows\Setup1.exe
2009-11-23 22:18 . 2006-10-10 18:41 73216 -c--a-w- c:\windows\ST6UNST.EXE
2009-11-17 12:43 . 2009-11-17 12:43 -------- dc----w- c:\program files\Microsoft GIF Animator
2009-01-04 16:59 . 2009-01-04 16:48 12717920 -c--a-w- c:\program files\PRO2KXP_v13_4.exe
2007-03-21 15:47 . 2008-07-06 08:23 177152 -c--a-w- c:\program files\uTorrent.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-05 270128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"LFAgent"="c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30.exe" [2005-09-24 566272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\µTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6. 2. 2009 13:23 107256]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19. 11. 2004 18:07 101488]
S2 BT848;CxVCap, WDM Video Capture;c:\windows\system32\drivers\cxvcap.sys [6. 5. 2007 16:41 107200]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [30. 1. 2007 18:06 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [30. 1. 2007 17:58 13308]
S2 CXXBAR;CxXBar, WDM Crossbar;c:\windows\system32\drivers\cxxbar.sys [22. 3. 2007 10:02 15696]
S3 PSTRIP;PSTRIP;\??\c:\windows\System32\DRIVERS\PSTRIP.SYS --> c:\windows\System32\DRIVERS\PSTRIP.SYS [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008Core.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008UA.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]
2010-01-06 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mLocal Page =
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {2DF08C82-196D-4047-B65B-C14A0570A32F} = 192.168.1.1,4.2.2.5
FF - ProfilePath - c:\documents and settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://localhost/
FF - component: c:\program files\Mozilla Firefox\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 20:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e]
@Class="Shell"
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e\OpenWithList]
@Class="Shell"
"a"="opera.exe"
"MRUList"="a"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\đ•€|˙˙˙˙.•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Completion time: 2010-01-06 20:58:45
ComboFix-quarantined-files.txt 2010-01-06 19:58
Pre-Run: 15 241 023 488 bytes free
Post-Run: 15 227 899 904 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /TUTag=63VLJS /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Záloha)" /fastdetect /NoExecute=OptIn /TUTag=63VLJS-BAK
- - End Of File - - 3AB604FF751D475FA5449E02D17ACA30
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.503.324 [GMT 1:00]
Running from: c:\documents and settings\Chyno\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documents\judy.vbs
c:\documents and settings\All Users\Documents\tomexuhin.reg
c:\documents and settings\Chyno\Application Data\.#
C:\LOG.TXT
c:\windows\system32\ikafa.inf
.
((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))
.
2010-01-05 18:00 . 2010-01-05 18:00 -------- dc----w- C:\_OTL
2009-12-19 20:21 . 2009-12-19 20:21 16384 -c--a-w- c:\windows\MSIMGSIZ.DAT
2009-12-19 20:19 . 2009-12-19 20:19 -------- dc----w- c:\program files\MultipleIEs
2009-12-17 20:32 . 2009-12-19 20:04 -------- dc----w- c:\program files\Xara
2009-12-17 20:32 . 2009-12-17 20:32 -------- dc----w- c:\program files\Common Files\Xara
2009-12-11 17:55 . 2009-12-11 17:56 -------- dc----w- c:\program files\Atomic Bomberman
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 19:25 . 2008-12-24 08:42 -------- dc----w- c:\documents and settings\Chyno\Application Data\uTorrent
2010-01-06 18:54 . 2008-07-06 06:07 7077888 ----a-w- c:\documents and settings\Chyno\NTUSER.DAT
2010-01-05 17:08 . 2008-10-09 22:05 -------- dc----w- c:\program files\Opera
2010-01-05 08:56 . 2009-08-22 08:09 -------- dc----w- c:\program files\trend micro
2009-12-31 15:47 . 2009-05-03 10:39 -------- dc----w- c:\program files\PS Pad
2009-12-18 19:37 . 2008-07-23 09:49 100424 -c--a-w- c:\documents and settings\Chyno\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-17 20:32 . 2003-10-06 10:13 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-12-17 20:31 . 2003-10-06 10:12 -------- dc----w- c:\program files\Common Files\InstallShield
2009-12-02 20:01 . 2009-06-10 17:41 -------- dc----w- c:\program files\Counter-Strike 1.6 V40
2009-12-01 15:40 . 2009-07-07 19:29 -------- dc----w- c:\documents and settings\Chyno\Application Data\Nokia
2009-12-01 15:37 . 2009-07-07 19:25 -------- dc----w- c:\documents and settings\Chyno\Application Data\PC Suite
2009-11-29 23:23 . 2009-11-29 22:41 -------- dc----w- c:\program files\Lock Folder XP
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Everstrike Software
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Common Files\Everstrike Software
2009-11-29 23:02 . 2009-11-29 23:02 180224 -c--a-w- c:\windows\system32\WinVd32.sys
2009-11-29 23:02 . 2009-11-29 23:02 7680 -c--a-w- c:\windows\system32\WinFLsrv.exe
2009-11-29 23:02 . 2009-11-29 22:35 -------- dc----w- c:\program files\ABC Lock
2009-11-23 22:18 . 2006-10-10 18:41 249856 -c----w- c:\windows\Setup1.exe
2009-11-23 22:18 . 2006-10-10 18:41 73216 -c--a-w- c:\windows\ST6UNST.EXE
2009-11-17 12:43 . 2009-11-17 12:43 -------- dc----w- c:\program files\Microsoft GIF Animator
2009-01-04 16:59 . 2009-01-04 16:48 12717920 -c--a-w- c:\program files\PRO2KXP_v13_4.exe
2007-03-21 15:47 . 2008-07-06 08:23 177152 -c--a-w- c:\program files\uTorrent.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-05 270128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"LFAgent"="c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30.exe" [2005-09-24 566272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\µTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6. 2. 2009 13:23 107256]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19. 11. 2004 18:07 101488]
S2 BT848;CxVCap, WDM Video Capture;c:\windows\system32\drivers\cxvcap.sys [6. 5. 2007 16:41 107200]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [30. 1. 2007 18:06 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [30. 1. 2007 17:58 13308]
S2 CXXBAR;CxXBar, WDM Crossbar;c:\windows\system32\drivers\cxxbar.sys [22. 3. 2007 10:02 15696]
S3 PSTRIP;PSTRIP;\??\c:\windows\System32\DRIVERS\PSTRIP.SYS --> c:\windows\System32\DRIVERS\PSTRIP.SYS [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008Core.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]
2010-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008UA.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]
2010-01-06 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mLocal Page =
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {2DF08C82-196D-4047-B65B-C14A0570A32F} = 192.168.1.1,4.2.2.5
FF - ProfilePath - c:\documents and settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://localhost/
FF - component: c:\program files\Mozilla Firefox\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 20:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e]
@Class="Shell"
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e\OpenWithList]
@Class="Shell"
"a"="opera.exe"
"MRUList"="a"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\đ•€|˙˙˙˙.•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Completion time: 2010-01-06 20:58:45
ComboFix-quarantined-files.txt 2010-01-06 19:58
Pre-Run: 15 241 023 488 bytes free
Post-Run: 15 227 899 904 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /TUTag=63VLJS /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Záloha)" /fastdetect /NoExecute=OptIn /TUTag=63VLJS-BAK
- - End Of File - - 3AB604FF751D475FA5449E02D17ACA30
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
Vyborne, este mensie docistenie
1) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.
Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
2) Start -> Spustit -> (napis) REGEDIT /E "%userprofile%\desktop\log.txt" "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon"
Enter.
Na ploche sa ti objavi textovy dokument (log.txt), posli mi sem jeho obsah.
1) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:
Kód: Vybrat vše
KillAll::
DDS::
mLocal Page =
FireFox::
FF - ProfilePath - c:\documents and settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://localhost/
RegLockDel::
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e]
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e\OpenWithList]
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\đ•€|˙˙˙˙.•€|ů•A~*]Program script spracuje a spravi novy log.
Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.
2) Start -> Spustit -> (napis) REGEDIT /E "%userprofile%\desktop\log.txt" "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon"
Enter.
Na ploche sa ti objavi textovy dokument (log.txt), posli mi sem jeho obsah.
Ja som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
1)
ComboFix 10-01-04.01 - Chyno . 01. 2010 9:40.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.503.177 [GMT 1:00]
Running from: c:\documents and settings\Chyno\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chyno\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.
2010-01-05 18:00 . 2010-01-05 18:00 -------- dc----w- C:\_OTL
2009-12-19 20:21 . 2009-12-19 20:21 16384 -c--a-w- c:\windows\MSIMGSIZ.DAT
2009-12-19 20:19 . 2009-12-19 20:19 -------- dc----w- c:\program files\MultipleIEs
2009-12-17 20:32 . 2009-12-19 20:04 -------- dc----w- c:\program files\Xara
2009-12-17 20:32 . 2009-12-17 20:32 -------- dc----w- c:\program files\Common Files\Xara
2009-12-11 17:55 . 2009-12-11 17:56 -------- dc----w- c:\program files\Atomic Bomberman
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 08:51 . 2008-07-06 06:07 7077888 ----a-w- c:\documents and settings\Chyno\NTUSER.DAT
2010-01-07 08:36 . 2008-12-24 08:42 -------- dc----w- c:\documents and settings\Chyno\Application Data\uTorrent
2010-01-05 17:08 . 2008-10-09 22:05 -------- dc----w- c:\program files\Opera
2010-01-05 08:56 . 2009-08-22 08:09 -------- dc----w- c:\program files\trend micro
2009-12-31 15:47 . 2009-05-03 10:39 -------- dc----w- c:\program files\PS Pad
2009-12-18 19:37 . 2008-07-23 09:49 100424 -c--a-w- c:\documents and settings\Chyno\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-17 20:32 . 2003-10-06 10:13 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-12-17 20:31 . 2003-10-06 10:12 -------- dc----w- c:\program files\Common Files\InstallShield
2009-12-02 20:01 . 2009-06-10 17:41 -------- dc----w- c:\program files\Counter-Strike 1.6 V40
2009-12-01 15:40 . 2009-07-07 19:29 -------- dc----w- c:\documents and settings\Chyno\Application Data\Nokia
2009-12-01 15:37 . 2009-07-07 19:25 -------- dc----w- c:\documents and settings\Chyno\Application Data\PC Suite
2009-11-29 23:23 . 2009-11-29 22:41 -------- dc----w- c:\program files\Lock Folder XP
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Everstrike Software
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Common Files\Everstrike Software
2009-11-29 23:02 . 2009-11-29 23:02 180224 -c--a-w- c:\windows\system32\WinVd32.sys
2009-11-29 23:02 . 2009-11-29 23:02 7680 -c--a-w- c:\windows\system32\WinFLsrv.exe
2009-11-29 23:02 . 2009-11-29 22:35 -------- dc----w- c:\program files\ABC Lock
2009-11-23 22:18 . 2006-10-10 18:41 249856 -c----w- c:\windows\Setup1.exe
2009-11-23 22:18 . 2006-10-10 18:41 73216 -c--a-w- c:\windows\ST6UNST.EXE
2009-11-17 12:43 . 2009-11-17 12:43 -------- dc----w- c:\program files\Microsoft GIF Animator
2009-01-04 16:59 . 2009-01-04 16:48 12717920 -c--a-w- c:\program files\PRO2KXP_v13_4.exe
2007-03-21 15:47 . 2008-07-06 08:23 177152 -c--a-w- c:\program files\uTorrent.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-05 270128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"LFAgent"="c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30.exe" [2005-09-24 566272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\µTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6. 2. 2009 13:23 107256]
R2 CWS_Apache_80;CWS_Apache_80;c:\complexwebserver\apache\bin\Apache.exe [18. 5. 2009 15:44 20541]
R2 CWS_MySQL_3306;CWS_MySQL_3306;c:\complexwebserver\mysql\bin\mysqld-nt.exe --defaults-file=c:\complexwebserver\mysql\conf\mysqld.conf CWS_MySQL_3306 --> c:\complexwebserver\mysql\bin\mysqld-nt.exe --defaults-file=c:\complexwebserver\mysql\conf\mysqld.conf CWS_MySQL_3306 [?]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14. 5. 2009 14:47 731840]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19. 11. 2004 18:07 101488]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [30. 11. 2009 0:02 10752]
S2 BT848;CxVCap, WDM Video Capture;c:\windows\system32\drivers\cxvcap.sys [6. 5. 2007 16:41 107200]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [30. 1. 2007 18:06 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [30. 1. 2007 17:58 13308]
S2 CWS_Apache_8080;CWS_Apache_8080;c:\complexwebserver\apache\bin\Apache.exe [18. 5. 2009 15:44 20541]
S2 CXXBAR;CxXBar, WDM Crossbar;c:\windows\system32\drivers\cxxbar.sys [22. 3. 2007 10:02 15696]
S3 PSTRIP;PSTRIP;\??\c:\windows\System32\DRIVERS\PSTRIP.SYS --> c:\windows\System32\DRIVERS\PSTRIP.SYS [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8. 1. 2006 19:18 642560]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008Core.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008UA.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]
2010-01-07 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {2DF08C82-196D-4047-B65B-C14A0570A32F} = 192.168.1.1,4.2.2.5
FF - ProfilePath - c:\documents and settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 10:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\windows\system32\WinFLdrv.sys 10752 bytes executable
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e]
@Class="Shell"
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e\OpenWithList]
@Class="Shell"
"a"="opera.exe"
"MRUList"="a"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\đ•€|˙˙˙˙.•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1280)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\MSI\Bluetooth Software\bin\btwdins.exe
c:\complexwebserver\mysql\bin\mysqld-nt.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\TUProgSt.exe
.
**************************************************************************
.
Completion time: 2010-01-07 10:12:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-07 09:12
ComboFix2.txt 2010-01-06 19:58
Pre-Run: 15 239 966 720 bytes free
Post-Run: 15 228 391 424 bytes free
- - End Of File - - 7D27F3D7024B417D70CDB7E01F63E338
2)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"AutoRestartShell"=dword:00000001
"DefaultDomainName"="PC_COMPAQ"
"DefaultUserName"="chyno"
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="0"
"System"=""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"SfcQuota"=dword:ffffffff
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"cachedlogonscount"="10"
"forceunlocklogon"=dword:00000000
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="0"
"AllowMultipleTSSessions"=dword:00000000
"UIHost"=""
"LogonType"=dword:00000000
"DebugServerCommand"="no"
"SFCDisable"=dword:00000000
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"ShowLogonOptions"=dword:00000001
"AltDefaultUserName"="chyno"
"AltDefaultDomainName"="PC_COMPAQ"
"AutoAdminLogon"="0"
"ChangePasswordUseKerberos"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\
6c,00,00,00
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\
00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,31,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,31,00,34,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,29,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallEvent"="1.8.0031.9"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\WgaLogon\Settings]
@=""
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,d9,1f,7a,11,17,95,22,47,88,ed,15,74,54,f7,05,94,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,9d,be,9d,b6,b2,c4,a3,46,\
07,54,5e,bc,2f,20,5d,4a,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,a2,\
5f,a3,64,f2,f1,0d,46,0e,fd,09,ae,f6,b5,2c,7f,38,02,00,00,27,b0,c9,c1,db,f1,\
31,7b,e6,7e,5c,32,b0,be,1e,86,36,f6,cf,68,5d,37,9d,75,99,7e,1c,9c,c5,08,4a,\
31,14,13,0c,77,58,8b,f4,8f,47,c5,68,ae,01,60,03,1f,85,3b,a7,94,a2,50,ba,fa,\
a0,43,31,97,4e,ae,e8,e5,b2,37,07,ea,b4,78,d2,ce,4c,25,f1,89,6f,c0,a9,ab,f4,\
dd,fe,c2,d1,a9,a0,a0,ea,c4,36,35,8c,12,a5,7f,88,38,2b,d9,04,96,63,60,67,5b,\
7a,1e,ef,ba,59,ff,55,b9,f4,69,2f,e9,6a,30,ee,6a,15,c9,74,d6,b9,ea,83,a8,9f,\
9b,c2,43,91,01,c9,ff,13,96,56,ff,b2,a7,76,82,bc,6b,88,66,ac,a2,1f,c0,9f,94,\
ee,c6,00,6e,f4,e6,26,82,87,3e,13,d0,fe,32,a9,36,11,22,3f,d7,4b,2a,b5,6b,b5,\
08,22,2e,a5,de,28,4e,03,f0,af,ee,a9,c4,01,46,0e,2a,7c,75,05,b9,f1,ee,f1,27,\
a5,ee,2c,ca,63,1e,de,ba,c0,dc,46,60,d6,88,0f,5d,2b,8e,28,4a,99,b0,07,9d,70,\
d5,8d,0e,12,44,35,47,2d,49,08,61,43,df,13,46,3e,a1,6f,0d,5e,4a,34,f3,a0,0e,\
5e,a5,c6,d5,26,6c,4f,eb,cb,b4,8a,40,f6,55,8b,a9,91,2c,97,38,80,35,cf,48,d4,\
e2,99,15,5b,54,4e,61,1a,e6,f0,67,6e,17,c7,ca,0e,77,c3,fb,d4,d2,17,90,93,35,\
db,31,52,51,31,47,a3,08,19,7f,5f,27,73,82,e6,c0,cb,f6,be,cc,65,dc,82,20,82,\
61,d1,86,05,f8,2f,fc,22,54,06,e3,44,c1,1b,90,11,37,09,b7,91,17,0a,b6,71,a8,\
34,24,9a,70,ae,73,de,57,12,8e,4f,9d,72,05,da,af,c9,97,fa,21,1e,b4,d1,aa,20,\
9d,6d,6d,37,d3,b3,fa,2d,c3,a5,f0,53,9b,3b,48,43,7a,37,fe,bf,f6,2c,39,ee,38,\
5d,c2,ad,a7,b0,75,80,c2,32,5b,00,fb,e5,78,0e,78,fe,d6,41,12,5c,6c,04,5a,26,\
74,67,e6,79,26,53,c5,6c,f4,85,61,55,7e,6f,43,43,d7,60,38,fd,c9,9c,ff,b9,92,\
13,35,49,73,4e,8a,9c,58,68,a2,76,a6,95,4d,7c,2f,c6,19,aa,f4,1e,96,08,36,e4,\
c8,1f,5e,8f,93,85,84,57,6f,4f,c1,51,c7,a9,14,2e,df,32,38,25,26,2c,62,7a,6a,\
20,67,4e,94,98,79,ba,33,91,ab,cc,0b,ed,07,97,2e,6a,f9,9d,8f,55,85,35,c1,b8,\
0a,41,71,cd,b9,9d,42,15,e6,f0,a9,c9,13,af,6e,54,bb,05,34,e5,dc,59,5b,9e,15,\
c3,a4,06,df,b4,f2,01,e6,3c,4c,5e,31,14,00,00,00,56,0b,10,cf,eb,2e,6e,67,e1,\
06,ab,9b,01,94,ba,f9,f3,38,85,20
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
ComboFix 10-01-04.01 - Chyno . 01. 2010 9:40.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.503.177 [GMT 1:00]
Running from: c:\documents and settings\Chyno\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chyno\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.
2010-01-05 18:00 . 2010-01-05 18:00 -------- dc----w- C:\_OTL
2009-12-19 20:21 . 2009-12-19 20:21 16384 -c--a-w- c:\windows\MSIMGSIZ.DAT
2009-12-19 20:19 . 2009-12-19 20:19 -------- dc----w- c:\program files\MultipleIEs
2009-12-17 20:32 . 2009-12-19 20:04 -------- dc----w- c:\program files\Xara
2009-12-17 20:32 . 2009-12-17 20:32 -------- dc----w- c:\program files\Common Files\Xara
2009-12-11 17:55 . 2009-12-11 17:56 -------- dc----w- c:\program files\Atomic Bomberman
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 08:51 . 2008-07-06 06:07 7077888 ----a-w- c:\documents and settings\Chyno\NTUSER.DAT
2010-01-07 08:36 . 2008-12-24 08:42 -------- dc----w- c:\documents and settings\Chyno\Application Data\uTorrent
2010-01-05 17:08 . 2008-10-09 22:05 -------- dc----w- c:\program files\Opera
2010-01-05 08:56 . 2009-08-22 08:09 -------- dc----w- c:\program files\trend micro
2009-12-31 15:47 . 2009-05-03 10:39 -------- dc----w- c:\program files\PS Pad
2009-12-18 19:37 . 2008-07-23 09:49 100424 -c--a-w- c:\documents and settings\Chyno\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-17 20:32 . 2003-10-06 10:13 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-12-17 20:31 . 2003-10-06 10:12 -------- dc----w- c:\program files\Common Files\InstallShield
2009-12-02 20:01 . 2009-06-10 17:41 -------- dc----w- c:\program files\Counter-Strike 1.6 V40
2009-12-01 15:40 . 2009-07-07 19:29 -------- dc----w- c:\documents and settings\Chyno\Application Data\Nokia
2009-12-01 15:37 . 2009-07-07 19:25 -------- dc----w- c:\documents and settings\Chyno\Application Data\PC Suite
2009-11-29 23:23 . 2009-11-29 22:41 -------- dc----w- c:\program files\Lock Folder XP
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Everstrike Software
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Common Files\Everstrike Software
2009-11-29 23:02 . 2009-11-29 23:02 180224 -c--a-w- c:\windows\system32\WinVd32.sys
2009-11-29 23:02 . 2009-11-29 23:02 7680 -c--a-w- c:\windows\system32\WinFLsrv.exe
2009-11-29 23:02 . 2009-11-29 22:35 -------- dc----w- c:\program files\ABC Lock
2009-11-23 22:18 . 2006-10-10 18:41 249856 -c----w- c:\windows\Setup1.exe
2009-11-23 22:18 . 2006-10-10 18:41 73216 -c--a-w- c:\windows\ST6UNST.EXE
2009-11-17 12:43 . 2009-11-17 12:43 -------- dc----w- c:\program files\Microsoft GIF Animator
2009-01-04 16:59 . 2009-01-04 16:48 12717920 -c--a-w- c:\program files\PRO2KXP_v13_4.exe
2007-03-21 15:47 . 2008-07-06 08:23 177152 -c--a-w- c:\program files\uTorrent.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-05 270128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"LFAgent"="c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30.exe" [2005-09-24 566272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\µTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6. 2. 2009 13:23 107256]
R2 CWS_Apache_80;CWS_Apache_80;c:\complexwebserver\apache\bin\Apache.exe [18. 5. 2009 15:44 20541]
R2 CWS_MySQL_3306;CWS_MySQL_3306;c:\complexwebserver\mysql\bin\mysqld-nt.exe --defaults-file=c:\complexwebserver\mysql\conf\mysqld.conf CWS_MySQL_3306 --> c:\complexwebserver\mysql\bin\mysqld-nt.exe --defaults-file=c:\complexwebserver\mysql\conf\mysqld.conf CWS_MySQL_3306 [?]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14. 5. 2009 14:47 731840]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19. 11. 2004 18:07 101488]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [30. 11. 2009 0:02 10752]
S2 BT848;CxVCap, WDM Video Capture;c:\windows\system32\drivers\cxvcap.sys [6. 5. 2007 16:41 107200]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [30. 1. 2007 18:06 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [30. 1. 2007 17:58 13308]
S2 CWS_Apache_8080;CWS_Apache_8080;c:\complexwebserver\apache\bin\Apache.exe [18. 5. 2009 15:44 20541]
S2 CXXBAR;CxXBar, WDM Crossbar;c:\windows\system32\drivers\cxxbar.sys [22. 3. 2007 10:02 15696]
S3 PSTRIP;PSTRIP;\??\c:\windows\System32\DRIVERS\PSTRIP.SYS --> c:\windows\System32\DRIVERS\PSTRIP.SYS [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8. 1. 2006 19:18 642560]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-01-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008Core.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008UA.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]
2010-01-07 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {2DF08C82-196D-4047-B65B-C14A0570A32F} = 192.168.1.1,4.2.2.5
FF - ProfilePath - c:\documents and settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 10:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\windows\system32\WinFLdrv.sys 10752 bytes executable
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e]
@Class="Shell"
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e\OpenWithList]
@Class="Shell"
"a"="opera.exe"
"MRUList"="a"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\đ•€|˙˙˙˙.•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1280)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\MSI\Bluetooth Software\bin\btwdins.exe
c:\complexwebserver\mysql\bin\mysqld-nt.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\TUProgSt.exe
.
**************************************************************************
.
Completion time: 2010-01-07 10:12:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-07 09:12
ComboFix2.txt 2010-01-06 19:58
Pre-Run: 15 239 966 720 bytes free
Post-Run: 15 228 391 424 bytes free
- - End Of File - - 7D27F3D7024B417D70CDB7E01F63E338
2)
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"AutoRestartShell"=dword:00000001
"DefaultDomainName"="PC_COMPAQ"
"DefaultUserName"="chyno"
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="0"
"System"=""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"SfcQuota"=dword:ffffffff
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"cachedlogonscount"="10"
"forceunlocklogon"=dword:00000000
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="0"
"AllowMultipleTSSessions"=dword:00000000
"UIHost"=""
"LogonType"=dword:00000000
"DebugServerCommand"="no"
"SFCDisable"=dword:00000000
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"ShowLogonOptions"=dword:00000001
"AltDefaultUserName"="chyno"
"AltDefaultDomainName"="PC_COMPAQ"
"AutoAdminLogon"="0"
"ChangePasswordUseKerberos"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\
6c,00,00,00
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\
00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,31,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,31,00,34,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,29,00,00,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallEvent"="1.8.0031.9"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\WgaLogon\Settings]
@=""
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,d9,1f,7a,11,17,95,22,47,88,ed,15,74,54,f7,05,94,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,9d,be,9d,b6,b2,c4,a3,46,\
07,54,5e,bc,2f,20,5d,4a,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,a2,\
5f,a3,64,f2,f1,0d,46,0e,fd,09,ae,f6,b5,2c,7f,38,02,00,00,27,b0,c9,c1,db,f1,\
31,7b,e6,7e,5c,32,b0,be,1e,86,36,f6,cf,68,5d,37,9d,75,99,7e,1c,9c,c5,08,4a,\
31,14,13,0c,77,58,8b,f4,8f,47,c5,68,ae,01,60,03,1f,85,3b,a7,94,a2,50,ba,fa,\
a0,43,31,97,4e,ae,e8,e5,b2,37,07,ea,b4,78,d2,ce,4c,25,f1,89,6f,c0,a9,ab,f4,\
dd,fe,c2,d1,a9,a0,a0,ea,c4,36,35,8c,12,a5,7f,88,38,2b,d9,04,96,63,60,67,5b,\
7a,1e,ef,ba,59,ff,55,b9,f4,69,2f,e9,6a,30,ee,6a,15,c9,74,d6,b9,ea,83,a8,9f,\
9b,c2,43,91,01,c9,ff,13,96,56,ff,b2,a7,76,82,bc,6b,88,66,ac,a2,1f,c0,9f,94,\
ee,c6,00,6e,f4,e6,26,82,87,3e,13,d0,fe,32,a9,36,11,22,3f,d7,4b,2a,b5,6b,b5,\
08,22,2e,a5,de,28,4e,03,f0,af,ee,a9,c4,01,46,0e,2a,7c,75,05,b9,f1,ee,f1,27,\
a5,ee,2c,ca,63,1e,de,ba,c0,dc,46,60,d6,88,0f,5d,2b,8e,28,4a,99,b0,07,9d,70,\
d5,8d,0e,12,44,35,47,2d,49,08,61,43,df,13,46,3e,a1,6f,0d,5e,4a,34,f3,a0,0e,\
5e,a5,c6,d5,26,6c,4f,eb,cb,b4,8a,40,f6,55,8b,a9,91,2c,97,38,80,35,cf,48,d4,\
e2,99,15,5b,54,4e,61,1a,e6,f0,67,6e,17,c7,ca,0e,77,c3,fb,d4,d2,17,90,93,35,\
db,31,52,51,31,47,a3,08,19,7f,5f,27,73,82,e6,c0,cb,f6,be,cc,65,dc,82,20,82,\
61,d1,86,05,f8,2f,fc,22,54,06,e3,44,c1,1b,90,11,37,09,b7,91,17,0a,b6,71,a8,\
34,24,9a,70,ae,73,de,57,12,8e,4f,9d,72,05,da,af,c9,97,fa,21,1e,b4,d1,aa,20,\
9d,6d,6d,37,d3,b3,fa,2d,c3,a5,f0,53,9b,3b,48,43,7a,37,fe,bf,f6,2c,39,ee,38,\
5d,c2,ad,a7,b0,75,80,c2,32,5b,00,fb,e5,78,0e,78,fe,d6,41,12,5c,6c,04,5a,26,\
74,67,e6,79,26,53,c5,6c,f4,85,61,55,7e,6f,43,43,d7,60,38,fd,c9,9c,ff,b9,92,\
13,35,49,73,4e,8a,9c,58,68,a2,76,a6,95,4d,7c,2f,c6,19,aa,f4,1e,96,08,36,e4,\
c8,1f,5e,8f,93,85,84,57,6f,4f,c1,51,c7,a9,14,2e,df,32,38,25,26,2c,62,7a,6a,\
20,67,4e,94,98,79,ba,33,91,ab,cc,0b,ed,07,97,2e,6a,f9,9d,8f,55,85,35,c1,b8,\
0a,41,71,cd,b9,9d,42,15,e6,f0,a9,c9,13,af,6e,54,bb,05,34,e5,dc,59,5b,9e,15,\
c3,a4,06,df,b4,f2,01,e6,3c,4c,5e,31,14,00,00,00,56,0b,10,cf,eb,2e,6e,67,e1,\
06,ab,9b,01,94,ba,f9,f3,38,85,20
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
OK, este Nod hlasi smejda?
Ja som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
Nie, je to uz vsetko?
-
pitimir
- Vzorný návštěvník
- Příspěvky: 479
- Registrován: 18 čer 2008 17:54
- Bydliště: Šutrovec
- Kontaktovat uživatele:
Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"
1) Docistime to:
2) Vloz log z HJT.
V pripade nezrovnalosti sa >>tu<< nachadza navod.
- Odinstaluj Combofix:
Start -> Spustit -> (napis) combofix /uninstall
- Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).
- Precisti PC CCleanerom (vratane registrov).
- Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).
2) Vloz log z HJT.
V pripade nezrovnalosti sa >>tu<< nachadza navod.
Ja som skromný, mám len dve veci do podpisu...
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
1) Chcete pomôcť fóru? Podporte ho_!!
2) Prosím všetkých, ktorí majú problém:
- založte si vlastný topic a do 1. prispevku vložte log z RSIT a presný stručný popis problému.
- bez odporúčania nespúšťajte ŽIADEN iný program nájdený na fóre/internete.
- needitujte a nemažte príspevky.
- dodržujte inštrukcie a nerobte nič naviac (z vlastnej iniciatívy).
Přispějete na provoz fóra?