VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

MBAM opakovane hlasi Hijack.WindowsUpdates

https://forum.viry.cz:443/viewtopic.php?t=91279

Stránka 2 z 9

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 13:56
od destilator
otl_.JPG
(121.29 KiB) Staženo 17 x
no pracovalo to dost dlho, uz som myslel ze je koniec, ale vypisalo takito oznam

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 13:58
od vyosek
:arrow: Takze si to dame jeste jednou, ale pouzijte nasledujici (upraveny) skript

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 14:18
od destilator
skenovanie nepokracuje. stale to stoji namieste

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 14:20
od destilator
ano uz to ide

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 14:43
od destilator
kurna, uz to skoncilo, opytalo sa ze ci to chcem vytvorit txt subory a za toho otca ich nemozem najst. neviem kde to ulozilo

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 14:45
od vyosek
Mely by byt ulozeny na plose nebo tam kde jste ulozil OTL a spoustel jste jej...

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 14:54
od destilator
take subory ako pisete: OTL a EXTRAS v pc nemam. pouzil som windowsacke hladanie. asi sa museli volat nejako inac. mam ten sken spustit znova?

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 14:55
od vyosek
:arrow: Ano spustte skenovani znovu...

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 15:48
od destilator
OTL Extras logfile created on: 19.11.2010 15:10:26 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 77,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 3,91 Gb Free Space | 20,03% Space Free | Partition Type: NTFS
Drive D: | 94,95 Gb Total Space | 39,14 Gb Free Space | 41,22% Space Free | Partition Type: NTFS

Computer Name: D9432BD1EDFF478 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-790525478-113007714-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- D:\SOFT\PORTAB~1\APP\FIREFOX\FIREFOX.EXE -url "%1" (Mozilla Corporation)
https [open] -- D:\SOFT\PORTAB~1\APP\FIREFOX\FIREFOX.EXE -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)
"C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe:*:Enabled:Sony Ericsson PC Suite 3.2 -- (Sony Ericsson Mobile Communications AB)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1 -- (Sony Creative Software Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0096A731-71DB-4969-AF1A-651698B246A5}" = Sony Ericsson Media Manager 1.1
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{438bb9b4-65fe-4626-91d9-a8f57b18001d}" = Bluesoleil2.6.0.8 Release 070517
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6F8A555E-F2E1-415D-AD8A-67C0A7671051}" = Nero 8
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{AC76BA86-7AD7-1029-7646-CE0000000001}" = Adobe Reader 6.0 CE
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v2.1
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}" = 602XML Filler
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Topcom Wireless LAN Card
"{ecd03da7-5952-406a-8156-5f0c93618d1f}" = USB PC Camera-168
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Magical Snap 2_is1" = Ashampoo Magical Snap 2.31
"ATI Display Driver" = ATI Display Driver
"AVIcodec" = AVIcodec (remove only)
"BitMeter" = BitMeter
"CloneCD" = CloneCD
"ClonyXXL_is1" = ClonyXXL
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DivX Codec" = DivX Pro Codec
"DivX Setup.divx.com" = DivX Setup
"eQSO Client for PMR Radio_is1" = eQSO PC Client 2.50 Build 1
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Multimedia Net Modem USB Driver" = Multimedia Net Modem USB Driver
"MV2Player" = MV2Player (remove only)
"NOD32" = Antivírusový systém NOD32
"NVIDIA" = NVIDIA Windows NT 4.0 Display Drivers
"Picasa 3" = Picasa 3
"SereneScreen Marine Aquarium 2_is1" = SereneScreen Marine Aquarium 2
"Spy Emergency_is1" = Spy Emergency
"ST5UNST #1" = W95SSTV
"Total Commander 6.02_is1" = Total Commander
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 1.0.5
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archivátor
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-790525478-113007714-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.11.2010 6:43:31 | Computer Name = D9432BD1EDFF478 | Source = Userenv | ID = 1041
Description = Systém Windows nemôže zadať dotaz na položku databázy Registry DllName
pre rozšírenie {7B849a69-220F-451E-B3FE-2CB811AF94AE}, a rozšírenie preto nebude
načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Error - 19.11.2010 6:43:31 | Computer Name = D9432BD1EDFF478 | Source = Userenv | ID = 1041
Description = Systém Windows nemôže zadať dotaz na položku databázy Registry DllName
pre rozšírenie {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, a rozšírenie preto nebude
načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Error - 19.11.2010 7:52:31 | Computer Name = D9432BD1EDFF478 | Source = Userenv | ID = 1041
Description = Systém Windows nemôže zadať dotaz na položku databázy Registry DllName
pre rozšírenie {7B849a69-220F-451E-B3FE-2CB811AF94AE}, a rozšírenie preto nebude
načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Error - 19.11.2010 7:52:31 | Computer Name = D9432BD1EDFF478 | Source = Userenv | ID = 1041
Description = Systém Windows nemôže zadať dotaz na položku databázy Registry DllName
pre rozšírenie {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, a rozšírenie preto nebude
načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Error - 19.11.2010 8:13:31 | Computer Name = D9432BD1EDFF478 | Source = Userenv | ID = 1041
Description = Systém Windows nemôže zadať dotaz na položku databázy Registry DllName
pre rozšírenie {7B849a69-220F-451E-B3FE-2CB811AF94AE}, a rozšírenie preto nebude
načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Error - 19.11.2010 8:13:31 | Computer Name = D9432BD1EDFF478 | Source = Userenv | ID = 1041
Description = Systém Windows nemôže zadať dotaz na položku databázy Registry DllName
pre rozšírenie {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, a rozšírenie preto nebude
načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Error - 19.11.2010 9:32:32 | Computer Name = D9432BD1EDFF478 | Source = Userenv | ID = 1041
Description = Systém Windows nemôže zadať dotaz na položku databázy Registry DllName
pre rozšírenie {7B849a69-220F-451E-B3FE-2CB811AF94AE}, a rozšírenie preto nebude
načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Error - 19.11.2010 9:32:32 | Computer Name = D9432BD1EDFF478 | Source = Userenv | ID = 1041
Description = Systém Windows nemôže zadať dotaz na položku databázy Registry DllName
pre rozšírenie {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, a rozšírenie preto nebude
načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Error - 19.11.2010 9:58:31 | Computer Name = D9432BD1EDFF478 | Source = Userenv | ID = 1041
Description = Systém Windows nemôže zadať dotaz na položku databázy Registry DllName
pre rozšírenie {7B849a69-220F-451E-B3FE-2CB811AF94AE}, a rozšírenie preto nebude
načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

Error - 19.11.2010 9:58:31 | Computer Name = D9432BD1EDFF478 | Source = Userenv | ID = 1041
Description = Systém Windows nemôže zadať dotaz na položku databázy Registry DllName
pre rozšírenie {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, a rozšírenie preto nebude
načítané. Toto je pravdepodobne spôsobené chybnou registráciou.

[ System Events ]
Error - 19.11.2010 5:00:00 | Computer Name = D9432BD1EDFF478 | Source = Schedule | ID = 7901
Description = Príkaz At11.job zlyhal pri pokuse o spustenie kvôli nasledujúcej chybe:
%%2147942402

Error - 19.11.2010 6:00:00 | Computer Name = D9432BD1EDFF478 | Source = Schedule | ID = 7901
Description = Príkaz At12.job zlyhal pri pokuse o spustenie kvôli nasledujúcej chybe:
%%2147942402

Error - 19.11.2010 6:50:21 | Computer Name = D9432BD1EDFF478 | Source = DCOM | ID = 10005
Description = Server DCOM zistil chybu %2 pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 19.11.2010 6:50:23 | Computer Name = D9432BD1EDFF478 | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Background Intelligent Transfer Service zlyhalo kvôli
nasledujúcej chybe: %%2

Error - 19.11.2010 7:00:00 | Computer Name = D9432BD1EDFF478 | Source = Schedule | ID = 7901
Description = Príkaz At13.job zlyhal pri pokuse o spustenie kvôli nasledujúcej chybe:
%%2147942402

Error - 19.11.2010 8:00:00 | Computer Name = D9432BD1EDFF478 | Source = Schedule | ID = 7901
Description = Príkaz At14.job zlyhal pri pokuse o spustenie kvôli nasledujúcej chybe:
%%2147942402

Error - 19.11.2010 8:10:00 | Computer Name = D9432BD1EDFF478 | Source = DCOM | ID = 10005
Description = Server DCOM zistil chybu %2 pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 19.11.2010 8:10:00 | Computer Name = D9432BD1EDFF478 | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Background Intelligent Transfer Service zlyhalo kvôli
nasledujúcej chybe: %%2

Error - 19.11.2010 9:00:00 | Computer Name = D9432BD1EDFF478 | Source = Schedule | ID = 7901
Description = Príkaz At15.job zlyhal pri pokuse o spustenie kvôli nasledujúcej chybe:
%%2147942402

Error - 19.11.2010 10:00:00 | Computer Name = D9432BD1EDFF478 | Source = Schedule | ID = 7901
Description = Príkaz At16.job zlyhal pri pokuse o spustenie kvôli nasledujúcej chybe:
%%2147942402


< End of report >

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 15:52
od vyosek
Jeste poprosim o log OTL.txt

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 15:53
od destilator
mam s tym posielanim trocha problem
musim rozdelit ten subor lebo je vejky

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 15:54
od vyosek
Rozdelte jej do vice prispevku...

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 15:57
od destilator
[2010.11.16 19:35:44 | 000,815,295 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\4DM2000 (1).pdf
[2010.03.09 19:25:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2010.03.06 18:31:18 | 000,000,059 | ---- | C] () -- C:\WINDOWS\PROGMAN.INI
[2010.03.01 14:41:30 | 000,000,908 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2010.01.26 09:17:30 | 000,068,140 | ---- | C] () -- C:\Program Files\RELEASE.WRI
[2010.01.26 09:17:30 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\LTWND62N.DLL
[2010.01.26 09:17:30 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\LTTWN62N.DLL
[2010.01.26 09:17:30 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP62N.DLL
[2010.01.26 09:17:30 | 000,005,109 | ---- | C] () -- C:\Program Files\W95PTT.GIF
[2010.01.26 09:17:30 | 000,003,200 | ---- | C] () -- C:\WINDOWS\System32\LTTHK62W.DLL
[2010.01.26 09:17:29 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\LTANN62N.DLL
[2010.01.26 09:17:29 | 000,076,288 | ---- | C] () -- C:\WINDOWS\System32\LTIMG62N.DLL
[2010.01.26 09:17:29 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\LFTIF62N.DLL
[2010.01.26 09:17:29 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL62N.DLL
[2010.01.26 09:17:29 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFWMF62N.DLL
[2010.01.26 09:17:29 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\LFTGA62N.DLL
[2010.01.26 09:17:29 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\LFWPG62N.DLL
[2010.01.26 09:17:29 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\LFRAS62N.DLL
[2010.01.26 09:17:29 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\LFWFX62N.DLL
[2010.01.26 09:17:28 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\LFPNG62N.DLL
[2010.01.26 09:17:28 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\LFLMA62N.DLL
[2010.01.26 09:17:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFPCX62N.DLL
[2010.01.26 09:17:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LFLMB62N.DLL
[2010.01.26 09:17:28 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFPCT62N.DLL
[2010.01.26 09:17:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LFPSD62N.DLL
[2010.01.26 09:17:28 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\LFIMG62N.DLL
[2010.01.26 09:17:28 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\LFMSP62N.DLL
[2010.01.26 09:17:28 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\LFMAC62N.DLL
[2010.01.26 09:17:28 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\LFPCD62N.DLL
[2010.01.26 09:17:27 | 000,206,336 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL
[2010.01.26 09:17:27 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\LFFAX62N.DLL
[2010.01.26 09:17:27 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP62N.DLL
[2010.01.26 09:17:27 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\LFICA62N.DLL
[2010.01.26 09:17:27 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\LFEPS62N.DLL
[2010.01.26 09:17:27 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFGIF62N.DLL
[2010.01.26 09:17:27 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\LFCAL62N.DLL
[2010.01.26 09:17:26 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\SSTV32.DLL
[2010.01.26 09:16:43 | 000,007,706 | ---- | C] () -- C:\Program Files\ST5UNST.LOG
[2009.10.18 15:48:08 | 000,015,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\nod32drv.sys
[2009.08.01 19:40:15 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009.07.31 18:34:43 | 000,001,743 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009.04.04 19:21:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\456f9f9e.sys
[2009.03.08 18:43:13 | 000,000,041 | ---- | C] () -- C:\WINDOWS\OPML8WP.INI
[2009.01.11 11:27:24 | 000,001,963 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2008.12.17 17:57:08 | 000,001,396 | ---- | C] () -- C:\WINDOWS\PMR_Radio_Client.INI
[2008.04.17 21:15:52 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2008.04.17 21:11:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008.02.26 21:31:27 | 000,351,744 | ---- | C] () -- C:\Program Files\Salamander.exe
[2008.01.29 18:34:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2007.12.08 22:25:29 | 000,000,952 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007.12.08 19:14:54 | 000,002,931 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.12.08 18:42:23 | 000,000,246 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2007.12.07 16:54:51 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\fusioncache.dat
[2007.12.07 16:16:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.12.07 10:33:10 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.07 10:16:09 | 000,000,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.12.07 09:47:05 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007.12.07 01:17:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2004.12.20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2003.04.07 06:32:14 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2010.02.02 09:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Bitmeter2
[2009.03.21 14:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leadertech
[2009.11.14 12:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Se Analyzer Tool SA
[2009.09.25 15:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sony
[2009.11.14 13:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Spy Emergency
[2010.03.12 16:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TeamViewer
[2010.05.10 21:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ulead Systems
[2010.02.02 09:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitmeter2
[2009.07.31 14:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010.10.06 06:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009.11.14 13:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGATE
[2008.12.04 22:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010.05.10 20:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010.11.19 00:10:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010.11.19 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010.11.19 10:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010.11.19 11:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010.11.19 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010.11.19 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010.11.19 14:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010.11.19 15:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010.11.07 16:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010.11.18 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010.11.16 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010.11.17 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010.11.17 19:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010.11.17 20:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010.11.17 21:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010.11.16 22:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010.11.18 23:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010.11.16 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010.03.09 03:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010.02.02 04:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010.02.04 05:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010.05.13 05:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010.09.27 06:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010.11.19 08:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010.06.14 10:34:43 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1268390001.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" -- [2007.09.20 15:35:10 | 000,202,024 | ---- | M] (Nero AG)
"Google Update" = "C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c -- [2008.12.13 14:28:14 | 000,133,104 | ---- | M] (Google Inc.)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.03 23:56:50 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Sony Ericsson PC Suite" = "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon -- [2009.09.24 13:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB)

< c:\windows\*.* /U >
[10 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2010.01.27 19:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008.12.04 21:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008.11.24 21:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010.02.02 09:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bitmeter2
[2009.07.31 14:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010.10.06 06:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007.12.08 22:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010.03.20 15:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010.02.04 04:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010.05.10 20:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010.09.17 09:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009.11.14 13:15:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007.12.07 10:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009.11.14 13:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGATE
[2010.03.21 18:05:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010.03.20 15:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2008.12.15 19:51:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2007.12.07 10:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2009.11.14 15:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008.12.04 22:53:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010.10.06 06:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2009.11.14 12:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010.11.02 11:45:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.03.20 15:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010.05.10 20:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008.12.14 16:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010.03.20 15:36:29 | 000,057,409 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
[2010.03.20 15:36:47 | 000,056,766 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
[2010.03.20 15:36:27 | 000,052,963 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
[2010.03.20 15:36:15 | 000,054,073 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
[2010.03.20 15:31:38 | 000,986,392 | ---- | M] (DivX, Inc. ) -- C:\Documents and Settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
[2010.03.20 15:36:30 | 000,053,600 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\Update\Uninstaller.exe
[2010.03.20 15:36:42 | 000,056,978 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

< %APPDATA%\*. >
[2010.01.27 19:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Adobe
[2010.11.16 21:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AdobeUM
[2008.11.24 21:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Apple Computer
[2010.02.02 09:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Bitmeter2
[2007.12.08 22:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\CyberLink
[2010.08.28 07:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\dvdcss
[2008.06.06 15:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Google
[2007.12.09 00:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Help
[2007.12.08 22:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Hewlett-Packard
[2007.12.07 00:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Identities
[2009.08.01 19:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\InstallShield
[2009.03.21 14:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Leadertech
[2008.04.18 17:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Macromedia
[2010.09.17 09:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2010.08.02 14:55:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Admin\Application Data\Microsoft
[2010.10.31 09:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla
[2007.12.07 10:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Nero
[2009.11.14 12:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Se Analyzer Tool SA
[2010.11.18 13:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Skype
[2010.11.18 11:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\skypePM
[2009.09.25 15:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sony
[2009.11.14 13:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Spy Emergency
[2009.11.25 09:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sun
[2010.03.12 16:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TeamViewer
[2008.04.18 17:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\U3
[2010.05.10 21:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Ulead Systems
[2010.10.08 07:23:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\vlc

< %APPDATA%\*.exe /s >
[2006.12.07 09:45:12 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\U3\000017F9AC613EE6\cleanup.exe
[2006.12.07 09:45:12 | 003,096,576 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Admin\Application Data\U3\000017F9AC613EE6\Launchpad Removal.exe
[2006.12.11 11:20:18 | 004,603,904 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\U3\000017F9AC613EE6\LaunchPad.exe
[2006.12.07 09:45:12 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\U3\000017F9AC613EE6\U3AccessGrant.exe
[2006.12.07 09:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Admin\Application Data\U3\temp\Launchpad Removal.exe


< MD5 for: AGP440.SYS >
[2004.08.04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004.08.04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 01:12:12 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=23043C91A0F9DFB4B9E9F87B680863B4 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\autochk.exe
[2004.08.03 23:56:48 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\system32\autochk.exe
[2004.08.03 23:56:48 | 000,588,800 | ---- | M] (Microsoft Corporation) MD5=B3415B9D6026F65E43089ABED096C38C -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cdrom.sys
[2009.12.22 19:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2009.12.22 19:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtUninstallKB952011$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.03 23:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.03 23:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 01:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004.08.03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.03 23:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007.06.13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007.06.13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004.08.03 23:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\hal.dll
[2004.08.03 21:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.04 00:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.13 19:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\isapnp.sys
[2001.08.17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2001.08.17 13:58:02 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.08.23 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.03 23:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.03 23:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 01:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[2004.08.03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2004.08.03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.03 23:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.03 23:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 01:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\smss.exe
[2004.08.03 23:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.03 23:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[2004.08.03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.03 23:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2007.10.30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2007.10.30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2007.10.30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[2004.08.03 22:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2006.04.20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.03 23:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008.04.14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.03 23:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[2004.08.03 23:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.03 23:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.12.07 01:15:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.12.07 01:15:50 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.12.07 01:15:50 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 15:59
od destilator
OTL logfile created on: 19.11.2010 15:10:26 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 77,00 Mb Available Physical Memory | 15,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 3,91 Gb Free Space | 20,03% Space Free | Partition Type: NTFS
Drive D: | 94,95 Gb Total Space | 39,14 Gb Free Space | 41,22% Space Free | Partition Type: NTFS

Computer Name: D9432BD1EDFF478 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2010.11.19 11:51:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2010.11.01 22:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010.03.05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.10.18 15:46:05 | 000,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2009.10.18 15:46:05 | 000,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2009.09.24 13:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2007.09.20 15:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.09.20 15:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.06.13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.17 16:08:14 | 000,661,776 | ---- | M] (IVT Corporation.) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
PRC - [2007.05.10 12:18:26 | 000,835,584 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2007.04.21 08:32:04 | 000,270,336 | ---- | M] () -- C:\WINDOWS\tsnpstd3.exe
PRC - [2007.04.09 16:54:04 | 001,392,640 | ---- | M] ( ) -- C:\Program Files\Codebox\BitMeter\BitMeter2.exe
PRC - [2007.01.01 22:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006.09.28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe
PRC - [2004.06.18 09:31:02 | 000,067,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003.04.06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003.04.06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003.04.06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003.04.06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
PRC - [2002.08.21 05:13:12 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2001.07.22 20:29:00 | 000,351,744 | ---- | M] () -- C:\Program Files\Salamander.exe


========== Modules (SafeList) ==========

MOD - [2010.11.19 11:51:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2006.08.25 16:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009.10.18 15:46:05 | 000,552,064 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2009.09.17 13:28:20 | 001,817,144 | ---- | M] (NETGATE Technologies s.r.o.) [Disabled | Stopped] -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2006.09.28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)
SRV - [2003.04.07 06:32:06 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\xwoarh.sys -- (xwoarh)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2010.03.12 11:33:15 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009.10.18 15:46:06 | 000,512,096 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2009.10.18 15:46:05 | 000,015,424 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv)
DRV - [2009.09.27 18:01:26 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\456f9f9e.sys -- (456f9f9e)
DRV - [2009.09.17 08:58:44 | 000,018,232 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV - [2009.09.17 08:58:34 | 000,014,392 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV - [2009.09.17 08:58:22 | 000,012,344 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\spyemrg.sys -- (SpyEmrg)
DRV - [2008.10.21 10:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.01.09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.10 14:22:22 | 000,110,120 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007.12.10 14:22:22 | 000,100,648 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007.12.10 14:22:20 | 000,104,616 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007.12.10 14:22:20 | 000,025,512 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007.12.10 14:22:18 | 000,110,632 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007.12.10 14:22:18 | 000,015,016 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007.12.10 14:22:14 | 000,083,880 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007.09.29 02:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.05.24 16:59:48 | 010,343,680 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (snpstd3) USB PC Camera (SNPSTD3)
DRV - [2007.05.11 02:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (blueletaudio)
DRV - [2007.05.09 00:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (btcsrusb)
DRV - [2007.03.05 05:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (blueletscoaudio)
DRV - [2007.03.05 04:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (bt)
DRV - [2007.03.05 04:57:14 | 000,019,472 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV - [2007.03.05 04:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (bthidmgr)
DRV - [2007.03.05 04:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (bthidenum)
DRV - [2007.03.05 04:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (vcommmgr)
DRV - [2007.03.05 04:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (vcomm)
DRV - [2006.11.30 15:14:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45unic.sys -- (se45unic) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM)
DRV - [2006.11.30 15:14:14 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45obex.sys -- (se45obex)
DRV - [2006.11.30 15:14:10 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mgmt.sys -- (se45mgmt) Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM)
DRV - [2006.11.30 15:14:10 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45nd5.sys -- (se45nd5) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS)
DRV - [2006.11.30 15:14:04 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdm.sys -- (se45mdm)
DRV - [2006.11.30 15:14:04 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdfl.sys -- (se45mdfl)
DRV - [2006.11.30 15:13:56 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM)
DRV - [2006.11.21 21:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (btnetfilter)
DRV - [2006.11.15 16:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006.08.28 14:22:56 | 000,018,208 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se26nd3.sys -- (se26nd3) Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (NDIS)
DRV - [2006.06.27 17:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2005.11.24 18:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005.09.05 02:59:24 | 000,019,034 | R--- | M] (Kingsun Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KS-959.sys -- (KS-959)
DRV - [2005.05.26 15:06:44 | 000,024,706 | ---- | M] (Flarion Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlrnDTM.sys -- (FlarionDTM)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.08.03 22:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004.08.03 22:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (nwlnkipx)
DRV - [2004.06.21 09:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.02.24 04:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2001.10.02 10:54:22 | 000,040,192 | ---- | M] (Oki Data Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\OKIPAR.SYS -- (OkiPar)
DRV - [2001.08.23 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (nwlnknb)
DRV - [2001.08.23 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (nwlnkspx)
DRV - [2001.03.27 16:38:48 | 000,011,212 | ---- | M] (Elaborate Bytes) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2000.06.26 16:22:00 | 000,493,024 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-113007714-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-790525478-113007714-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-790525478-113007714-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.sk/
IE - HKU\S-1-5-21-790525478-113007714-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-790525478-113007714-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-790525478-113007714-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009.11.14 13:34:59 | 000,000,753 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe File not found
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe ()
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-21-790525478-113007714-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-790525478-113007714-725345543-1003..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe ( )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe (IVT Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-113007714-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\imon.dll (Eset )
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\imon.dll (Eset )
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.91.0.17 194.154.227.17
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.07 00:30:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{f9eeda45-a457-11dc-8559-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f9eeda45-a457-11dc-8559-806d6172696f}\Shell\AutoRun\command - "" = F:\Mlv.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027131116781568)

========== Files/Folders - Created Within 7 Days ==========

[2010.11.19 11:53:36 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010.10.07 07:13:40 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe2E1.dll
[2010.01.26 09:17:26 | 000,602,624 | ---- | C] (Jim Barber & William Montgomery) -- C:\Program Files\w95sstv.exe
[2009.08.01 20:40:44 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpe494.dll
[2009.08.01 19:40:07 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009.08.01 19:40:07 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009.08.01 19:40:07 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009.08.01 19:40:07 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2009.07.31 18:23:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeEA.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.11.19 15:10:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-113007714-725345543-1003UA.job
[2010.11.19 15:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010.11.19 14:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010.11.19 13:10:00 | 000,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-790525478-113007714-725345543-1003Core.job
[2010.11.19 13:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010.11.19 12:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010.11.19 11:51:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2010.11.19 11:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010.11.19 10:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.11.19 09:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.11.19 08:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010.11.19 07:55:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.19 07:55:10 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.19 00:10:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.11.18 23:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010.11.18 17:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010.11.17 21:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010.11.17 20:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010.11.17 19:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010.11.17 01:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010.11.16 22:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010.11.16 21:50:38 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml
[2010.11.16 19:35:45 | 000,815,295 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\4DM2000 (1).pdf
[2010.11.16 18:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010.11.16 14:18:58 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.11.16 02:00:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010.11.15 16:18:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.11.15 16:14:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

Re: MBAM opakovane hlasi Hijack.WindowsUpdates

Napsal: 19 lis 2010 16:01
od vyosek
Co hodlate delat s tim cracknutym NODem :???:
Všechny časy jsou v UTC+01:00
Stránka 2 z 9

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz