VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

https://forum.viry.cz:443/viewtopic.php?t=95796

Stránka 1 z 2

NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 05 led 2010 09:59
od chyno
Logfile of random's system information tool 1.06 (written by random/random)
Run by Chyno at 2010-01-05 09:56:03
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 15 GB (38%) free of 38 GB
Total RAM: 503 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:18, on 5. 1. 2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\qtplugin.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\uTorrent\utorrent.exe
C:\ComplexWebServer\apache\bin\apache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\ComplexWebServer\mysql\bin\mysqld-nt.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\ComplexWebServer\apache\bin\apache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\wincmd\TOTALCMD.EXE
C:\ComplexWebServer\http_docs\RSIT.exe
C:\Program Files\trend micro\Chyno.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe wjqd.rqo avqbc
O3 - Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - (no file)
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LFAgent] C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe -start
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [uTorrent] "c:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [instanteyedropper] "C:\Program Files\InstantEyedropper\InstantEyedropper.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.sk/comp/Signersk.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 0033171328
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DF08C82-196D-4047-B65B-C14A0570A32F}: NameServer = 192.168.1.1,4.2.2.5
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: CWS_Apache_80 - Apache Software Foundation - C:\ComplexWebServer\apache\bin\apache.exe
O23 - Service: CWS_Apache_8080 - Apache Software Foundation - C:\ComplexWebServer\apache\bin\apache.exe
O23 - Service: CWS_MySQL_3306 - Unknown owner - C:\ComplexWebServer\mysql\bin\mysqld-nt.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6591 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008UA.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{35065594-9169-4A34-B167-FC4865038E53}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-02-13 35328]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2029640]
"LFAgent"=C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe [2005-09-24 566272]
"RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe [2010-01-04 305152]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"uTorrent"=c:\Program Files\uTorrent\utorrent.exe [2009-02-05 270128]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"instanteyedropper"=C:\Program Files\InstantEyedropper\InstantEyedropper.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\µTorrent\utorrent.exe"="C:\Program Files\µTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\uTorrent.exe"="C:\Program Files\uTorrent.exe:*:Disabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Disabled:ICQ6"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1
.txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-01-04 22:10:00 ----AC---- C:\WINDOWS\system32\qtplugin.exe
2010-01-04 15:03:41 ----DC---- C:\řš
2009-12-19 21:21:47 ----AC---- C:\WINDOWS\IE4 Error Log.txt
2009-12-19 21:21:20 ----AC---- C:\WINDOWS\iexplore.ini
2009-12-19 21:19:01 ----DC---- C:\Program Files\MultipleIEs
2009-12-17 21:35:57 ----AC---- C:\WINDOWS\tdlp32.ini
2009-12-17 21:32:01 ----DC---- C:\Program Files\Xara
2009-12-17 21:32:01 ----DC---- C:\Program Files\Common Files\Xara
2009-12-11 18:55:46 ----DC---- C:\Program Files\Atomic Bomberman
2009-12-06 17:46:45 ----DC---- C:\rsit

======List of files/folders modified in the last 1 months======

2010-01-05 09:56:09 ----DC---- C:\Program Files\trend micro
2010-01-05 09:56:03 ----DC---- C:\WINDOWS\Prefetch
2010-01-05 09:54:51 ----AC---- C:\WINDOWS\wincmd.ini
2010-01-05 09:54:39 ----DC---- C:\WINDOWS\temp
2010-01-05 09:51:14 ----DC---- C:\WINDOWS\system32\ias
2010-01-05 09:50:33 ----DC---- C:\WINDOWS\system32\CatRoot2
2010-01-04 22:38:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-04 22:37:41 ----DC---- C:\Documents and Settings\Chyno\Application Data\uTorrent
2010-01-04 22:10:00 ----DC---- C:\WINDOWS\system32
2010-01-04 20:52:29 ----AC---- C:\WINDOWS\wcx_ftp.ini
2010-01-04 19:53:36 ----DC---- C:\Program Files\Mozilla Firefox
2010-01-04 17:35:30 ----DC---- C:\Program Files\Opera
2010-01-04 15:32:55 ----AC---- C:\WINDOWS\WDICT32.INI
2009-12-31 16:47:58 ----DC---- C:\Program Files\PS Pad
2009-12-27 13:49:47 ----DC---- C:\A-Foto Olympus
2009-12-25 17:08:36 ----SDC---- C:\WINDOWS\Downloaded Program Files
2009-12-20 21:06:46 ----DC---- C:\WINDOWS
2009-12-19 21:19:01 ----DC---- C:\Program Files
2009-12-17 21:32:31 ----HDC---- C:\Program Files\InstallShield Installation Information
2009-12-17 21:32:01 ----DC---- C:\Program Files\Common Files
2009-12-17 21:31:26 ----DC---- C:\Program Files\Common Files\InstallShield
2009-12-17 18:28:47 ----RSDC---- C:\WINDOWS\Fonts
2009-12-13 16:50:35 ----AC---- C:\WINDOWS\win.ini
2009-12-12 10:32:34 ----DC---- C:\_Odkazy_
2009-12-12 10:30:51 ----DC---- C:\ComplexWebServer
2009-12-07 17:42:47 ----DC---- C:\WINDOWS\system32\ShellExt
2009-12-07 17:42:08 ----SHDC---- C:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-05-14 55768]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-05-14 133000]
R2 LF30FS;LF30FS; \??\C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys []
R2 WinFLdrv;WinFLdrv; C:\WINDOWS\system32\WinFLdrv.sys [2009-11-30 10752]
R2 WinVd32;WinVd32; \??\C:\WINDOWS\system32\WinVd32.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2004-03-31 16640]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2004-03-31 30235]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-05-14 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-04 25280]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-06-08 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-06 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S2 BT848;CxVCap, WDM Video Capture; C:\WINDOWS\system32\drivers\cxvcap.sys [2002-03-12 107200]
S2 BTTUNER;BtTuner, WDM TvTuner; C:\WINDOWS\system32\drivers\BTTUNER.sys [2001-03-08 18944]
S2 BTXBAR;BtXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\BTXBAR.sys [1999-07-22 13308]
S2 CXXBAR;CxXBar, WDM Crossbar; C:\WINDOWS\system32\drivers\CXXBAR.sys [2002-03-12 15696]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-13 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-13 78496]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [2004-03-31 146684]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2004-03-31 52856]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-01-08 223128]
S3 GMSIPCI;GMSIPCI; \??\R:\INSTALL\GMSIPCI.SYS []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\System32\DRIVERS\k750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\System32\DRIVERS\k750obex.sys [2007-05-24 79488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 PSTRIP;PSTRIP; \??\C:\WINDOWS\System32\DRIVERS\PSTRIP.SYS []
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-06-29 72704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe [2004-03-31 135168]
R2 CWS_Apache_80;CWS_Apache_80; C:\ComplexWebServer\apache\bin\apache.exe [2005-10-09 20541]
R2 CWS_MySQL_3306;CWS_MySQL_3306; C:\ComplexWebServer\mysql\bin\mysqld-nt.exe [2006-11-06 3604480]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-27 152984]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-02-01 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 CWS_Apache_8080;CWS_Apache_8080; C:\ComplexWebServer\apache\bin\apache.exe [2005-10-09 20541]
S2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-24 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-01 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-02-01 360192]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 05 led 2010 10:59
od pitimir
Ahoj.

1) Pouzi >>toto<<.


2) Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users", "Lop" aj "Purity Check" a "File Scan" zmen na 7 dni miesto 30. Do policka pod nazvom "Custom Scans/Fixes" skopiruj:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
CREATERESTOREPOINT
Potom klikni na "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 05 led 2010 11:50
od chyno
EOlmarikRemover.exe hlasi "Unable to clean the rootkit"

OTL.Txt:
OTL logfile created on: 5. 1. 2010 11:10:54 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Chyno\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041b | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

503,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 41,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 14,29 Gb Free Space | 38,35% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 103,09 Gb Free Space | 92,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 4,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC_COMPAQ
Current User Name: Chyno
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.01.05 11:06:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
PRC - [2010.01.04 22:09:54 | 00,305,152 | ---- | M] (Nero AG) -- C:\WINDOWS\system32\qtplugin.exe
PRC - [2009.11.20 19:01:18 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009.06.29 06:47:05 | 00,072,704 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009.05.14 14:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.05.14 14:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.04.13 19:00:46 | 04,327,936 | ---- | M] (Prog-Soft s.r.o.) -- C:\Program Files\PS Pad\PSPad.exe
PRC - [2009.02.05 19:30:00 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\utorrent.exe
PRC - [2009.02.01 13:36:40 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008.12.27 18:24:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008.10.01 10:12:36 | 00,691,748 | ---- | M] (C. Ghisler & Co.) -- C:\wincmd\TOTALCMD.EXE
PRC - [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007.09.02 13:58:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007.06.13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.02.13 19:29:00 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006.11.06 15:24:36 | 03,604,480 | ---- | M] () -- C:\ComplexWebServer\mysql\bin\mysqld-nt.exe
PRC - [2005.10.09 18:17:00 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\ComplexWebServer\apache\bin\Apache.exe
PRC - [2005.09.24 17:40:54 | 00,566,272 | ---- | M] (Everstrike Software) -- C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe
PRC - [2004.03.31 16:13:32 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe


========== Modules (SafeList) ==========

MOD - [2010.01.05 11:06:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
MOD - [2007.09.02 13:57:36 | 00,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2004.08.04 08:57:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.07.24 19:31:59 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009.06.29 06:47:05 | 00,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009.05.14 14:54:22 | 00,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.05.14 14:47:54 | 00,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.02.01 13:36:40 | 00,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.02.01 13:36:34 | 00,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.01.01 12:38:04 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.12.27 18:24:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008.12.11 13:31:36 | 00,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.11.20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008.08.29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2007.06.15 15:55:00 | 00,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.11.06 15:24:36 | 03,604,480 | ---- | M] () [Auto | Running] -- C:\ComplexWebServer\mysql\bin\mysqld-nt.exe -- (CWS_MySQL_3306)
SRV - [2006.09.29 11:48:06 | 00,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)
SRV - [2005.10.09 18:17:00 | 00,020,541 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\ComplexWebServer\apache\bin\apache.exe -- (CWS_Apache_8080)
SRV - [2005.10.09 18:17:00 | 00,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\ComplexWebServer\apache\bin\apache.exe -- (CWS_Apache_80)
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.03.31 16:13:32 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) [Auto | Running] -- C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2003.07.28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (EOlmarikFix)
DRV - [2009.11.30 00:02:25 | 00,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\WinVd32.sys -- (WinVd32)
DRV - [2009.11.30 00:02:16 | 00,010,752 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2009.05.14 14:49:26 | 00,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.05.14 14:49:26 | 00,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.05.14 14:49:22 | 00,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.05.14 14:47:14 | 00,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.05.14 14:41:10 | 00,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.03.04 20:50:19 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.10.07 23:23:04 | 00,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008.04.17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007.11.16 10:55:00 | 00,165,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2007.11.13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007.06.08 19:55:57 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (Pcouffin)
DRV - [2007.05.24 12:30:40 | 00,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2007.02.22 10:15:56 | 00,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.02.22 10:15:14 | 00,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007.02.22 10:15:14 | 00,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007.02.22 10:15:14 | 00,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006.08.25 04:47:00 | 00,036,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006.01.08 19:19:53 | 00,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006.01.08 19:18:16 | 00,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005.11.06 14:05:48 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005.09.29 18:01:51 | 00,066,048 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.09.01 11:03:04 | 00,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\imagedrv.sys -- (Imagedrv)
DRV - [2005.08.10 13:44:04 | 00,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.07.07 15:26:04 | 00,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005.07.07 15:26:00 | 00,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.07.07 15:25:58 | 00,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.07.07 15:25:52 | 00,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.06.21 17:12:34 | 00,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005.05.16 14:20:39 | 00,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.11.19 18:07:00 | 00,101,488 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys -- (LF30FS)
DRV - [2004.08.04 06:59:42 | 00,095,360 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\atapi.sys -- (atapi)
DRV - [2004.05.13 14:00:04 | 00,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 12:19:36 | 00,079,488 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.03.31 16:13:34 | 00,016,640 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004.03.31 16:13:32 | 00,146,684 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004.03.31 16:13:32 | 00,052,856 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.03.31 16:13:32 | 00,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004.03.31 16:13:30 | 01,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003.12.01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 13:22:08 | 00,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.05.27 16:05:42 | 00,578,304 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2003.03.13 17:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2003.03.13 11:14:28 | 00,112,288 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS)
DRV - [2003.03.13 11:14:16 | 00,078,496 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH)
DRV - [2002.03.12 01:08:48 | 00,107,200 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cxvcap.sys -- (BT848)
DRV - [2002.03.12 01:08:48 | 00,015,696 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\cxxbar.sys -- (CXXBAR)
DRV - [2001.08.23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001.08.23 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2001.03.08 03:30:00 | 00,018,944 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\bttuner.sys -- (BTTUNER)
DRV - [1999.07.22 02:28:00 | 00,013,308 | R--- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\btxbar.sys -- (BTXBAR)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DigitalPowered Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://localhost/"
FF - prefs.js..extensions.enabledItems: {b317125e-2f10-4388-bf1f-2c31c6cd89ed}:2.0.4.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {cc409fe8-42b4-405b-a9fa-02dfcffbedde}:1.5.8.6
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.1
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.12.19 14:21:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.19 14:21:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.08.25 14:57:23 | 00,000,000 | ---D | M]

[2008.08.26 14:13:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Extensions
[2009.11.08 18:59:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions
[2009.11.08 18:59:26 | 00,000,000 | ---D | M] (Tamper Data) -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009.04.24 18:29:54 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions\{cc409fe8-42b4-405b-a9fa-02dfcffbedde}
[2009.09.30 21:29:25 | 00,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009.05.27 00:13:54 | 00,000,890 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\conduit.xml
[2010.12.31 15:12:33 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-1.xml
[2008.12.31 21:05:37 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-2.xml
[2009.02.17 09:55:39 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-3.xml
[2009.03.18 10:17:33 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-4.xml
[2009.12.26 10:03:39 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-5.xml
[2008.12.15 15:45:18 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin.xml
[2009.11.08 18:59:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.28 13:02:10 | 00,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.06.10 19:01:47 | 00,000,000 | ---D | M] (DigitalPowered Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}
[2009.12.19 14:21:40 | 00,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2009.12.19 14:21:40 | 00,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2009.12.19 14:21:40 | 00,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2009.12.19 14:21:40 | 00,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2009.12.19 14:21:40 | 00,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: (698 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\WebBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [LFAgent] C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30.exe (Everstrike Software)
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe (Nero AG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-343818398-179605362-839522115-1008..\Run: [instanteyedropper] C:\Program Files\InstantEyedropper\InstantEyedropper.exe File not found
O4 - HKU\S-1-5-21-343818398-179605362-839522115-1008..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-343818398-179605362-839522115-1008..\Run: [uTorrent] c:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} https://ib24.csob.sk/comp/Signersk.cab (SigVer Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0033171328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 5253009259 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D10CDB6E-AE6D-27CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/ ... earadj.cab (CTAdjust Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (wjqd.rqo) - File not found
O20 - HKLM Winlogon: Shell - (avqbc) - File not found
O20 - HKLM Winlogon: UIHost - (C:\Documents) - C:\Documents [2006.06.18 17:20:58 | 00,000,000 | R--D | M]
O20 - HKLM Winlogon: UIHost - (and) - File not found
O20 - HKLM Winlogon: UIHost - (Settings\All) - File not found
O20 - HKLM Winlogon: UIHost - (Users\Application) - File not found
O20 - HKLM Winlogon: UIHost - (Data\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Software\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Utilities\WinStyler\tu_logonui.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuálna domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.01.05 09:51:14 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54891125151891456)

========== Files/Folders - Created Within 7 Days ==========

[2010.01.05 11:06:09 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
[2010.01.05 11:06:00 | 00,328,032 | ---- | C] (ESET spol. s r.o.) -- C:\Documents and Settings\Chyno\Desktop\EOlmarikRemover.exe
[2010.01.04 22:10:00 | 00,305,152 | ---- | C] (Nero AG) -- C:\WINDOWS\System32\qtplugin.exe
[2010.01.04 15:03:41 | 00,000,000 | ---D | C] -- C:\řš
[2009.08.23 10:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009.05.17 11:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2009.04.01 16:38:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009.01.04 17:48:17 | 12,717,920 | ---- | C] (Intel ) -- C:\Program Files\PRO2KXP_v13_4.exe
[2007.03.22 17:03:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2003.10.06 00:22:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 7 Days ==========

[2010.01.05 11:06:10 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chyno\Desktop\OTL.exe
[2010.01.05 11:06:00 | 00,328,032 | ---- | M] (ESET spol. s r.o.) -- C:\Documents and Settings\Chyno\Desktop\EOlmarikRemover.exe
[2010.01.05 11:00:00 | 00,000,486 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.01.05 11:00:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Úklid 1 kliknutím.job
[2010.01.05 10:54:03 | 00,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008UA.job
[2010.01.05 09:54:51 | 00,004,100 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.01.05 09:50:33 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.05 09:49:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.05 09:49:55 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.04 22:38:53 | 07,077,888 | ---- | M] () -- C:\Documents and Settings\Chyno\NTUSER.DAT
[2010.01.04 22:38:33 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Chyno\ntuser.ini
[2010.01.04 22:09:54 | 00,305,152 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\qtplugin.exe
[2010.01.04 21:33:37 | 00,072,154 | -H-- | M] () -- C:\TREEINFO.WC
[2010.01.04 20:52:29 | 00,001,105 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2010.01.04 15:32:55 | 00,003,289 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.01.03 22:54:03 | 00,001,040 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008Core.job
[2010.01.02 21:52:01 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Chyno\PUTTY.RND
[2009.12.30 21:23:51 | 00,003,268 | ---- | M] () -- C:\Documents and Settings\Chyno\My Documents\admin

========== Files Created - No Company Name ==========

[2009.12.30 21:23:50 | 00,003,268 | ---- | C] () -- C:\Documents and Settings\Chyno\My Documents\admin
[2009.12.19 21:21:20 | 00,003,623 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2009.12.17 21:35:57 | 00,000,031 | ---- | C] () -- C:\WINDOWS\tdlp32.ini
[2009.11.30 00:02:25 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\WinVd32.sys
[2009.09.30 21:35:58 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.09.15 21:35:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SpeechPad.INI
[2009.08.23 10:09:26 | 00,013,498 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\oxunolaha.dl
[2009.08.23 10:09:25 | 00,016,708 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\guvunav._sy
[2009.08.23 10:09:25 | 00,014,612 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\enuku.lib
[2009.08.20 20:21:23 | 00,016,989 | ---- | C] () -- C:\Documents and Settings\Chyno\Application Data\fymitafuh.db
[2009.08.20 20:21:21 | 00,019,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\laxegecyd.ban
[2009.07.27 20:11:46 | 00,000,107 | ---- | C] () -- C:\WINDOWS\winradio.ini
[2009.07.26 19:36:03 | 00,000,871 | ---- | C] () -- C:\Documents and Settings\Chyno\Application Data\coreavc.ini
[2009.07.07 20:33:28 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\Chyno\Application Data\NMM-MetaData.db
[2009.05.27 20:08:44 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.04.16 22:52:48 | 02,076,672 | ---- | C] () -- C:\WINDOWS\System32\libmysql.dll
[2009.04.16 22:52:48 | 00,166,912 | ---- | C] () -- C:\WINDOWS\System32\libmcrypt.dll
[2008.12.28 13:24:36 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2008.10.07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.09.28 14:00:52 | 00,000,048 | ---- | C] () -- C:\WINDOWS\APCBT.ini
[2008.09.13 10:15:42 | 00,001,105 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008.08.27 21:02:50 | 00,004,100 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.07.25 14:46:38 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Chyno\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.06 09:23:45 | 00,177,152 | ---- | C] () -- C:\Program Files\uTorrent.exe
[2008.02.05 13:28:20 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\Chyno\Local Settings\Application Data\setup.txt
[2007.06.11 14:44:59 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.03.29 22:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007.01.30 18:12:15 | 00,265,512 | R--- | C] () -- C:\WINDOWS\System32\drivers\BT848.sys
[2007.01.10 07:44:26 | 01,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006.11.27 18:24:18 | 00,002,407 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006.11.05 16:07:09 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006.10.12 19:21:46 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2006.10.10 19:42:11 | 00,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2006.09.28 13:51:22 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.09.28 13:39:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\dbgout.INI
[2006.05.22 06:11:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mpegableX4live.INI
[2006.01.18 17:17:53 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.01.08 19:18:16 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006.01.08 19:18:16 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0829.sys
[2006.01.04 20:15:47 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2006.01.04 20:15:47 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005.12.27 15:04:37 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005.12.18 13:52:01 | 00,003,645 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2005.12.18 13:52:01 | 00,000,028 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2005.12.18 13:51:59 | 00,003,289 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2005.12.06 17:00:33 | 00,001,969 | ---- | C] () -- C:\WINDOWS\level.ini
[2005.11.28 17:56:59 | 00,544,724 | ---- | C] () -- C:\WINDOWS\System32\RWDL6DHW.DLL
[2005.11.13 19:55:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005.10.14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.06.19 20:05:05 | 00,008,630 | ---- | C] () -- C:\WINDOWS\System32\datkkq32.dll
[2005.05.29 02:45:43 | 00,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
[2004.03.31 16:13:32 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2004.03.31 16:13:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004.03.31 16:13:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2004.03.31 16:13:32 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2004.03.31 16:13:30 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2004.03.31 16:13:30 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2004.03.31 16:13:30 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004.02.15 09:55:53 | 00,000,333 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004.02.15 09:54:34 | 00,001,677 | ---- | C] () -- C:\WINDOWS\disney.ini
[2004.01.04 14:15:24 | 00,000,177 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004.01.01 14:15:26 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2003.11.28 22:59:18 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003.11.28 22:59:18 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003.11.28 22:59:18 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003.01.07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.08.29 04:41:00 | 00,004,032 | ---- | C] () -- C:\WINDOWS\boot.sys
[2002.03.21 15:39:02 | 00,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002.03.20 22:01:06 | 00,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 22:00:20 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1998.03.22 13:50:02 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2005.11.06 14:05:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009.08.14 22:59:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009.06.29 06:57:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2006.01.07 18:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games
[2009.01.31 13:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009.05.17 11:10:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008.12.28 13:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.07.07 20:22:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006.09.28 13:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\My Pictures
[2005.11.13 17:40:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground Demo
[2006.11.27 19:07:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2009.07.07 20:30:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007.02.06 15:14:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QubeSoft
[2009.06.18 20:05:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2005.07.01 11:38:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SME Kuramatic
[2009.08.22 08:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.02.01 13:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008.12.25 20:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009.02.01 13:34:42 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.11.30 00:10:59 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Chyno\Application Data\.#
[2009.09.15 21:25:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Acapela Group
[2008.07.07 23:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ACD Systems
[2009.01.31 21:58:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\CoSoSys
[2009.05.17 11:49:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ESET
[2008.11.04 21:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Free&Easy Font Viewer
[2009.01.04 12:15:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ICQ
[2008.07.28 13:25:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\ICQLite
[2008.12.06 15:36:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\LimeWire
[2009.12.01 16:40:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Nokia
[2009.07.27 14:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Nokia Multimedia Player
[2008.10.09 23:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Opera
[2009.12.01 16:37:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\PC Suite
[2009.05.17 21:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Radical Software Ltd
[2009.02.01 13:36:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\TuneUp Software
[2009.01.31 13:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Uniblue
[2010.01.05 11:20:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\uTorrent
[2009.04.12 10:10:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Vso
[2009.01.01 15:01:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\X-Chat 2
[2009.07.28 19:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chyno\Application Data\Xilisoft Corporation
[2006.05.30 22:03:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\ACD Systems
[2006.09.05 11:28:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\Ascaron Entertainment
[2009.07.29 13:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\ESET
[2009.04.17 18:23:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Patrik\Application Data\ICQ
[2009.04.05 20:47:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ľuboš\Application Data\ACD Systems
[2010.01.05 11:00:00 | 00,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010.01.05 11:00:00 | 00,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\Úklid 1 kliknutím.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004.08.04 08:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.04 08:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 08:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\cache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004.08.04 08:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.04 08:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 08:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\cache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009.02.06 19:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2004.08.04 08:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.04 08:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 08:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004.08.04 06:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.04 06:59:42 | 00,095,360 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys
[2002.08.29 02:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004.08.04 07:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.04 07:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 05 led 2010 11:52
od chyno
Extras.Txt

OTL Extras logfile created on: 5. 1. 2010 11:10:54 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\Chyno\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041b | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

503,00 Mb Total Physical Memory | 206,00 Mb Available Physical Memory | 41,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 14,29 Gb Free Space | 38,35% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 103,09 Gb Free Space | 92,22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 4,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: PC_COMPAQ
Current User Name: Chyno
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = 0
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\µTorrent\utorrent.exe" = C:\Program Files\µTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\uTorrent.exe" = C:\Program Files\uTorrent.exe:*:Disabled:µTorrent -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Disabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{57CDBAE6-0896-4E78-88F0-C673E4BB44FD}" = Lock Folder XP 3.6
"{5FAAF230-8E1C-4295-ADFA-829BFE895850}" = SAPI51
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{66F94F05-52D0-475D-8E35-D6F3ABD813BE}" = ESET Smart Security
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"7-Zip" = 7-Zip 4.65
"AVI ReComp" = AVI ReComp 1.2.3
"FRC - Football Result Creator" = FRC - Football Result Creator
"GIF Animator" = Microsoft GIF Animator
"HijackThis" = HijackThis 2.0.2
"ID2220Voices" = Infovox Desktop 2.220 voices
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"MultipleIEs_is1" = MultipleIEs
"Nokia PC Suite" = Nokia PC Suite
"WIC" = Windows Imaging Component

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30. 4. 2009 9:29:47 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



Error - 30. 4. 2009 11:07:19 | Computer Name = PC_COMPAQ | Source = Application Error | ID = 1000
Description = Zlyhanie aplikácie opera.exe, verzia 9.60.10447.0, zlyhanie modulu
jvm.dll, verzia 11.0.0.16, adresa zlyhania 0x0016f202.

Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.

Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.

Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.

Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Can't init databases For more information, see Help and Support Center
at http://www.mysql.com.

Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description = Aborting For more information, see Help and Support Center at http://www.mysql.com.



[ DriverScanne Events ]
Error - 30. 4. 2009 9:29:47 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 30. 4. 2009 11:07:19 | Computer Name = PC_COMPAQ | Source = Application Error | ID = 1000
Description =

Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

[ DriverScanne Events ]
Error - 30. 4. 2009 9:29:47 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 30. 4. 2009 11:07:19 | Computer Name = PC_COMPAQ | Source = Application Error | ID = 1000
Description =

Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 30. 4. 2009 12:09:20 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 1. 5. 2009 13:04:16 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 1. 5. 2009 16:05:28 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

Error - 2. 5. 2009 3:58:13 | Computer Name = PC_COMPAQ | Source = MySQL | ID = 100
Description =

[ System Events ]
Error - 18. 4. 2007 9:41:41 | Computer Name = PC_COMPAQ | Source = W32Time | ID = 39452701
Description = Poskytovateľ času NtpClient je nakonfigurovaný tak, aby získaval čas
z jedného alebo viacerých časových zdrojov, žiadny zo zdrojov však nie je momentálne
prístupný. Počas 14 minút nebude uskutočnený žiadny pokus o skontaktovanie zdroja.
NtpClient
nemá žiadny zdroj presného času.

Error - 18. 4. 2007 9:41:47 | Computer Name = PC_COMPAQ | Source = RemoteAccess | ID = 20013
Description = Komunikačné zariadenie pripojené k portu COM4 nie je funkčné.

Error - 18. 4. 2007 9:42:05 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby BtTuner, WDM TvTuner zlyhalo kvôli nasledujúcej chybe:
%%1058

Error - 18. 4. 2007 9:42:05 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby BtXBar, WDM Crossbar zlyhalo kvôli nasledujúcej chybe:
%%1058

Error - 18. 4. 2007 9:42:05 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby CxXBar, WDM Crossbar zlyhalo kvôli nasledujúcej chybe:
%%1058

Error - 18. 4. 2007 9:56:44 | Computer Name = PC_COMPAQ | Source = W32Time | ID = 39452689
Description = Poskytovateľ času NtpClient: Pri vyhľadávaní ručne nakonfigurovaného
partnera
time.windows.com,0x1 serverom DNS sa vyskytla chyba. NtpClient sa pokúsi o vyhľadávanie
servera DNS znova o 30 min. Vyskytla sa chyba: Došlo k pokusu o operáciu so soketom
v čase nedosiahnuteľnosti hostiteľa. (0x80072751)

Error - 18. 4. 2007 9:56:44 | Computer Name = PC_COMPAQ | Source = W32Time | ID = 39452701
Description = Poskytovateľ času NtpClient je nakonfigurovaný tak, aby získaval čas
z jedného alebo viacerých časových zdrojov, žiadny zo zdrojov však nie je momentálne
prístupný. Počas 29 minút nebude uskutočnený žiadny pokus o skontaktovanie zdroja.
NtpClient
nemá žiadny zdroj presného času.

Error - 3. 1. 2050 18:12:17 | Computer Name = PC_COMPAQ | Source = RemoteAccess | ID = 20013
Description = Komunikačné zariadenie pripojené k portu COM4 nie je funkčné.

Error - 4. 9. 2007 7:20:28 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby CxVCap, WDM Video Capture zlyhalo kvôli nasledujúcej
chybe: %%1058

Error - 4. 9. 2007 7:20:28 | Computer Name = PC_COMPAQ | Source = Service Control Manager | ID = 7000
Description = Spustenie služby BtTuner, WDM TvTuner zlyhalo kvôli nasledujúcej chybe:
%%1058

[ TuneUp Events ]
Error - 22. 8. 2009 2:27:02 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:27:02', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','7044',0)

Error - 22. 8. 2009 2:27:18 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:27:18', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','6512',0)

Error - 22. 8. 2009 2:27:33 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:27:33', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','6688',0)

Error - 22. 8. 2009 2:30:04 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:30:04', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','10088',0)

Error - 22. 8. 2009 2:35:48 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 08:35:48', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','8404',0)

Error - 22. 8. 2009 3:07:28 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 09:07:28', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1912',0)

Error - 22. 8. 2009 3:10:55 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 09:10:55', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2404',0)

Error - 22. 8. 2009 3:42:13 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 09:42:13', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3664',0)

Error - 22. 8. 2009 4:07:00 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-22 10:07:00', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3900',0)

Error - 25. 8. 2009 9:55:03 | Computer Name = PC_COMPAQ | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-25 15:55:03', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\unins000.exe','528',0)


< End of report >

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 05 led 2010 15:19
od pitimir
1) Stiahni Defogger. Spust, klik na "Disable" -> "OK". V mieste spustenia by sa mal zjavit log, ten sem vloz.


2) Skopiruj v OTL do policka pod nazvom "Custom Scans/Fixes":

Kód: Vybrat vše

:otl
DRV - File not found [Kernel | Disabled | Running] -- -- (EOlmarikFix)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\URLSearchHook: - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://localhost/"
[2010.12.31 15:12:33 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-1.xml
[2008.12.31 21:05:37 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-2.xml
[2009.02.17 09:55:39 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-3.xml
[2009.03.18 10:17:33 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-4.xml
[2009.12.26 10:03:39 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-5.xml
[2008.12.15 15:45:18 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin.xml
O3 - HKLM\..\Toolbar: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-343818398-179605362-839522115-1008\..\Toolbar\WebBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe (Nero AG)
O4 - HKU\S-1-5-21-343818398-179605362-839522115-1008..\Run: [instanteyedropper] C:\Program Files\InstantEyedropper\InstantEyedropper.exe File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-179605362-839522115-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} https://ib24.csob.sk/comp/Signersk.cab (SigVer Class)
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 0033171328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/C ... 5253009259 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D10CDB6E-AE6D-27CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553530000} http://download.macromedia.com/pub/shoc ... wflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/ ... earadj.cab (CTAdjust Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (wjqd.rqo) - File not found
O20 - HKLM Winlogon: Shell - (avqbc) - File not found
O20 - HKLM Winlogon: UIHost - (C:\Documents) - C:\Documents [2006.06.18 17:20:58 | 00,000,000 | R--D | M]
O20 - HKLM Winlogon: UIHost - (and) - File not found
O20 - HKLM Winlogon: UIHost - (Settings\All) - File not found
O20 - HKLM Winlogon: UIHost - (Users\Application) - File not found
O20 - HKLM Winlogon: UIHost - (Data\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Software\TuneUp) - File not found
O20 - HKLM Winlogon: UIHost - (Utilities\WinStyler\tu_logonui.exe) - File not found
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

:commands
[emptytemp]
[createrestorepoint]
[reboot]
Klikni na "Run Fix". Program zacne pracovat, mozny je restart PC. Po nom by sa ti mal objavit log, ten by som rad videl.

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 05 led 2010 19:31
od chyno
Neviem, asi som spravil nieco zle, ale neviem najst log z Defroggera.

01052010_190051.txt:

All processes killed
========== OTL ==========
Error: No service named EOlmarikFix was found to stop!
Unable to stop service EOlmarikFix!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "http://localhost/" removed from browser.startup.homepage
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{35065594-9169-4A34-B167-FC4865038E53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35065594-9169-4A34-B167-FC4865038E53}\ not found.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}\ not found.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{35065594-9169-4A34-B167-FC4865038E53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35065594-9169-4A34-B167-FC4865038E53}\ not found.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBE9E2B5-B526-48BC-AD46-687263EDCB0E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMonitor1 deleted successfully.
C:\WINDOWS\system32\qtplugin.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Run\\instanteyedropper deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\WINDOWS\Downloaded Program Files\QTPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
C:\WINDOWS\Downloaded Program Files\swdir.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C580BBF700}
C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17492023-C23A-453E-A040-C7C580BBF700}\ not found.
Starting removal of ActiveX control {4ADC518E-B607-11D4-B395-0001020F4519}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ADC518E-B607-11D4-B395-0001020F4519}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ADC518E-B607-11D4-B395-0001020F4519}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ADC518E-B607-11D4-B395-0001020F4519}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ADC518E-B607-11D4-B395-0001020F4519}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ADC518E-B607-11D4-B395-0001020F4519}\ not found.
Starting removal of ActiveX control {62475759-9E84-458E-A1AB-5D2C442ADFDE}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62475759-9E84-458E-A1AB-5D2C442ADFDE}\ not found.
Starting removal of ActiveX control {6414512B-B978-451D-A0D8-FCFDF33E833C}
C:\WINDOWS\Downloaded Program Files\wuweb.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6414512B-B978-451D-A0D8-FCFDF33E833C}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D10CDB6E-AE6D-27CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.297\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D10CDB6E-AE6D-27CF-96B8-444553540000}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553530000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.287\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553530000}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\CONFLICT.285\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Starting removal of ActiveX control {DE22A7AB-A739-4C58-AD52-21F9CD6306B7}
C:\WINDOWS\Downloaded Program Files\clearadj.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE22A7AB-A739-4C58-AD52-21F9CD6306B7}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:rundll32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:wjqd.rqo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:avqbc deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:C:\Documents deleted successfully.
C:\Documents\My Pictures\Sample Pictures folder moved successfully.
C:\Documents\My Pictures folder moved successfully.
C:\Documents\My Music\Sample Music folder moved successfully.
C:\Documents\My Music folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Obrázky folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\MEDIA\Office97 folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\MEDIA folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\WOLF folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\STREET folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\PUZZLE folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\PRINCE folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\MAHJONG folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\FORMULA folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games\DUCK folder moved successfully.
C:\Documents\Moje dokumenty\Rastík\Games folder moved successfully.
C:\Documents\Moje dokumenty\Rastík folder moved successfully.
C:\Documents\Moje dokumenty folder moved successfully.
C:\Documents folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:and deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Settings\All deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Users\Application deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Data\TuneUp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Software\TuneUp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost:Utilities\WinStyler\tu_logonui.exe deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Chyno
->Temp folder emptied: 861839 bytes
->Temporary Internet Files folder emptied: 9507204 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46321684 bytes
->Google Chrome cache emptied: 19385175 bytes
->Opera cache emptied: 230592 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: DISKMAGS

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Patrik
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Scorpions WinCheater2.06

User: user

User: Ľuboš
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 19468376 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13001628 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 379734 bytes

Total Files Cleaned = 104,00 mb

Restore point Set: OTL Restore Point (64424509440)

OTL by OldTimer - Version 3.1.21.0 log created on 01052010_190051

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 05 led 2010 23:34
od pitimir
Nevadi, dalsi krok:

1) Start -> Spustit -> (napis) CMD /K COPY /V "C:\WINDOWS\ServicePackFiles\i386\atapi.sys" "c:\atapi.sys"
Enter. Malo by sa otvir okno a v nom by mal byt napis v zmysle, ze subor bol uspesne skopirovany.


2) Stiahni Avenger. Spust ho a suhlas s podmienkami atd.
Do bieleho pola v strede programu vloz skript:

Kód: Vybrat vše

Files to move:
C:\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys
Stlac "Execute" -> "Yes". Restart a vloz log.

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 06 led 2010 19:59
od chyno
1) OK

2)

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\atapi.sys|C:\WINDOWS\system32\drivers\atapi.sys" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 06 led 2010 20:01
od pitimir
Vyborne. Este si to potvrdime :)

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 06 led 2010 21:10
od chyno
ComboFix 10-01-04.01 - Chyno . 01. 2010 20:42:47.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.503.324 [GMT 1:00]
Running from: c:\documents and settings\Chyno\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\judy.vbs
c:\documents and settings\All Users\Documents\tomexuhin.reg
c:\documents and settings\Chyno\Application Data\.#
C:\LOG.TXT
c:\windows\system32\ikafa.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))
.

2010-01-05 18:00 . 2010-01-05 18:00 -------- dc----w- C:\_OTL
2009-12-19 20:21 . 2009-12-19 20:21 16384 -c--a-w- c:\windows\MSIMGSIZ.DAT
2009-12-19 20:19 . 2009-12-19 20:19 -------- dc----w- c:\program files\MultipleIEs
2009-12-17 20:32 . 2009-12-19 20:04 -------- dc----w- c:\program files\Xara
2009-12-17 20:32 . 2009-12-17 20:32 -------- dc----w- c:\program files\Common Files\Xara
2009-12-11 17:55 . 2009-12-11 17:56 -------- dc----w- c:\program files\Atomic Bomberman

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-06 19:25 . 2008-12-24 08:42 -------- dc----w- c:\documents and settings\Chyno\Application Data\uTorrent
2010-01-06 18:54 . 2008-07-06 06:07 7077888 ----a-w- c:\documents and settings\Chyno\NTUSER.DAT
2010-01-05 17:08 . 2008-10-09 22:05 -------- dc----w- c:\program files\Opera
2010-01-05 08:56 . 2009-08-22 08:09 -------- dc----w- c:\program files\trend micro
2009-12-31 15:47 . 2009-05-03 10:39 -------- dc----w- c:\program files\PS Pad
2009-12-18 19:37 . 2008-07-23 09:49 100424 -c--a-w- c:\documents and settings\Chyno\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-17 20:32 . 2003-10-06 10:13 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-12-17 20:31 . 2003-10-06 10:12 -------- dc----w- c:\program files\Common Files\InstallShield
2009-12-02 20:01 . 2009-06-10 17:41 -------- dc----w- c:\program files\Counter-Strike 1.6 V40
2009-12-01 15:40 . 2009-07-07 19:29 -------- dc----w- c:\documents and settings\Chyno\Application Data\Nokia
2009-12-01 15:37 . 2009-07-07 19:25 -------- dc----w- c:\documents and settings\Chyno\Application Data\PC Suite
2009-11-29 23:23 . 2009-11-29 22:41 -------- dc----w- c:\program files\Lock Folder XP
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Everstrike Software
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Common Files\Everstrike Software
2009-11-29 23:02 . 2009-11-29 23:02 180224 -c--a-w- c:\windows\system32\WinVd32.sys
2009-11-29 23:02 . 2009-11-29 23:02 7680 -c--a-w- c:\windows\system32\WinFLsrv.exe
2009-11-29 23:02 . 2009-11-29 22:35 -------- dc----w- c:\program files\ABC Lock
2009-11-23 22:18 . 2006-10-10 18:41 249856 -c----w- c:\windows\Setup1.exe
2009-11-23 22:18 . 2006-10-10 18:41 73216 -c--a-w- c:\windows\ST6UNST.EXE
2009-11-17 12:43 . 2009-11-17 12:43 -------- dc----w- c:\program files\Microsoft GIF Animator
2009-01-04 16:59 . 2009-01-04 16:48 12717920 -c--a-w- c:\program files\PRO2KXP_v13_4.exe
2007-03-21 15:47 . 2008-07-06 08:23 177152 -c--a-w- c:\program files\uTorrent.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-05 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"LFAgent"="c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30.exe" [2005-09-24 566272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\µTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6. 2. 2009 13:23 107256]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19. 11. 2004 18:07 101488]
S2 BT848;CxVCap, WDM Video Capture;c:\windows\system32\drivers\cxvcap.sys [6. 5. 2007 16:41 107200]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [30. 1. 2007 18:06 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [30. 1. 2007 17:58 13308]
S2 CXXBAR;CxXBar, WDM Crossbar;c:\windows\system32\drivers\cxxbar.sys [22. 3. 2007 10:02 15696]
S3 PSTRIP;PSTRIP;\??\c:\windows\System32\DRIVERS\PSTRIP.SYS --> c:\windows\System32\DRIVERS\PSTRIP.SYS [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-06 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008Core.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]

2010-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008UA.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]

2010-01-06 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mLocal Page =
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {2DF08C82-196D-4047-B65B-C14A0570A32F} = 192.168.1.1,4.2.2.5
FF - ProfilePath - c:\documents and settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://localhost/
FF - component: c:\program files\Mozilla Firefox\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-06 20:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e]
@Class="Shell"

[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e\OpenWithList]
@Class="Shell"
"a"="opera.exe"
"MRUList"="a"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\đ•€|˙˙˙˙.•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
Completion time: 2010-01-06 20:58:45
ComboFix-quarantined-files.txt 2010-01-06 19:58

Pre-Run: 15 241 023 488 bytes free
Post-Run: 15 227 899 904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /TUTag=63VLJS /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Záloha)" /fastdetect /NoExecute=OptIn /TUTag=63VLJS-BAK

- - End Of File - - 3AB604FF751D475FA5449E02D17ACA30

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 07 led 2010 00:12
od pitimir
Vyborne, este mensie docistenie :)

1) Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
DDS::
mLocal Page = 

FireFox::
FF - ProfilePath - c:\documents and settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://localhost/

RegLockDel::
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e]
[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e\OpenWithList]

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\đ•€|˙˙˙˙.•€|ů•A~*]
Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.


2) Start -> Spustit -> (napis) REGEDIT /E "%userprofile%\desktop\log.txt" "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon"
Enter.

Na ploche sa ti objavi textovy dokument (log.txt), posli mi sem jeho obsah.

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 07 led 2010 10:16
od chyno
1)

ComboFix 10-01-04.01 - Chyno . 01. 2010 9:40.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.503.177 [GMT 1:00]
Running from: c:\documents and settings\Chyno\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Chyno\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-05 18:00 . 2010-01-05 18:00 -------- dc----w- C:\_OTL
2009-12-19 20:21 . 2009-12-19 20:21 16384 -c--a-w- c:\windows\MSIMGSIZ.DAT
2009-12-19 20:19 . 2009-12-19 20:19 -------- dc----w- c:\program files\MultipleIEs
2009-12-17 20:32 . 2009-12-19 20:04 -------- dc----w- c:\program files\Xara
2009-12-17 20:32 . 2009-12-17 20:32 -------- dc----w- c:\program files\Common Files\Xara
2009-12-11 17:55 . 2009-12-11 17:56 -------- dc----w- c:\program files\Atomic Bomberman

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-07 08:51 . 2008-07-06 06:07 7077888 ----a-w- c:\documents and settings\Chyno\NTUSER.DAT
2010-01-07 08:36 . 2008-12-24 08:42 -------- dc----w- c:\documents and settings\Chyno\Application Data\uTorrent
2010-01-05 17:08 . 2008-10-09 22:05 -------- dc----w- c:\program files\Opera
2010-01-05 08:56 . 2009-08-22 08:09 -------- dc----w- c:\program files\trend micro
2009-12-31 15:47 . 2009-05-03 10:39 -------- dc----w- c:\program files\PS Pad
2009-12-18 19:37 . 2008-07-23 09:49 100424 -c--a-w- c:\documents and settings\Chyno\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-17 20:32 . 2003-10-06 10:13 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-12-17 20:31 . 2003-10-06 10:12 -------- dc----w- c:\program files\Common Files\InstallShield
2009-12-02 20:01 . 2009-06-10 17:41 -------- dc----w- c:\program files\Counter-Strike 1.6 V40
2009-12-01 15:40 . 2009-07-07 19:29 -------- dc----w- c:\documents and settings\Chyno\Application Data\Nokia
2009-12-01 15:37 . 2009-07-07 19:25 -------- dc----w- c:\documents and settings\Chyno\Application Data\PC Suite
2009-11-29 23:23 . 2009-11-29 22:41 -------- dc----w- c:\program files\Lock Folder XP
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Everstrike Software
2009-11-29 23:09 . 2009-11-29 23:09 -------- dc----w- c:\program files\Common Files\Everstrike Software
2009-11-29 23:02 . 2009-11-29 23:02 180224 -c--a-w- c:\windows\system32\WinVd32.sys
2009-11-29 23:02 . 2009-11-29 23:02 7680 -c--a-w- c:\windows\system32\WinFLsrv.exe
2009-11-29 23:02 . 2009-11-29 22:35 -------- dc----w- c:\program files\ABC Lock
2009-11-23 22:18 . 2006-10-10 18:41 249856 -c----w- c:\windows\Setup1.exe
2009-11-23 22:18 . 2006-10-10 18:41 73216 -c--a-w- c:\windows\ST6UNST.EXE
2009-11-17 12:43 . 2009-11-17 12:43 -------- dc----w- c:\program files\Microsoft GIF Animator
2009-01-04 16:59 . 2009-01-04 16:48 12717920 -c--a-w- c:\program files\PRO2KXP_v13_4.exe
2007-03-21 15:47 . 2008-07-06 08:23 177152 -c--a-w- c:\program files\uTorrent.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2009-02-05 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"LFAgent"="c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30.exe" [2005-09-24 566272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\µTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Opera\\opera.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6. 2. 2009 13:23 107256]
R2 CWS_Apache_80;CWS_Apache_80;c:\complexwebserver\apache\bin\Apache.exe [18. 5. 2009 15:44 20541]
R2 CWS_MySQL_3306;CWS_MySQL_3306;c:\complexwebserver\mysql\bin\mysqld-nt.exe --defaults-file=c:\complexwebserver\mysql\conf\mysqld.conf CWS_MySQL_3306 --> c:\complexwebserver\mysql\bin\mysqld-nt.exe --defaults-file=c:\complexwebserver\mysql\conf\mysqld.conf CWS_MySQL_3306 [?]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14. 5. 2009 14:47 731840]
R2 LF30FS;LF30FS;c:\program files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [19. 11. 2004 18:07 101488]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [30. 11. 2009 0:02 10752]
S2 BT848;CxVCap, WDM Video Capture;c:\windows\system32\drivers\cxvcap.sys [6. 5. 2007 16:41 107200]
S2 BTTUNER;BtTuner, WDM TvTuner;c:\windows\system32\drivers\bttuner.sys [30. 1. 2007 18:06 18944]
S2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\btxbar.sys [30. 1. 2007 17:58 13308]
S2 CWS_Apache_8080;CWS_Apache_8080;c:\complexwebserver\apache\bin\Apache.exe [18. 5. 2009 15:44 20541]
S2 CXXBAR;CxXBar, WDM Crossbar;c:\windows\system32\drivers\cxxbar.sys [22. 3. 2007 10:02 15696]
S3 PSTRIP;PSTRIP;\??\c:\windows\System32\DRIVERS\PSTRIP.SYS --> c:\windows\System32\DRIVERS\PSTRIP.SYS [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8. 1. 2006 19:18 642560]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008Core.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]

2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-179605362-839522115-1008UA.job
- c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-26 21:48]

2010-01-07 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {2DF08C82-196D-4047-B65B-C14A0570A32F} = 192.168.1.1,4.2.2.5
FF - ProfilePath - c:\documents and settings\Chyno\Application Data\Mozilla\Firefox\Profiles\e6ry7u8r.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Chyno\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 10:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\windows\system32\WinFLdrv.sys 10752 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e]
@Class="Shell"

[HKEY_USERS\S-1-5-21-343818398-179605362-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e\OpenWithList]
@Class="Shell"
"a"="opera.exe"
"MRUList"="a"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\đ•€|˙˙˙˙.•€|ů•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1280)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\MSI\Bluetooth Software\bin\btwdins.exe
c:\complexwebserver\mysql\bin\mysqld-nt.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\TUProgSt.exe
.
**************************************************************************
.
Completion time: 2010-01-07 10:12:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-07 09:12
ComboFix2.txt 2010-01-06 19:58

Pre-Run: 15 239 966 720 bytes free
Post-Run: 15 228 391 424 bytes free

- - End Of File - - 7D27F3D7024B417D70CDB7E01F63E338

2)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"AutoRestartShell"=dword:00000001
"DefaultDomainName"="PC_COMPAQ"
"DefaultUserName"="chyno"
"LegalNoticeCaption"=""
"LegalNoticeText"=""
"PowerdownAfterShutdown"="0"
"ReportBootOk"="1"
"Shell"="Explorer.exe"
"ShutdownWithoutLogon"="0"
"System"=""
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\""
"SfcQuota"=dword:ffffffff
"allocatecdroms"="0"
"allocatedasd"="0"
"allocatefloppies"="0"
"cachedlogonscount"="10"
"forceunlocklogon"=dword:00000000
"passwordexpirywarning"=dword:0000000e
"scremoveoption"="0"
"AllowMultipleTSSessions"=dword:00000000
"UIHost"=""
"LogonType"=dword:00000000
"DebugServerCommand"="no"
"SFCDisable"=dword:00000000
"WinStationsDisabled"="0"
"HibernationPreviouslyEnabled"=dword:00000001
"ShowLogonOptions"=dword:00000001
"AltDefaultUserName"="chyno"
"AltDefaultDomainName"="PC_COMPAQ"
"AutoAdminLogon"="0"
"ChangePasswordUseKerberos"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=hex(2):66,00,64,00,65,00,70,00,6c,00,6f,00,79,00,2e,00,64,00,6c,00,\
6c,00,00,00
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=hex(7):28,00,46,00,6f,00,6c,00,64,00,65,00,72,00,20,00,52,00,65,\
00,64,00,69,00,72,00,65,00,63,00,74,00,69,00,6f,00,6e,00,2c,00,41,00,70,00,\
70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=hex(2):64,00,73,00,6b,00,71,00,75,00,6f,00,74,00,61,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@="Internet Explorer Zonemapping"
"DllName"=hex(2):69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,31,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=hex(2):40,00,69,00,65,00,64,00,6b,00,63,00,73,00,33,00,32,00,2e,\
00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,31,00,34,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=hex(2):73,00,63,00,65,00,63,00,6c,00,69,00,2e,00,64,00,6c,00,6c,00,\
00,00
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@="Software Installation"
"DllName"=hex(2):61,00,70,00,70,00,6d,00,67,00,6d,00,74,00,73,00,2e,00,64,00,\
6c,00,6c,00,00,00
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=hex(7):28,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,\
74,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,\
00,29,00,00,00,28,00,4d,00,73,00,69,00,49,00,6e,00,73,00,74,00,61,00,6c,00,\
6c,00,65,00,72,00,2c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,29,00,00,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=hex(2):67,00,70,00,74,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,\
00,00
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000000
"InstallEvent"="1.8.0031.9"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\WgaLogon\Settings]
@=""
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,d9,1f,7a,11,17,95,22,47,88,ed,15,74,54,f7,05,94,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,9d,be,9d,b6,b2,c4,a3,46,\
07,54,5e,bc,2f,20,5d,4a,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,a2,\
5f,a3,64,f2,f1,0d,46,0e,fd,09,ae,f6,b5,2c,7f,38,02,00,00,27,b0,c9,c1,db,f1,\
31,7b,e6,7e,5c,32,b0,be,1e,86,36,f6,cf,68,5d,37,9d,75,99,7e,1c,9c,c5,08,4a,\
31,14,13,0c,77,58,8b,f4,8f,47,c5,68,ae,01,60,03,1f,85,3b,a7,94,a2,50,ba,fa,\
a0,43,31,97,4e,ae,e8,e5,b2,37,07,ea,b4,78,d2,ce,4c,25,f1,89,6f,c0,a9,ab,f4,\
dd,fe,c2,d1,a9,a0,a0,ea,c4,36,35,8c,12,a5,7f,88,38,2b,d9,04,96,63,60,67,5b,\
7a,1e,ef,ba,59,ff,55,b9,f4,69,2f,e9,6a,30,ee,6a,15,c9,74,d6,b9,ea,83,a8,9f,\
9b,c2,43,91,01,c9,ff,13,96,56,ff,b2,a7,76,82,bc,6b,88,66,ac,a2,1f,c0,9f,94,\
ee,c6,00,6e,f4,e6,26,82,87,3e,13,d0,fe,32,a9,36,11,22,3f,d7,4b,2a,b5,6b,b5,\
08,22,2e,a5,de,28,4e,03,f0,af,ee,a9,c4,01,46,0e,2a,7c,75,05,b9,f1,ee,f1,27,\
a5,ee,2c,ca,63,1e,de,ba,c0,dc,46,60,d6,88,0f,5d,2b,8e,28,4a,99,b0,07,9d,70,\
d5,8d,0e,12,44,35,47,2d,49,08,61,43,df,13,46,3e,a1,6f,0d,5e,4a,34,f3,a0,0e,\
5e,a5,c6,d5,26,6c,4f,eb,cb,b4,8a,40,f6,55,8b,a9,91,2c,97,38,80,35,cf,48,d4,\
e2,99,15,5b,54,4e,61,1a,e6,f0,67,6e,17,c7,ca,0e,77,c3,fb,d4,d2,17,90,93,35,\
db,31,52,51,31,47,a3,08,19,7f,5f,27,73,82,e6,c0,cb,f6,be,cc,65,dc,82,20,82,\
61,d1,86,05,f8,2f,fc,22,54,06,e3,44,c1,1b,90,11,37,09,b7,91,17,0a,b6,71,a8,\
34,24,9a,70,ae,73,de,57,12,8e,4f,9d,72,05,da,af,c9,97,fa,21,1e,b4,d1,aa,20,\
9d,6d,6d,37,d3,b3,fa,2d,c3,a5,f0,53,9b,3b,48,43,7a,37,fe,bf,f6,2c,39,ee,38,\
5d,c2,ad,a7,b0,75,80,c2,32,5b,00,fb,e5,78,0e,78,fe,d6,41,12,5c,6c,04,5a,26,\
74,67,e6,79,26,53,c5,6c,f4,85,61,55,7e,6f,43,43,d7,60,38,fd,c9,9c,ff,b9,92,\
13,35,49,73,4e,8a,9c,58,68,a2,76,a6,95,4d,7c,2f,c6,19,aa,f4,1e,96,08,36,e4,\
c8,1f,5e,8f,93,85,84,57,6f,4f,c1,51,c7,a9,14,2e,df,32,38,25,26,2c,62,7a,6a,\
20,67,4e,94,98,79,ba,33,91,ab,cc,0b,ed,07,97,2e,6a,f9,9d,8f,55,85,35,c1,b8,\
0a,41,71,cd,b9,9d,42,15,e6,f0,a9,c9,13,af,6e,54,bb,05,34,e5,dc,59,5b,9e,15,\
c3,a4,06,df,b4,f2,01,e6,3c,4c,5e,31,14,00,00,00,56,0b,10,cf,eb,2e,6e,67,e1,\
06,ab,9b,01,94,ba,f9,f3,38,85,20

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SCLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts\UserList]
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 07 led 2010 11:40
od pitimir
OK, este Nod hlasi smejda?

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 07 led 2010 19:39
od chyno
Nie, je to uz vsetko?

Re: NOD-u sa nepodarilo zmazat infiltraciu "Win32/Olmarik.SJ"

Napsal: 07 led 2010 21:51
od pitimir
1) Docistime to:
  • Odinstaluj Combofix:
    Start -> Spustit -> (napis) combofix /uninstall
  • Pouzi T-Cleaner (ak by ho antivirus hlasil ako smejda, nic sa netreba bat, ide len o paranoju AV programu).
  • Pouzi TFC (spust program a klikni na "Start". Pozor, PC moze byt restartovane).

2) Vloz log z HJT.

V pripade nezrovnalosti sa >>tu<< nachadza navod.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz