Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Olmarik.ZC

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
15tomasp15
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 07 dub 2009 06:21

Re: Olmarik.ZC

#16 Příspěvek od 15tomasp15 »

Znova tie súbory :/ a znova počas skenu vyhadzovalo že tie 2 súbory prestali pracovať - inak počas skenu to išlo "po jednom" - Completed Stage_7; Completed Stage_8;.... ale keď vyhodilo že program PEV.cfxxe prestal pracovať tak som dal Zrušiť a z Completed Stage_10 to skočilo hneď na 15(na obrazovke sa zobrazilo 10,11,12,13,14 aj 15 ale strašne rýchlo to skočilo z 10 na 15)

Tu je log:

ComboFix 11-01-31.02 - Paťo . 02. 2011 15:42:47.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.2559.1699 [GMT 1:00]
Running from: c:\users\Paťo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Pato\AppData\Roaming\64dlls.exe
c:\users\Pato\AppData\Roaming\intel64.exe
c:\users\Pato\AppData\Roaming\Kernel32.exe
c:\users\Pato\AppData\Roaming\localsys64.exe
c:\users\Pato\AppData\Roaming\ntos.exe
c:\users\Pato\AppData\Roaming\oembios.exe
c:\users\Pato\AppData\Roaming\sdra64.exe
c:\users\Pato\AppData\Roaming\sdra73.exe
c:\users\Pato\AppData\Roaming\swin32.exe
c:\users\Pato\AppData\Roaming\twex.exe
c:\users\Pato\AppData\Roaming\twext.exe
c:\users\Pato\AppData\Roaming\wsnpoema.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-03 to 2011-02-03 )))))))))))))))))))))))))))))))
.

2011-02-03 14:49 . 2011-02-03 14:49 -------- d-----w- c:\users\Paťo\AppData\Local\temp
2011-02-03 14:49 . 2011-02-03 14:49 -------- d-----w- c:\users\Zorka\AppData\Local\temp
2011-02-03 14:49 . 2011-02-03 14:49 -------- d-----w- c:\users\Pato\AppData\Local\temp
2011-02-03 14:49 . 2011-02-03 14:49 -------- d-----w- c:\users\eL_Lucho\AppData\Local\temp
2011-02-03 14:49 . 2011-02-03 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-03 14:49 . 2011-02-03 14:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-02-03 14:23 . 2011-02-03 14:23 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsl6ec3c61b.sys
2011-02-03 14:20 . 2011-02-03 14:20 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsld148ac02.sys
2011-02-03 14:14 . 2011-02-03 14:14 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsl7ee1a270.sys
2011-02-03 13:18 . 2011-01-13 00:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\mpengine.dll
2011-02-02 13:55 . 2011-01-13 00:41 5890896 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-01 20:09 . 2011-02-01 20:09 5322 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-02-01 16:41 . 2011-02-01 16:40 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D624405D-E533-4F9D-8C61-1F2DA4C57242}\gapaengine.dll
2011-02-01 16:38 . 2011-02-01 16:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-01 16:38 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-31 21:17 . 2011-01-31 21:17 -------- d-----w- c:\users\Pato\AppData\Local\Microsoft
2011-01-31 21:17 . 2011-01-31 21:17 -------- d-----w- c:\users\Pato
2011-01-31 12:15 . 2011-01-31 12:15 -------- d-----w- C:\rsit
2011-01-31 12:15 . 2011-01-31 12:15 -------- d-----w- c:\program files\trend micro
2011-01-31 10:29 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-31 10:29 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-31 10:29 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-31 10:29 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-31 10:29 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-31 10:29 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-31 10:29 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-31 10:29 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-31 10:29 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-31 00:07 . 2011-01-31 00:07 -------- d-----w- c:\program files\SystemRequirementsLab
2011-01-30 19:50 . 2011-01-30 19:58 -------- d-----w- c:\users\Paťo\AppData\Roaming\GetRightToGo
2011-01-30 14:11 . 2011-01-30 14:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-30 11:23 . 2011-01-30 11:23 -------- d-----w- c:\program files\Yamicsoft
2011-01-26 21:07 . 2011-01-26 23:07 -------- d-----w- c:\users\eL_Lucho\AppData\Local\LogMeIn Hamachi
2011-01-24 21:26 . 2011-01-24 21:26 -------- d-----w- c:\users\Paťo\AppData\Local\BuildAGadget Content
2011-01-24 20:35 . 2011-01-24 20:35 -------- d-----w- c:\program files\FinalWire
2011-01-24 16:33 . 2011-01-24 16:34 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\GetRightToGo
2011-01-23 16:17 . 2011-01-23 16:19 -------- d-----w- c:\program files\FlatOut2
2011-01-07 22:42 . 2011-01-07 22:42 -------- d-----w- c:\users\Paťo\AppData\Roaming\VitySoft
2011-01-07 21:19 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-01-07 21:18 . 2011-01-07 21:18 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2011-01-07 21:18 . 2011-01-07 21:18 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
2011-01-07 21:16 . 2011-01-07 21:16 -------- d-----w- c:\program files\Sports Interactive
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 10:30 . 2011-01-07 10:30 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\AIMP
2011-01-07 10:28 . 2011-01-07 10:28 -------- d-----w- c:\users\eL_Lucho\AppData\Local\4A Games
2011-01-07 10:27 . 2011-01-07 10:27 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\HandBrake
2011-01-07 10:27 . 2011-01-07 10:27 -------- d-----w- c:\users\eL_Lucho\AppData\Local\HandBrake
2011-01-07 01:44 . 2011-01-07 01:47 -------- d-----w- c:\users\Paťo\AppData\Local\LogMeIn Hamachi
2011-01-07 01:43 . 2011-01-07 01:47 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-01-05 19:44 . 2011-01-05 19:44 -------- d-----w- c:\users\Paťo\AppData\Local\4A Games
2011-01-05 19:13 . 2011-01-05 19:13 -------- d-----w- c:\program files\THQ
2011-01-05 14:13 . 2011-01-05 14:14 -------- d-----w- c:\program files\Google
2011-01-05 14:13 . 2011-01-05 14:13 -------- d-----w- c:\users\Paťo\AppData\Local\Google
2011-01-05 11:56 . 2011-01-05 11:59 -------- d-----w- c:\users\Paťo\AppData\Roaming\HandBrake
2011-01-05 11:56 . 2011-01-05 11:56 -------- d-----w- c:\users\Paťo\AppData\Local\HandBrake

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-01-31 10:29 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-10-16 09:55 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2010-10-16 09:55 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2009-07-13 22:09 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-12-19 22:21 . 2009-07-13 23:11 56912 ----a-w- c:\windows\system32\drivers\partmgr.sys
2010-12-19 22:21 . 2009-07-13 23:11 56912 ------w- c:\windows\system32\drivers\partmgr.sys.copy
2010-11-29 15:28 . 2010-11-29 15:28 348160 ----a-w- c:\windows\system32\Msvcr71.dll
2010-11-29 15:28 . 2010-11-29 15:28 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-29 15:28 . 2010-11-29 15:28 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-29 15:26 . 2010-11-29 15:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-19 14:55 . 2010-11-19 14:55 292696 ----a-w- c:\windows\system32\XceedFtp.dll
2010-09-28 19:44 . 2010-09-28 19:44 1196032 ----a-w- c:\program files\Game CD Key List 3.90.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 07:31 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2009-04-27 11:37 25256 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2009-04-27 11:37 291496 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-09-30 10:27 2773320 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 01:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

R1 MpKsl6ec3c61b;MpKsl6ec3c61b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsl6ec3c61b.sys [2011-02-03 28752]
R1 MpKsl7ee1a270;MpKsl7ee1a270;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsl7ee1a270.sys [2011-02-03 28752]
R1 MpKslc063c7ee;MpKslc063c7ee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKslc063c7ee.sys [2011-02-03 28752]
R1 MpKsld148ac02;MpKsld148ac02;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsld148ac02.sys [2011-02-03 28752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
R3 CFcatchme;CFcatchme;c:\users\PAO~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 23048]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1343400]
R4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-16 691696]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-09-30 2397512]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.
Contents of the 'Scheduled Tasks' folder

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 14:13]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 14:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="2DDF99B0A265651BE2FC288B710F88AD330F126E68CE4A8E1F0B983F553C67820265C51AB56DF0CD8241F4BC7145668D1860E3412A934CD618F4E0AC8D07D92F5FB27BCC486B404B7FB949607B3C6F2E82D14797C7867A00BE6F32DEE89481CEB70D06FA5FF1368B145385772C3DE6619713C86098439959C00F6BD095F6C2CF640EBC4E212A7A3860CA0DF74224D3AFE028807D17FDB468323C72F068D747D31F24F2E25AD077AE6AB347C9A5E30455CCE804445F7C186307B232A3D6EF7E2E87FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794C038D530D6EB345206143E4279F2A95E231FCE890899B1E9DD234444A953F4773B52D1F8EA9C8E81719499B1D4CA2136B2AF365C63B75293477C1CB1BA81879F71A940ADC25C7CAA2B1A1A9D00E7AD1EA945EAB9CA2904E33C31DFD1C780DF53ED757A7F3EBA6BB98154CBFBB8313DE53BE108F172F6D1D2F6B5596C989549D20FB915CFDB6080579AF8336651CEF63FF0099BF4A1697E3C838043ED09CD41C3877E99A3ABBB9992ECBFC39AAEAD32402845295BB20FFEDDC68B4EE50B777AABDF4E062452F844DBC4E569FACDFD7C638E25275F963A7CDB73D49D08A1A5DC79703AC91D0B10450942AC810D3A381587AC3A02E1CE02563E15E04AACE4B001FB69D54A7FA1B59353D7575EFA9791F06E599897E2F3BE1C6F0935DF4F02B136694D36E1E1F7695AD7CE2FC4929B8A38BE42DB3B8BB0109340815C5F1038890057F27A5CFA83E87998C101EFC612E1C80367A0B425C4D6B7E203653A345D5A934584407AA94CB9057B219D8E2BD69D32299D88BDA082BAB4EDE8E1DA21D70B5B12012C72ED71A2C3C73059C07B5E07B9848D39060FD2A46C5FDF6A9DE425C877013CE46CEBA2B032AC070D9D95ADABD5CB35DC31282F43F394E998CF2D5580B8BCDB1785ED26B4FDBA1195307ADFDB3697E32154C5280916D15D0B38500DE526D05B714F6055C08C6810D274D0232D38E73F377D6860ABCE3E62648EC383F07AAD89284DD39C30750E15A9DDE23878729DBFD3A8B10FA551E4794B7C26855CA42708727B7D7D9C82E90883D21DF65B2C8132B3CA69803482B571EAA4B5732746764E0DC3368EE5341D274C2B91C936E3BA38904A7A12DA7A8372F09956C1933738A737097A77323FAB00F4B6F72E2F47DAC4AF82F3B85E0886F411E490F82B806B32B39FEBF5E80981F77237A837AF3D53A15441077BC9AD5AC602018F353761F461CA50CF5B352E6A453CE22289635E79EBC84B0C75EA1F7C0BFC5EA3A547CB9DFA48D80D8C88FD18F450E206E13BF48714DA577D55D446D13542E0C08F2EE7929A7BE9328495FC20E42FD61A8C6E839D5F5C8EFADEDCC1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-03 15:51:16
ComboFix-quarantined-files.txt 2011-02-03 14:51
ComboFix2.txt 2011-02-03 13:07
ComboFix3.txt 2011-01-31 21:22

Pre-Run: 51 097 079 808 bytes free
Post-Run: 51 049 287 680 bytes free

- - End Of File - - BD523B61924E9B67B1FDFE43F217C538


Teraz som sa pozeral a tie súbory sú tam teraz neni(dal som aj zobraziť skryté súbory) tak už tomu nechápem...

A ďalšia otázka - ako to vypadá z PC - no ja som to že je PC ten virus predtým žiadno nepociťoval len ESS mi vyhodil(aj to m i najskôr ani nenaskakovalo iba som ho v protokoloch videl) takže neviem povedať aký je medzi tým rozdiel :) ani neviem či už sme odstránili ten MBR rootkit :D


Ďakujem :)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Olmarik.ZC

#17 Příspěvek od motji »

Uvidíme, Mbr rootkit nevidím.

:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.



:arrow: Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
15tomasp15
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 07 dub 2009 06:21

Re: Olmarik.ZC

#18 Příspěvek od 15tomasp15 »

MBAM nič nenašiel(úplná kontrola); tu je GMER:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-03 20:42:54
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4 WDC_WD1001FALS-00J7B0 rev.05.00K05
Running: gmer.exe; Driver: C:\Users\PAO~1\AppData\Local\Temp\kxldapog.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 84BF61F8
Device \Driver\atapi \Device\Ide\IdePort1 84BF61F8
Device \Driver\atapi \Device\Ide\IdePort2 84BF61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-6 84BF61F8
Device \Driver\atapi \Device\Ide\IdePort3 84BF61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-4 84BF61F8
Device \Driver\ax5kt0ii \Device\Scsi\ax5kt0ii1 85E45500
Device \Driver\ax5kt0ii \Device\Scsi\ax5kt0ii1Port4Path0Target0Lun0 85E45500
Device \FileSystem\Ntfs \Ntfs 84BF81F8

---- EOF - GMER 1.0.15 ----


a druhý log:


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-03 20:59:20
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4 WDC_WD1001FALS-00J7B0 rev.05.00K05
Running: gmer.exe; Driver: C:\Users\PAO~1\AppData\Local\Temp\kxldapog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A58599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spwc.sys Systém nemôže nájsť zadanú cestu. !
.text USBPORT.SYS!DllUnload 8F73BCA0 5 Bytes JMP 85DCF1D8
.text ax5kt0ii.SYS 8F90B000 12 Bytes [44, A8, E2, 82, EE, A6, E2, ...]
.text ax5kt0ii.SYS 8F90B00D 9 Bytes [87, E2, 82, 48, AB, E2, 82, ...] {XCHG EDX, ESP; OR BYTE [EAX-0x55], -0x1e; ADD BYTE [EAX], 0x0}
.text ax5kt0ii.SYS 8F90B017 170 Bytes [00, DE, 07, B2, 89, E6, 05, ...]
.text ax5kt0ii.SYS 8F90B0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ax5kt0ii.SYS 8F90B0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\Users\PAO~1\AppData\Local\Temp\catchme.sys Systém nemôže nájsť zadaný súbor. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS Systém nemôže nájsť zadaný súbor. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\OO Software\Defrag\oodag.exe[1964] kernel32.dll!SetUnhandledExceptionFilter 76603162 5 Bytes JMP 00402FB0 C:\Program Files\OO Software\Defrag\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2944] ntdll.dll!LdrLoadDll 76EBF625 5 Bytes JMP 011213F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4048] USER32.dll!TrackPopupMenu 76874B3B 5 Bytes JMP 690B2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [89A24042] \SystemRoot\System32\Drivers\spwc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [89A246D6] \SystemRoot\System32\Drivers\spwc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [89A24800] \SystemRoot\System32\Drivers\spwc.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [89A2413E] \SystemRoot\System32\Drivers\spwc.sys
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\ax5kt0ii.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73A72494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73A55624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73A556E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73A7250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73A68573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73A64D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73A650CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73A651A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73A666D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73A682CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73A68819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73A6907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73A6E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1428] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73A64C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84BF81F8
Device \FileSystem\udfs \UdfsCdRom 856881F8
Device \FileSystem\udfs \UdfsDisk 856881F8
Device \Driver\sptd \Device\1477687000 spwc.sys
Device \Driver\volmgr \Device\VolMgrControl 84BF41F8
Device \Driver\usbohci \Device\USBPDO-0 85DD11F8
Device \Driver\usbehci \Device\USBPDO-1 85DD2500
Device \Driver\PCI_PNP2000 \Device\00000055 spwc.sys
Device \Driver\volmgr \Device\HarddiskVolume1 84BF41F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 84BF41F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85CD11F8
Device \Driver\atapi \Device\Ide\IdePort0 84BF61F8
Device \Driver\atapi \Device\Ide\IdePort1 84BF61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-6 84BF61F8
Device \Driver\atapi \Device\Ide\IdePort2 84BF61F8
Device \Driver\atapi \Device\Ide\IdePort3 84BF61F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-4 84BF61F8
Device \Driver\cdrom \Device\CdRom1 85CD11F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85D741F8
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbohci \Device\USBFDO-0 85DD11F8
Device \Driver\usbehci \Device\USBFDO-1 85DD2500
Device \Driver\ax5kt0ii \Device\Scsi\ax5kt0ii1 85E45500
Device \Driver\ax5kt0ii \Device\Scsi\ax5kt0ii1Port4Path0Target0Lun0 85E45500
Device \Driver\NetBT \Device\NetBT_Tcpip_{843860FF-5F2D-489A-B0BC-57BC5324F7A1} 85D741F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{47A35F77-1663-46E6-9560-54B29F142055} 85D741F8
Device \FileSystem\cdfs \Cdfs 84F5A1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001167ab9d5b
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0xF3 0x9A 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x3A 0x08 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF9 0x53 0x78 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x90 0xF9 0x2F 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001167ab9d5b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0xF3 0x9A 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x3A 0x08 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF3 0x41 0x41 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x90 0xF9 0x2F 0x60 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL 2DDF99B0A265651BE2FC288B710F88AD330F126E68CE4A8E1F0B983F553C67820265C51AB56DF0CD8241F4BC7145668D1860E3412A934CD618F4E0AC8D07D92F5FB27BCC486B404B7FB949607B3C6F2E82D14797C7867A00BE6F32DEE89481CEB70D06FA5FF1368B145385772C3DE6619713C86098439959C00F6BD095F6C2CF640EBC4E212A7A3860CA0DF74224D3AFE028807D17FDB468323C72F068D747D31F24F2E25AD077AE6AB347C9A5E30455CCE804445F7C186307B232A3D6EF7E2E87FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794C038D530D6EB345206143E4279F2A95E231FCE890899B1E9DD234444A953F4773B52D1F8EA9C8E81719499B1D4CA2136B2AF365C63B75293477C1CB1BA81879F71A940ADC25C7CAA2B1A1A9D00E7AD1EA945EAB9CA2904E33C31DFD1C780DF53ED757A7F3EBA6BB98154CBFBB8313DE53BE108F172F6D1D2F6B5596C989549D20FB915CFDB6080579AF8336651CEF63FF0099BF4A1697E3C838043ED09CD41C3877E99A3ABBB9992ECBFC39AAEAD32402845295BB20FFEDDC68B4EE50B777AABDF4E062452F844DBC4E569FACDFD7C638E25275F963A7CDB73D49D08A1A5DC79703AC91D0B10450942AC810D3A381587AC3A02E1CE025

---- EOF - GMER 1.0.15 ----

:)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Olmarik.ZC

#19 Příspěvek od motji »

Tohle vypadá ok.
Zkus znovu combofix, jestli bude zase mazat. Předtím se ale mrkni do těch složek, kde ty viry původně byli, jestli je tam vidíš.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
15tomasp15
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 07 dub 2009 06:21

Re: Olmarik.ZC

#20 Příspěvek od 15tomasp15 »

Znovu. Aj keď vyskočila tá tabulka tak som sa cez správcu úloh pozrel a ani žiadna zložka Roaming neexistuje.
Teda CF ukazuje že tie súbory sú v c:\users\Pato\AppData\Roaming - lenže zložka Roaming neexistuje
V mojom konte - c:\users\Paťo\AppData\Roaming - táto zložka je ale žiadne tie súbory sú tam neni...

Žiadne konto Pato doteraz nebolo, to len asi CF nevie pracovať z diakritikou(Paťo) tak to nejak pomýlil alebo čo :D

Neviem či by som to nemal zapnúť cez núdzový režim alebo cez systémové konto administrator.....


ComboFix 11-01-31.02 - Paťo . 02. 2011 22:36:14.5.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.2559.1872 [GMT 1:00]
Running from: c:\users\Paťo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Pato\AppData\Roaming\64dlls.exe
c:\users\Pato\AppData\Roaming\intel64.exe
c:\users\Pato\AppData\Roaming\Kernel32.exe
c:\users\Pato\AppData\Roaming\localsys64.exe
c:\users\Pato\AppData\Roaming\ntos.exe
c:\users\Pato\AppData\Roaming\oembios.exe
c:\users\Pato\AppData\Roaming\sdra64.exe
c:\users\Pato\AppData\Roaming\sdra73.exe
c:\users\Pato\AppData\Roaming\swin32.exe
c:\users\Pato\AppData\Roaming\twex.exe
c:\users\Pato\AppData\Roaming\twext.exe
c:\users\Pato\AppData\Roaming\wsnpoema.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-03 to 2011-02-03 )))))))))))))))))))))))))))))))
.

2011-02-03 21:42 . 2011-02-03 21:42 -------- d-----w- c:\users\Paťo\AppData\Local\temp
2011-02-03 21:42 . 2011-02-03 21:42 -------- d-----w- c:\users\Zorka\AppData\Local\temp
2011-02-03 21:42 . 2011-02-03 21:42 -------- d-----w- c:\users\Pato\AppData\Local\temp
2011-02-03 21:42 . 2011-02-03 21:42 -------- d-----w- c:\users\eL_Lucho\AppData\Local\temp
2011-02-03 21:42 . 2011-02-03 21:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-03 21:42 . 2011-02-03 21:42 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-02-03 19:59 . 2011-02-03 19:59 -------- d-----w- c:\users\Paťo\AppData\Roaming\Malwarebytes
2011-02-03 19:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 19:59 . 2011-02-03 19:59 -------- d-----w- c:\programdata\Malwarebytes
2011-02-03 19:59 . 2011-02-03 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 19:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-03 16:58 . 2011-02-03 17:01 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-02-03 15:31 . 2011-01-13 00:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3FE6F10-AF25-424B-8487-130B351D4E60}\mpengine.dll
2011-02-02 13:55 . 2011-01-13 00:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-01 20:09 . 2011-02-01 20:09 5322 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-02-01 16:41 . 2011-02-01 16:40 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D624405D-E533-4F9D-8C61-1F2DA4C57242}\gapaengine.dll
2011-02-01 16:38 . 2011-02-01 16:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-01 16:38 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-31 21:17 . 2011-01-31 21:17 -------- d-----w- c:\users\Pato\AppData\Local\Microsoft
2011-01-31 21:17 . 2011-01-31 21:17 -------- d-----w- c:\users\Pato
2011-01-31 12:15 . 2011-01-31 12:15 -------- d-----w- C:\rsit
2011-01-31 12:15 . 2011-01-31 12:15 -------- d-----w- c:\program files\trend micro
2011-01-31 10:29 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-31 10:29 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-31 10:29 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-31 10:29 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-31 10:29 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-31 10:29 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-31 10:29 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-31 10:29 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-31 10:29 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-31 00:07 . 2011-01-31 00:07 -------- d-----w- c:\program files\SystemRequirementsLab
2011-01-30 14:11 . 2011-01-30 14:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-30 11:23 . 2011-01-30 11:23 -------- d-----w- c:\program files\Yamicsoft
2011-01-26 21:07 . 2011-02-03 18:49 -------- d-----w- c:\users\eL_Lucho\AppData\Local\LogMeIn Hamachi
2011-01-24 21:26 . 2011-01-24 21:26 -------- d-----w- c:\users\Paťo\AppData\Local\BuildAGadget Content
2011-01-24 20:35 . 2011-01-24 20:35 -------- d-----w- c:\program files\FinalWire
2011-01-24 16:33 . 2011-01-24 16:34 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\GetRightToGo
2011-01-23 16:17 . 2011-01-23 16:19 -------- d-----w- c:\program files\FlatOut2
2011-01-07 22:42 . 2011-01-07 22:42 -------- d-----w- c:\users\Paťo\AppData\Roaming\VitySoft
2011-01-07 21:19 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-01-07 21:18 . 2011-01-07 21:18 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2011-01-07 21:18 . 2011-01-07 21:18 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
2011-01-07 21:16 . 2011-01-07 21:16 -------- d-----w- c:\program files\Sports Interactive
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 10:30 . 2011-01-07 10:30 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\AIMP
2011-01-07 10:28 . 2011-01-07 10:28 -------- d-----w- c:\users\eL_Lucho\AppData\Local\4A Games
2011-01-07 10:27 . 2011-01-07 10:27 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\HandBrake
2011-01-07 10:27 . 2011-01-07 10:27 -------- d-----w- c:\users\eL_Lucho\AppData\Local\HandBrake
2011-01-07 01:44 . 2011-01-07 01:47 -------- d-----w- c:\users\Paťo\AppData\Local\LogMeIn Hamachi
2011-01-07 01:43 . 2011-01-07 01:47 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-01-05 19:44 . 2011-01-05 19:44 -------- d-----w- c:\users\Paťo\AppData\Local\4A Games
2011-01-05 19:13 . 2011-01-05 19:13 -------- d-----w- c:\program files\THQ
2011-01-05 14:13 . 2011-01-05 14:14 -------- d-----w- c:\program files\Google
2011-01-05 14:13 . 2011-01-05 14:13 -------- d-----w- c:\users\Paťo\AppData\Local\Google
2011-01-05 11:56 . 2011-01-05 11:59 -------- d-----w- c:\users\Paťo\AppData\Roaming\HandBrake
2011-01-05 11:56 . 2011-01-05 11:56 -------- d-----w- c:\users\Paťo\AppData\Local\HandBrake

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-01-31 10:29 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-10-16 09:55 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2010-10-16 09:55 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2009-07-13 22:09 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-12-19 22:21 . 2009-07-13 23:11 56912 ----a-w- c:\windows\system32\drivers\partmgr.sys
2010-12-19 22:21 . 2009-07-13 23:11 56912 ------w- c:\windows\system32\drivers\partmgr.sys.copy
2010-11-29 15:28 . 2010-11-29 15:28 348160 ----a-w- c:\windows\system32\Msvcr71.dll
2010-11-29 15:28 . 2010-11-29 15:28 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-29 15:28 . 2010-11-29 15:28 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-29 15:26 . 2010-11-29 15:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-19 14:55 . 2010-11-19 14:55 292696 ----a-w- c:\windows\system32\XceedFtp.dll
2010-09-28 19:44 . 2010-09-28 19:44 1196032 ----a-w- c:\program files\Game CD Key List 3.90.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 07:31 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2009-04-27 11:37 25256 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2009-04-27 11:37 291496 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-09-30 10:27 2773320 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 01:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

R1 MpKsl6ec3c61b;MpKsl6ec3c61b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsl6ec3c61b.sys [x]
R1 MpKsl7ee1a270;MpKsl7ee1a270;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsl7ee1a270.sys [x]
R1 MpKslc063c7ee;MpKslc063c7ee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKslc063c7ee.sys [x]
R1 MpKsld148ac02;MpKsld148ac02;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsld148ac02.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
R3 CFcatchme;CFcatchme;c:\users\PAO~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 23048]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1343400]
R4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-16 691696]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-09-30 2397512]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.
Contents of the 'Scheduled Tasks' folder

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 14:13]

2011-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 14:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="2DDF99B0A265651BE2FC288B710F88AD330F126E68CE4A8E1F0B983F553C67820265C51AB56DF0CD8241F4BC7145668D1860E3412A934CD618F4E0AC8D07D92F5FB27BCC486B404B7FB949607B3C6F2E82D14797C7867A00BE6F32DEE89481CEB70D06FA5FF1368B145385772C3DE6619713C86098439959C00F6BD095F6C2CF640EBC4E212A7A3860CA0DF74224D3AFE028807D17FDB468323C72F068D747D31F24F2E25AD077AE6AB347C9A5E30455CCE804445F7C186307B232A3D6EF7E2E87FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794C038D530D6EB345206143E4279F2A95E231FCE890899B1E9DD234444A953F4773B52D1F8EA9C8E81719499B1D4CA2136B2AF365C63B75293477C1CB1BA81879F71A940ADC25C7CAA2B1A1A9D00E7AD1EA945EAB9CA2904E33C31DFD1C780DF53ED757A7F3EBA6BB98154CBFBB8313DE53BE108F172F6D1D2F6B5596C989549D20FB915CFDB6080579AF8336651CEF63FF0099BF4A1697E3C838043ED09CD41C3877E99A3ABBB9992ECBFC39AAEAD32402845295BB20FFEDDC68B4EE50B777AABDF4E062452F844DBC4E569FACDFD7C638E25275F963A7CDB73D49D08A1A5DC79703AC91D0B10450942AC810D3A381587AC3A02E1CE02563E15E04AACE4B001FB69D54A7FA1B59353D7575EFA9791F06E599897E2F3BE1C6F0935DF4F02B136694D36E1E1F7695AD7CE2FC4929B8A38BE42DB3B8BB0109340815C5F1038890057F27A5CFA83E87998C101EFC612E1C80367A0B425C4D6B7E203653A345D5A934584407AA94CB9057B219D8E2BD69D32299D88BDA082BAB4EDE8E1DA21D70B5B12012C72ED71A2C3C73059C07B5E07B9848D39060FD2A46C5FDF6A9DE425C877013CE46CEBA2B032AC070D9D95ADABD5CB35DC31282F43F394E998CF2D5580B8BCDB1785ED26B4FDBA1195307ADFDB3697E32154C5280916D15D0B38500DE526D05B714F6055C08C6810D274D0232D38E73F377D6860ABCE3E62648EC383F07AAD89284DD39C30750E15A9DDE23878729DBFD3A8B10FA551E4794B7C26855CA42708727B7D7D9C82E90883D21DF65B2C8132B3CA69803482B571EAA4B5732746764E0DC3368EE5341D274C2B91C936E3BA38904A7A12DA7A8372F09956C1933738A737097A77323FAB00F4B6F72E2F47DAC4AF82F3B85E0886F411E490F82B806B32B39FEBF5E80981F77237A837AF3D53A15441077BC9AD5AC602018F353761F461CA50CF5B352E6A453CE22289635E79EBC84B0C75EA1F7C0BFC5EA3A547CB9DFA48D80D8C88FD18F450E206E13BF48714DA577D55D446D13542E0C08F2EE7929A7BE9328495FC20E42FD61A8C6E839D5F5C8EFADEDCC1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-03 22:44:33
ComboFix-quarantined-files.txt 2011-02-03 21:44
ComboFix2.txt 2011-02-03 15:27
ComboFix3.txt 2011-02-03 14:51
ComboFix4.txt 2011-02-03 13:07
ComboFix5.txt 2011-02-03 21:30

Pre-Run: 43 404 808 192 bytes free
Post-Run: 43 111 727 104 bytes free

- - End Of File - - 3A27188D8D085603EC047AEB64BD040F
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Olmarik.ZC

#21 Příspěvek od motji »

Máš zobrazené skryté a systémové soubory?

:arrow: Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
15tomasp15
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 07 dub 2009 06:21

Re: Olmarik.ZC

#22 Příspěvek od 15tomasp15 »

Áno, mám to zobrazené :)

Tu je ten log, aj keď neviem či je to ono...

Autoscan: completed 13 minutes ago (events: 8, objects: 694855, time: 04:27:14)
4. 2. 2011 15:35:03 Task started
4. 2. 2011 19:10:18 Detected: Backdoor.Win32.SdBot.tsw F:\Paťo\Hry\GTR_2\rld-gtr2.iso/Crack/GTR2.exe
4. 2. 2011 19:10:18 Untreated: Backdoor.Win32.SdBot.tsw F:\Paťo\Hry\GTR_2\rld-gtr2.iso/Crack/GTR2.exe Write not supported
4. 2. 2011 19:41:17 Detected: not-a-virus:AdWare.Win32.EShoper.am F:\Paťo\Sofware\Sony Vegas 9 Plugins\Plugins Sony Vegas Pro 9\NewBlue FX\Motion blends.exe
4. 2. 2011 19:42:35 Deleted: not-a-virus:AdWare.Win32.EShoper.am F:\Paťo\Sofware\Sony Vegas 9 Plugins\Plugins Sony Vegas Pro 9\NewBlue FX\Motion blends.exe
4. 2. 2011 19:59:17 Detected: Type_Win32 F:\Paťo\Sofware\Pinnacle Studio\cyg-pshd.iso/CYGiSO/keygen.exe/PE_Patch/ASProtect
4. 2. 2011 19:59:17 Untreated: Type_Win32 F:\Paťo\Sofware\Pinnacle Studio\cyg-pshd.iso/CYGiSO/keygen.exe/PE_Patch/ASProtect Write not supported
4. 2. 2011 20:02:17 Task completed


Ďakujem :)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Olmarik.ZC

#23 Příspěvek od motji »

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
F:\Paťo\Hry\GTR_2\rld-gtr2.iso/Crack

File::
F:\Paťo\Sofware\Pinnacle Studio\cyg-pshd.iso/CYGiSO/keygen.exe
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
15tomasp15
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 07 dub 2009 06:21

Re: Olmarik.ZC

#24 Příspěvek od 15tomasp15 »

Ručne som zmazal celé zložky(Shift+Delete), CF som spustil bez scriptu, znova vyhodilo tie súbory, reštart a sken:

ComboFix 11-01-31.02 - Paťo . 02. 2011 21:24:33.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.2559.1599 [GMT 1:00]
Running from: c:\users\Paťo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Pato\AppData\Roaming\64dlls.exe
c:\users\Pato\AppData\Roaming\intel64.exe
c:\users\Pato\AppData\Roaming\Kernel32.exe
c:\users\Pato\AppData\Roaming\localsys64.exe
c:\users\Pato\AppData\Roaming\ntos.exe
c:\users\Pato\AppData\Roaming\oembios.exe
c:\users\Pato\AppData\Roaming\sdra64.exe
c:\users\Pato\AppData\Roaming\sdra73.exe
c:\users\Pato\AppData\Roaming\swin32.exe
c:\users\Pato\AppData\Roaming\twex.exe
c:\users\Pato\AppData\Roaming\twext.exe
c:\users\Pato\AppData\Roaming\wsnpoema.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.

2011-02-04 20:32 . 2011-02-04 20:33 -------- d-----w- c:\users\Paťo\AppData\Local\temp
2011-02-04 20:32 . 2011-02-04 20:32 -------- d-----w- c:\users\Zorka\AppData\Local\temp
2011-02-04 20:32 . 2011-02-04 20:32 -------- d-----w- c:\users\Pato\AppData\Local\temp
2011-02-04 20:32 . 2011-02-04 20:32 -------- d-----w- c:\users\eL_Lucho\AppData\Local\temp
2011-02-04 20:32 . 2011-02-04 20:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-04 20:32 . 2011-02-04 20:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-02-04 19:46 . 2011-01-13 00:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02DEC0A6-3370-4418-A019-0E21738DA684}\mpengine.dll
2011-02-04 14:31 . 2011-02-04 14:32 -------- d-----w- c:\programdata\Kaspersky Lab
2011-02-04 14:30 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\44252262.sys
2011-02-04 14:30 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\4425226.sys
2011-02-04 14:30 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\44252261.sys
2011-02-04 14:30 . 2011-02-04 20:21 -------- d-----w- c:\program files\Virus Removal Tool
2011-02-03 19:59 . 2011-02-03 19:59 -------- d-----w- c:\users\Paťo\AppData\Roaming\Malwarebytes
2011-02-03 19:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 19:59 . 2011-02-03 19:59 -------- d-----w- c:\programdata\Malwarebytes
2011-02-03 19:59 . 2011-02-03 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 19:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-03 16:58 . 2011-02-03 17:01 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-02-02 13:55 . 2011-01-13 00:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-01 20:09 . 2011-02-01 20:09 5322 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-02-01 16:41 . 2011-02-01 16:40 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D624405D-E533-4F9D-8C61-1F2DA4C57242}\gapaengine.dll
2011-02-01 16:38 . 2011-02-01 16:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-01 16:38 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-31 21:17 . 2011-01-31 21:17 -------- d-----w- c:\users\Pato\AppData\Local\Microsoft
2011-01-31 21:17 . 2011-01-31 21:17 -------- d-----w- c:\users\Pato
2011-01-31 12:15 . 2011-01-31 12:15 -------- d-----w- C:\rsit
2011-01-31 12:15 . 2011-01-31 12:15 -------- d-----w- c:\program files\trend micro
2011-01-31 10:29 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-31 10:29 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-31 10:29 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-31 10:29 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-31 10:29 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-31 10:29 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-31 10:29 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-31 10:29 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-31 10:29 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-31 00:07 . 2011-01-31 00:07 -------- d-----w- c:\program files\SystemRequirementsLab
2011-01-30 14:11 . 2011-01-30 14:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-30 11:23 . 2011-01-30 11:23 -------- d-----w- c:\program files\Yamicsoft
2011-01-26 21:07 . 2011-02-03 18:49 -------- d-----w- c:\users\eL_Lucho\AppData\Local\LogMeIn Hamachi
2011-01-24 21:26 . 2011-01-24 21:26 -------- d-----w- c:\users\Paťo\AppData\Local\BuildAGadget Content
2011-01-24 20:35 . 2011-01-24 20:35 -------- d-----w- c:\program files\FinalWire
2011-01-24 16:33 . 2011-01-24 16:34 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\GetRightToGo
2011-01-23 16:17 . 2011-01-23 16:19 -------- d-----w- c:\program files\FlatOut2
2011-01-07 22:42 . 2011-01-07 22:42 -------- d-----w- c:\users\Paťo\AppData\Roaming\VitySoft
2011-01-07 21:19 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-01-07 21:18 . 2011-01-07 21:18 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2011-01-07 21:18 . 2011-01-07 21:18 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
2011-01-07 21:16 . 2011-01-07 21:16 -------- d-----w- c:\program files\Sports Interactive
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 10:30 . 2011-01-07 10:30 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\AIMP
2011-01-07 10:28 . 2011-01-07 10:28 -------- d-----w- c:\users\eL_Lucho\AppData\Local\4A Games
2011-01-07 10:27 . 2011-01-07 10:27 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\HandBrake
2011-01-07 10:27 . 2011-01-07 10:27 -------- d-----w- c:\users\eL_Lucho\AppData\Local\HandBrake
2011-01-07 01:44 . 2011-01-07 01:47 -------- d-----w- c:\users\Paťo\AppData\Local\LogMeIn Hamachi
2011-01-07 01:43 . 2011-01-07 01:47 -------- d-----w- c:\program files\LogMeIn Hamachi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-01-31 10:29 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-10-16 09:55 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2010-10-16 09:55 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2009-07-13 22:09 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-12-19 22:21 . 2009-07-13 23:11 56912 ----a-w- c:\windows\system32\drivers\partmgr.sys
2010-12-19 22:21 . 2009-07-13 23:11 56912 ------w- c:\windows\system32\drivers\partmgr.sys.copy
2010-11-29 15:28 . 2010-11-29 15:28 348160 ----a-w- c:\windows\system32\Msvcr71.dll
2010-11-29 15:28 . 2010-11-29 15:28 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-29 15:28 . 2010-11-29 15:28 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-29 15:26 . 2010-11-29 15:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-19 14:55 . 2010-11-19 14:55 292696 ----a-w- c:\windows\system32\XceedFtp.dll
2010-09-28 19:44 . 2010-09-28 19:44 1196032 ----a-w- c:\program files\Game CD Key List 3.90.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\users\Paśo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_04.02.2011_08-53.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_04.02.2011_08-53\startup.exe [2011-2-4 72208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 07:31 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2009-04-27 11:37 25256 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2009-04-27 11:37 291496 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-09-30 10:27 2773320 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 01:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

R1 MpKsl6ec3c61b;MpKsl6ec3c61b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsl6ec3c61b.sys [x]
R1 MpKsl7ee1a270;MpKsl7ee1a270;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsl7ee1a270.sys [x]
R1 MpKslc063c7ee;MpKslc063c7ee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKslc063c7ee.sys [x]
R1 MpKsld148ac02;MpKsld148ac02;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsld148ac02.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
R3 CFcatchme;CFcatchme;c:\users\PAO~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 23048]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1343400]
R4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
S0 44252262;44252262 Boot Guard Driver;c:\windows\system32\DRIVERS\44252262.sys [2009-10-22 37392]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-16 691696]
S1 44252261;44252261;c:\windows\system32\DRIVERS\44252261.sys [2009-09-25 128016]
S1 setup_9.0.0.722_04.02.2011_08-53drv;setup_9.0.0.722_04.02.2011_08-53drv;c:\windows\system32\DRIVERS\4425226.sys [2009-10-09 311312]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-09-30 2397512]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.
Contents of the 'Scheduled Tasks' folder

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 14:13]

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 14:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="2DDF99B0A265651BE2FC288B710F88AD330F126E68CE4A8E1F0B983F553C67820265C51AB56DF0CD8241F4BC7145668D1860E3412A934CD618F4E0AC8D07D92F5FB27BCC486B404B7FB949607B3C6F2E82D14797C7867A00BE6F32DEE89481CEB70D06FA5FF1368B145385772C3DE6619713C86098439959C00F6BD095F6C2CF640EBC4E212A7A3860CA0DF74224D3AFE028807D17FDB468323C72F068D747D31F24F2E25AD077AE6AB347C9A5E30455CCE804445F7C186307B232A3D6EF7E2E87FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794C038D530D6EB345206143E4279F2A95E231FCE890899B1E9DD234444A953F4773B52D1F8EA9C8E81719499B1D4CA2136B2AF365C63B75293477C1CB1BA81879F71A940ADC25C7CAA2B1A1A9D00E7AD1EA945EAB9CA2904E33C31DFD1C780DF53ED757A7F3EBA6BB98154CBFBB8313DE53BE108F172F6D1D2F6B5596C989549D20FB915CFDB6080579AF8336651CEF63FF0099BF4A1697E3C838043ED09CD41C3877E99A3ABBB9992ECBFC39AAEAD32402845295BB20FFEDDC68B4EE50B777AABDF4E062452F844DBC4E569FACDFD7C638E25275F963A7CDB73D49D08A1A5DC79703AC91D0B10450942AC810D3A381587AC3A02E1CE02563E15E04AACE4B001FB69D54A7FA1B59353D7575EFA9791F06E599897E2F3BE1C6F0935DF4F02B136694D36E1E1F7695AD7CE2FC4929B8A38BE42DB3B8BB0109340815C5F1038890057F27A5CFA83E87998C101EFC612E1C80367A0B425C4D6B7E203653A345D5A934584407AA94CB9057B219D8E2BD69D32299D88BDA082BAB4EDE8E1DA21D70B5B12012C72ED71A2C3C73059C07B5E07B9848D39060FD2A46C5FDF6A9DE425C877013CE46CEBA2B032AC070D9D95ADABD5CB35DC31282F43F394E998CF2D5580B8BCDB1785ED26B4FDBA1195307ADFDB3697E32154C5280916D15D0B38500DE526D05B714F6055C08C6810D274D0232D38E73F377D6860ABCE3E62648EC383F07AAD89284DD39C30750E15A9DDE23878729DBFD3A8B10FA551E4794B7C26855CA42708727B7D7D9C82E90883D21DF65B2C8132B3CA69803482B571EAA4B5732746764E0DC3368EE5341D274C2B91C936E3BA38904A7A12DA7A8372F09956C1933738A737097A77323FAB00F4B6F72E2F47DAC4AF82F3B85E0886F411E490F82B806B32B39FEBF5E80981F77237A837AF3D53A15441077BC9AD5AC602018F353761F461CA50CF5B352E6A453CE22289635E79EBC84B0C75EA1F7C0BFC5EA3A547CB9DFA48D80D8C88FD18F450E206E13BF48714DA577D55D446D13542E0C08F2EE7929A7BE9328495FC20E42FD61A8C6E839D5F5C8EFADEDCC1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-04 21:35:02
ComboFix-quarantined-files.txt 2011-02-04 20:35
ComboFix2.txt 2011-02-03 21:44
ComboFix3.txt 2011-02-03 15:27
ComboFix4.txt 2011-02-03 14:51
ComboFix5.txt 2011-02-04 20:18

Pre-Run: 89 773 543 424 bytes free
Post-Run: 89 743 794 176 bytes free

- - End Of File - - 6906D3BF74F04E4DAE34D130C48202B7
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Olmarik.ZC

#25 Příspěvek od motji »

To je nějaké divné. Pust combofix se skriptem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
15tomasp15
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 07 dub 2009 06:21

Re: Olmarik.ZC

#26 Příspěvek od 15tomasp15 »

Znova naskočil zoznam tých súborov, reštart a sken:

ComboFix 11-01-31.02 - Paťo . 02. 2011 10:19:27.7.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.2559.1673 [GMT 1:00]
Running from: c:\users\Paťo\Desktop\ComboFix.exe
Command switches used :: c:\users\Paťo\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"f:\paťo\Sofware\Pinnacle Studio\cyg-pshd.iso/CYGiSO/keygen.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Pato\AppData\Roaming\64dlls.exe
c:\users\Pato\AppData\Roaming\intel64.exe
c:\users\Pato\AppData\Roaming\Kernel32.exe
c:\users\Pato\AppData\Roaming\localsys64.exe
c:\users\Pato\AppData\Roaming\ntos.exe
c:\users\Pato\AppData\Roaming\oembios.exe
c:\users\Pato\AppData\Roaming\sdra64.exe
c:\users\Pato\AppData\Roaming\sdra73.exe
c:\users\Pato\AppData\Roaming\swin32.exe
c:\users\Pato\AppData\Roaming\twex.exe
c:\users\Pato\AppData\Roaming\twext.exe
c:\users\Pato\AppData\Roaming\wsnpoema.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-05 to 2011-02-05 )))))))))))))))))))))))))))))))
.

2011-02-05 09:27 . 2011-02-05 09:28 -------- d-----w- c:\users\Paťo\AppData\Local\temp
2011-02-05 09:27 . 2011-02-05 09:27 -------- d-----w- c:\users\Zorka\AppData\Local\temp
2011-02-05 09:27 . 2011-02-05 09:27 -------- d-----w- c:\users\Pato\AppData\Local\temp
2011-02-05 09:27 . 2011-02-05 09:27 -------- d-----w- c:\users\eL_Lucho\AppData\Local\temp
2011-02-05 09:27 . 2011-02-05 09:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-05 09:27 . 2011-02-05 09:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-02-04 20:40 . 2011-01-13 00:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7B7C145E-2EC9-4B0E-B685-177266FED23B}\mpengine.dll
2011-02-04 14:31 . 2011-02-05 07:44 -------- d-----w- c:\programdata\Kaspersky Lab
2011-02-04 14:30 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\44252262.sys
2011-02-04 14:30 . 2009-10-09 21:31 311312 ----a-w- c:\windows\system32\drivers\4425226.sys
2011-02-04 14:30 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\44252261.sys
2011-02-04 14:30 . 2011-02-04 20:21 -------- d-----w- c:\program files\Virus Removal Tool
2011-02-03 19:59 . 2011-02-03 19:59 -------- d-----w- c:\users\Paťo\AppData\Roaming\Malwarebytes
2011-02-03 19:59 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-03 19:59 . 2011-02-03 19:59 -------- d-----w- c:\programdata\Malwarebytes
2011-02-03 19:59 . 2011-02-03 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-03 19:59 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-03 16:58 . 2011-02-03 17:01 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-02-02 13:55 . 2011-01-13 00:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-01 16:41 . 2011-02-01 16:40 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D624405D-E533-4F9D-8C61-1F2DA4C57242}\gapaengine.dll
2011-02-01 16:38 . 2011-02-01 16:39 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-01 16:38 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-31 21:17 . 2011-01-31 21:17 -------- d-----w- c:\users\Pato\AppData\Local\Microsoft
2011-01-31 21:17 . 2011-01-31 21:17 -------- d-----w- c:\users\Pato
2011-01-31 12:15 . 2011-01-31 12:15 -------- d-----w- C:\rsit
2011-01-31 12:15 . 2011-01-31 12:15 -------- d-----w- c:\program files\trend micro
2011-01-31 10:29 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-31 10:29 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-31 10:29 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-31 10:29 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-31 10:29 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-31 10:29 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-31 10:29 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-31 10:29 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-31 10:29 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-31 00:07 . 2011-01-31 00:07 -------- d-----w- c:\program files\SystemRequirementsLab
2011-01-30 14:11 . 2011-01-30 14:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-30 11:23 . 2011-01-30 11:23 -------- d-----w- c:\program files\Yamicsoft
2011-01-26 21:07 . 2011-02-03 18:49 -------- d-----w- c:\users\eL_Lucho\AppData\Local\LogMeIn Hamachi
2011-01-24 21:26 . 2011-01-24 21:26 -------- d-----w- c:\users\Paťo\AppData\Local\BuildAGadget Content
2011-01-24 20:35 . 2011-01-24 20:35 -------- d-----w- c:\program files\FinalWire
2011-01-24 16:33 . 2011-01-24 16:34 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\GetRightToGo
2011-01-23 16:17 . 2011-01-23 16:19 -------- d-----w- c:\program files\FlatOut2
2011-01-07 22:42 . 2011-01-07 22:42 -------- d-----w- c:\users\Paťo\AppData\Roaming\VitySoft
2011-01-07 21:19 . 1998-10-02 18:00 327168 ----a-w- c:\windows\IsUninst.exe
2011-01-07 21:18 . 2011-01-07 21:18 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2011-01-07 21:18 . 2011-01-07 21:18 49152 ----a-r- c:\users\Paťo\AppData\Roaming\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
2011-01-07 21:16 . 2011-01-07 21:16 -------- d-----w- c:\program files\Sports Interactive
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 10:30 . 2011-01-07 10:30 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\AIMP
2011-01-07 10:28 . 2011-01-07 10:28 -------- d-----w- c:\users\eL_Lucho\AppData\Local\4A Games
2011-01-07 10:27 . 2011-01-07 10:27 -------- d-----w- c:\users\eL_Lucho\AppData\Roaming\HandBrake
2011-01-07 10:27 . 2011-01-07 10:27 -------- d-----w- c:\users\eL_Lucho\AppData\Local\HandBrake
2011-01-07 01:44 . 2011-01-07 01:47 -------- d-----w- c:\users\Paťo\AppData\Local\LogMeIn Hamachi
2011-01-07 01:43 . 2011-01-07 01:47 -------- d-----w- c:\program files\LogMeIn Hamachi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-01-31 10:29 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-10-16 09:55 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2010-10-16 09:55 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2009-07-13 22:09 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-12-19 22:21 . 2009-07-13 23:11 56912 ----a-w- c:\windows\system32\drivers\partmgr.sys
2010-12-19 22:21 . 2009-07-13 23:11 56912 ------w- c:\windows\system32\drivers\partmgr.sys.copy
2010-11-29 15:28 . 2010-11-29 15:28 348160 ----a-w- c:\windows\system32\Msvcr71.dll
2010-11-29 15:28 . 2010-11-29 15:28 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-11-29 15:28 . 2010-11-29 15:28 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-11-29 15:26 . 2010-11-29 15:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-19 14:55 . 2010-11-19 14:55 292696 ----a-w- c:\windows\system32\XceedFtp.dll
2010-09-28 19:44 . 2010-09-28 19:44 1196032 ----a-w- c:\program files\Game CD Key List 3.90.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\users\Paśo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_04.02.2011_08-53.lnk - c:\program files\Virus Removal Tool\setup_9.0.0.722_04.02.2011_08-53\startup.exe [2011-2-4 72208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2010-12-06 07:31 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2009-04-27 11:37 25256 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2009-04-27 11:37 291496 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2010-09-30 10:27 2773320 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAC7302_Monitor]
2006-11-03 10:01 319488 ----a-w- c:\windows\PixArt\PAC7302\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 01:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe

R1 MpKsl6ec3c61b;MpKsl6ec3c61b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsl6ec3c61b.sys [x]
R1 MpKsl7ee1a270;MpKsl7ee1a270;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsl7ee1a270.sys [x]
R1 MpKslc063c7ee;MpKslc063c7ee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKslc063c7ee.sys [x]
R1 MpKsld148ac02;MpKsld148ac02;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76114694-0145-4FAB-BD52-21C6C31C03AB}\MpKsld148ac02.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 136176]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2010-04-06 25864]
R3 CFcatchme;CFcatchme;c:\users\PAO~1\AppData\Local\Temp\CFcatchme.sys [x]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2010-04-06 23048]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-16 1343400]
R4 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
S0 44252262;44252262 Boot Guard Driver;c:\windows\system32\DRIVERS\44252262.sys [2009-10-22 37392]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2010-04-06 20104]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-16 691696]
S1 44252261;44252261;c:\windows\system32\DRIVERS\44252261.sys [2009-09-25 128016]
S1 setup_9.0.0.722_04.02.2011_08-53drv;setup_9.0.0.722_04.02.2011_08-53drv;c:\windows\system32\DRIVERS\4425226.sys [2009-10-09 311312]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-09-30 2397512]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.
Contents of the 'Scheduled Tasks' folder

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 14:13]

2011-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-05 14:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="2DDF99B0A265651BE2FC288B710F88AD330F126E68CE4A8E1F0B983F553C67820265C51AB56DF0CD8241F4BC7145668D1860E3412A934CD618F4E0AC8D07D92F5FB27BCC486B404B7FB949607B3C6F2E82D14797C7867A00BE6F32DEE89481CEB70D06FA5FF1368B145385772C3DE6619713C86098439959C00F6BD095F6C2CF640EBC4E212A7A3860CA0DF74224D3AFE028807D17FDB468323C72F068D747D31F24F2E25AD077AE6AB347C9A5E30455CCE804445F7C186307B232A3D6EF7E2E87FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794C038D530D6EB345206143E4279F2A95E231FCE890899B1E9DD234444A953F4773B52D1F8EA9C8E81719499B1D4CA2136B2AF365C63B75293477C1CB1BA81879F71A940ADC25C7CAA2B1A1A9D00E7AD1EA945EAB9CA2904E33C31DFD1C780DF53ED757A7F3EBA6BB98154CBFBB8313DE53BE108F172F6D1D2F6B5596C989549D20FB915CFDB6080579AF8336651CEF63FF0099BF4A1697E3C838043ED09CD41C3877E99A3ABBB9992ECBFC39AAEAD32402845295BB20FFEDDC68B4EE50B777AABDF4E062452F844DBC4E569FACDFD7C638E25275F963A7CDB73D49D08A1A5DC79703AC91D0B10450942AC810D3A381587AC3A02E1CE02563E15E04AACE4B001FB69D54A7FA1B59353D7575EFA9791F06E599897E2F3BE1C6F0935DF4F02B136694D36E1E1F7695AD7CE2FC4929B8A38BE42DB3B8BB0109340815C5F1038890057F27A5CFA83E87998C101EFC612E1C80367A0B425C4D6B7E203653A345D5A934584407AA94CB9057B219D8E2BD69D32299D88BDA082BAB4EDE8E1DA21D70B5B12012C72ED71A2C3C73059C07B5E07B9848D39060FD2A46C5FDF6A9DE425C877013CE46CEBA2B032AC070D9D95ADABD5CB35DC31282F43F394E998CF2D5580B8BCDB1785ED26B4FDBA1195307ADFDB3697E32154C5280916D15D0B38500DE526D05B714F6055C08C6810D274D0232D38E73F377D6860ABCE3E62648EC383F07AAD89284DD39C30750E15A9DDE23878729DBFD3A8B10FA551E4794B7C26855CA42708727B7D7D9C82E90883D21DF65B2C8132B3CA69803482B571EAA4B5732746764E0DC3368EE5341D274C2B91C936E3BA38904A7A12DA7A8372F09956C1933738A737097A77323FAB00F4B6F72E2F47DAC4AF82F3B85E0886F411E490F82B806B32B39FEBF5E80981F77237A837AF3D53A15441077BC9AD5AC602018F353761F461CA50CF5B352E6A453CE22289635E79EBC84B0C75EA1F7C0BFC5EA3A547CB9DFA48D80D8C88FD18F450E206E13BF48714DA577D55D446D13542E0C08F2EE7929A7BE9328495FC20E42FD61A8C6E839D5F5C8EFADEDCC1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-05 10:30:03
ComboFix-quarantined-files.txt 2011-02-05 09:30
ComboFix2.txt 2011-02-03 21:44
ComboFix3.txt 2011-02-03 15:27
ComboFix4.txt 2011-02-03 14:51
ComboFix5.txt 2011-02-04 20:18

Pre-Run: 91 416 973 312 bytes free
Post-Run: 91 136 962 560 bytes free

- - End Of File - - 85381D2A72DD49618495318F533B1E9D


Ďakujem :)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Olmarik.ZC

#27 Příspěvek od motji »

Je to nějaké divné :o .
Složku qoobox ( najdeš ji na C-qarantine) dej do raru a pošli mi ji na leteckou poštu. Link mi vlož do sz.

:arrow: Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
15tomasp15
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 07 dub 2009 06:21

Re: Olmarik.ZC

#28 Příspěvek od 15tomasp15 »

No, preč pôjdem až neskôr, takže som to stihol :)

OLT.txt je moc velký, tak som to dal tu, heslo je rovnaké ako k tomu .rar archívu čo som posielal cez PM :)

Kód: Vybrat vše

http://tinypaste.com/b77698
a súbor Extras.txt

OTL Extras logfile created on: 2/5/2011 12:46:15 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Paťo\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 201.35 Gb Total Space | 84.89 Gb Free Space | 42.16% Space Free | Partition Type: NTFS
Drive F: | 730.16 Gb Total Space | 334.50 Gb Free Space | 45.81% Space Free | Partition Type: NTFS

Computer Name: PATO-PC | User Name: Paťo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3786686005-3022618270-2500449164-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4908C75E-E5E2-43F7-B1DF-023CBA831051}" = Nero 7 Ultra Edition
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7BC6B815-D9F1-4C43-82B4-7CB25458DD31}" = O&O Defrag Professional
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client SK-SK Language Pack
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1" = Grand Theft Auto IV - Episodes From Liberty City
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-041B-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Slovak) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-041B-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Slovak) 2010
"{90140000-0100-041B-0000-0000000FF1CE}" = Microsoft Office O MUI (Slovak) 2010
"{90140000-0101-041B-0000-0000000FF1CE}" = Microsoft Office X MUI (Slovak) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AE3A67EE-0C5D-11E0-BC1D-0013D3D69929}" = Vegas Pro 10.0
"{B1924580-0C5D-11E0-B655-0013D3D69929}" = MSVCRT Redists
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2920232-19DA-44FC-835F-68E427EAE2CE}" = PC Camera (0022.2009.1125.1003)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovládač 3D Vision 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafický ovládač 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Softvér systému s podporou technológie PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1" = FlatOut2
"{E06EC832-F6E9-49D6-8468-964CA5F9DB89}" = Microsoft Antimalware Service SK-SK Language Pack
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EC0AB585-B279-4A77-8BB5-64C403E43EE7}" = Football Manager 2005
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"{F6E271A7-B642-4CCD-A501-5F8374E9C3CB}" = Windows 7 Manager
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.50
"AIMP2" = AIMP2
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"CCleaner" = CCleaner
"Counter-Strike 1.6" = Counter-Strike 1.6
"Czech Soccer Manager 2002 Final Editionverze 4.0 (31.3.2006)" = Czech Soccer Manager 2002 Final Edition
"Lexmark 2500 Series" = Lexmark 2500 Series
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metro 2033_is1" = Metro 2033
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.sk-sk" = Microsoft Office Language Pack 2010 - Slovak/Slovenčina
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RapidShare Manager" = RapidShare Manager
"SystemRequirementsLab" = System Requirements Lab
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3786686005-3022618270-2500449164-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"Slovnaft Extraliga Patch 10" = Slovnaft Extraliga Patch 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4. 2. 2011 16:53:22 | Computer Name = Pato-PC | Source = EventSystem | ID = 4621
Description =

Error - 4. 2. 2011 18:54:50 | Computer Name = Pato-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01b
language ID. The first DWORD in the Data section contains the Win32 error code.

Error - 5. 2. 2011 4:31:38 | Computer Name = Pato-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: ShowTime.exe, verzia: 3.2.3.1, časová značka:
0x455cad60 Názov chybového modulu: ntdll.dll, verzia: 6.1.7600.16559, časová značka:
0x4ba9b21e Kód výnimky: 0xc0000005 Odstup chyby: 0x0002fc77 Identifikácia chybného
procesu: 0x6bc Čas spustenia chybnej aplikácie: 0x01cbc50f05a9b6bb Cesta chybnej
aplikácie: C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe Cesta chybného
modulu: C:\Windows\SYSTEM32\ntdll.dll Identifikácia hlásenia: 5934540d-3102-11e0-b409-0019663c6c9a

Error - 5. 2. 2011 4:31:40 | Computer Name = Pato-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: ShowTime.exe, verzia: 3.2.3.1, časová značka:
0x455cad60 Názov chybového modulu: ntdll.dll, verzia: 6.1.7600.16559, časová značka:
0x4ba9b21e Kód výnimky: 0xc0000005 Odstup chyby: 0x0002fc77 Identifikácia chybného
procesu: 0x6bc Čas spustenia chybnej aplikácie: 0x01cbc50f05a9b6bb Cesta chybnej
aplikácie: C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe Cesta chybného
modulu: C:\Windows\SYSTEM32\ntdll.dll Identifikácia hlásenia: 5a6e9804-3102-11e0-b409-0019663c6c9a

Error - 5. 2. 2011 5:14:53 | Computer Name = Pato-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: PEV.cfxxe, verzia: 0.0.0.0, časová značka:
0x4bd0e994 Názov chybového modulu: PEV.cfxxe, verzia: 0.0.0.0, časová značka: 0x4bd0e994
Kód
výnimky: 0xc00000fd Odstup chyby: 0x00057630 Identifikácia chybného procesu: 0xfc8
Čas
spustenia chybnej aplikácie: 0x01cbc51512dd4fa1 Cesta chybnej aplikácie: C:\32788R22FWJFW\PEV.cfxxe
Cesta
chybného modulu: C:\32788R22FWJFW\PEV.cfxxe Identifikácia hlásenia: 63dd0af9-3108-11e0-b409-0019663c6c9a

Error - 5. 2. 2011 5:18:17 | Computer Name = Pato-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: PEV.cfxxe, verzia: 0.0.0.0, časová značka:
0x4bd0e994 Názov chybového modulu: PEV.cfxxe, verzia: 0.0.0.0, časová značka: 0x4bd0e994
Kód
výnimky: 0xc00000fd Odstup chyby: 0x00057668 Identifikácia chybného procesu: 0xcc8
Čas
spustenia chybnej aplikácie: 0x01cbc51588c96cad Cesta chybnej aplikácie: C:\ComboFix\PEV.cfxxe
Cesta
chybného modulu: C:\ComboFix\PEV.cfxxe Identifikácia hlásenia: dd19ed2d-3108-11e0-986b-0019663c6c9a

Error - 5. 2. 2011 5:19:06 | Computer Name = Pato-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: PEV.cfxxe, verzia: 0.0.0.0, časová značka:
0x4bd0e994 Názov chybového modulu: PEV.cfxxe, verzia: 0.0.0.0, časová značka: 0x4bd0e994
Kód
výnimky: 0xc00000fd Odstup chyby: 0x0003ef0e Identifikácia chybného procesu: 0xf0c
Čas
spustenia chybnej aplikácie: 0x01cbc515a6888391 Cesta chybnej aplikácie: C:\ComboFix\PEV.cfxxe
Cesta
chybného modulu: C:\ComboFix\PEV.cfxxe Identifikácia hlásenia: fa8a5677-3108-11e0-986b-0019663c6c9a

Error - 5. 2. 2011 5:23:25 | Computer Name = Pato-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: pev.exe, verzia: 0.0.0.0, časová značka:
0x4bd0e994 Názov chybového modulu: pev.exe, verzia: 0.0.0.0, časová značka: 0x4bd0e994
Kód
výnimky: 0xc00000fd Odstup chyby: 0x0005763a Identifikácia chybného procesu: 0xaa4
Čas
spustenia chybnej aplikácie: 0x01cbc516427e16d5 Cesta chybnej aplikácie: C:\ComboFix\pev.exe
Cesta
chybného modulu: C:\ComboFix\pev.exe Identifikácia hlásenia: 9507362f-3109-11e0-986b-0019663c6c9a

Error - 5. 2. 2011 5:24:28 | Computer Name = Pato-PC | Source = Application Error | ID = 1000
Description = Názov chybovej aplikácie: PEV.cfxxe, verzia: 0.0.0.0, časová značka:
0x4bd0e994 Názov chybového modulu: PEV.cfxxe, verzia: 0.0.0.0, časová značka: 0x4bd0e994
Kód
výnimky: 0xc00000fd Odstup chyby: 0x00057630 Identifikácia chybného procesu: 0xb84
Čas
spustenia chybnej aplikácie: 0x01cbc51669e0cf97 Cesta chybnej aplikácie: C:\ComboFix\PEV.cfxxe
Cesta
chybného modulu: C:\ComboFix\PEV.cfxxe Identifikácia hlásenia: bad23cd3-3109-11e0-986b-0019663c6c9a

Error - 5. 2. 2011 7:18:32 | Computer Name = Pato-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Unable to read the performance counter strings defined for the 01b
language ID. The first DWORD in the Data section contains the Win32 error code.

[ System Events ]
Error - 4. 2. 2011 16:21:48 | Computer Name = Pato-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 4. 2. 2011 16:24:32 | Computer Name = Pato-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 4. 2. 2011 16:33:04 | Computer Name = Pato-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 4. 2. 2011 16:35:27 | Computer Name = Pato-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Function Discovery Provider Host, od ktorej závisí
služba HomeGroup Provider, zlyhalo kvôli nasledujúcej chybe: %%1058

Error - 4. 2. 2011 16:41:06 | Computer Name = Pato-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Function Discovery Provider Host, od ktorej závisí
služba HomeGroup Provider, zlyhalo kvôli nasledujúcej chybe: %%1058

Error - 5. 2. 2011 3:07:52 | Computer Name = Pato-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 5. 2. 2011 3:08:33 | Computer Name = Pato-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Function Discovery Provider Host, od ktorej závisí
služba HomeGroup Provider, zlyhalo kvôli nasledujúcej chybe: %%1058

Error - 5. 2. 2011 3:44:24 | Computer Name = Pato-PC | Source = Service Control Manager | ID = 7001
Description = Spustenie služby Function Discovery Provider Host, od ktorej závisí
služba HomeGroup Provider, zlyhalo kvôli nasledujúcej chybe: %%1058

Error - 5. 2. 2011 5:16:00 | Computer Name = Pato-PC | Source = Service Control Manager | ID = 7030
Description = Služba PEVSystemStart je označená ako interaktívna služba. Systém
je však nakonfigurovaný tak, aby nepovolil interaktívne služby. Služba pravdepodobne
nebude pracovať správne.

Error - 5. 2. 2011 5:16:51 | Computer Name = Pato-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.


< End of report >
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Olmarik.ZC

#29 Příspěvek od motji »

Prosím tě OTL.txt vlož sem, rozděl do více příspěvků
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
15tomasp15
Návštěvník
Návštěvník
Příspěvky: 37
Registrován: 07 dub 2009 06:21

Re: Olmarik.ZC

#30 Příspěvek od 15tomasp15 »

Mal som byť preč do zajtra večera, a už som tu :D

OTL logfile created on: 2/5/2011 12:46:15 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Paťo\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 201.35 Gb Total Space | 84.89 Gb Free Space | 42.16% Space Free | Partition Type: NTFS
Drive F: | 730.16 Gb Total Space | 334.50 Gb Free Space | 45.81% Space Free | Partition Type: NTFS

Computer Name: PATO-PC | User Name: Paťo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/05 12:33:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Paťo\Desktop\OTL.exe
PRC - [2011/01/07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/30 11:27:24 | 002,397,512 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/09/08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/08/05 13:11:04 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2008/08/05 13:10:58 | 000,120,320 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/01/04 12:36:10 | 000,089,088 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
PRC - [2007/05/25 08:41:38 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe


========== Modules (SafeList) ==========

MOD - [2011/02/05 12:33:07 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Paťo\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/02 05:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/10/16 10:26:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/09/30 11:27:24 | 002,397,512 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/09/08 06:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/05/25 08:41:54 | 000,099,248 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 08:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/02/05 12:14:59 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EEEB66E4-5A31-4066-9118-DCDDAEA7D039}\MpKslda189474.sys -- (MpKslda189474)
DRV - [2011/01/08 04:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/10/16 12:54:09 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/29 12:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/04/06 17:33:10 | 000,025,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2010/04/06 17:32:48 | 000,023,048 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2010/04/06 17:32:44 | 000,020,104 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/26 00:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/10/22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\44252262.sys -- (44252262)
DRV - [2009/10/09 22:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\4425226.sys -- (setup_9.0.0.722_04.02.2011_08-53drv)
DRV - [2009/09/25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\44252261.sys -- (44252261)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/01 23:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/01/19 04:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/11/08 10:29:52 | 000,458,752 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/04/03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 12:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 12:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 12:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2005/04/13 18:34:24 | 000,010,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmpu401.sys -- (nvmpu401) Service for NVIDIA(R) nForce(TM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3786686005-3022618270-2500449164-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EF 26 59 16 69 C1 CB 01 [binary data]
IE - HKU\S-1-5-21-3786686005-3022618270-2500449164-1001\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3786686005-3022618270-2500449164-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.sk"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.9.6


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 18:21:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 14:22:11 | 000,000,000 | ---D | M]

[2010/10/16 13:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paťo\AppData\Roaming\mozilla\Extensions
[2011/02/04 16:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paťo\AppData\Roaming\mozilla\Firefox\Profiles\u4hr4z7f.default\extensions
[2010/10/16 13:24:16 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Paťo\AppData\Roaming\mozilla\Firefox\Profiles\u4hr4z7f.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/01/11 16:33:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Paťo\AppData\Roaming\mozilla\Firefox\Profiles\u4hr4z7f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/18 16:16:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Users\Paťo\AppData\Roaming\mozilla\Firefox\Profiles\u4hr4z7f.default\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2010/12/26 16:36:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Paťo\AppData\Roaming\mozilla\Firefox\Profiles\u4hr4z7f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/16 20:43:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paťo\AppData\Roaming\mozilla\Firefox\Profiles\u4hr4z7f.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/01/22 16:30:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Paťo\AppData\Roaming\mozilla\Firefox\Profiles\u4hr4z7f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/16 13:24:16 | 000,000,000 | ---D | M] ("MultirowBookmarksToolbar") -- C:\Users\Paťo\AppData\Roaming\mozilla\Firefox\Profiles\u4hr4z7f.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011/01/14 20:48:41 | 000,000,000 | ---D | M] (PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD)) -- C:\Users\Paťo\AppData\Roaming\mozilla\Firefox\Profiles\u4hr4z7f.default\extensions\facepad@lazyrussian.com
[2011/01/22 16:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\PAĹĄO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4HR4Z7F.DEFAULT\EXTENSIONS\{35106BCA-6C78-48C7-AC28-56DF30B51D2A}
File not found (No name found) -- C:\USERS\PAĹĄO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4HR4Z7F.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\USERS\PAĹĄO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4HR4Z7F.DEFAULT\EXTENSIONS\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\PAĹĄO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4HR4Z7F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\USERS\PAĹĄO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4HR4Z7F.DEFAULT\EXTENSIONS\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}
File not found (No name found) -- C:\USERS\PAĹĄO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4HR4Z7F.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}
File not found (No name found) -- C:\USERS\PAĹĄO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4HR4Z7F.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
File not found (No name found) -- C:\USERS\PAĹĄO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4HR4Z7F.DEFAULT\EXTENSIONS\FACEPAD@LAZYRUSSIAN.COM
[2010/09/14 22:57:55 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010/09/14 22:57:55 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010/09/14 22:57:55 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010/09/14 22:57:55 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010/09/14 22:57:55 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010/09/14 22:57:55 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2011/02/05 10:27:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Paťo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_04.02.2011_08-53.lnk = C:\Program Files\Virus Removal Tool\setup_9.0.0.722_04.02.2011_08-53\startup.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3786686005-3022618270-2500449164-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3786686005-3022618270-2500449164-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3786686005-3022618270-2500449164-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDow ... rtScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.co ... 4.16.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“