log z rsit:
Kód: Vybrat vše
http://www.sendspace.com/file/ka45cpvopred dik
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Sekanie hier + RSIT log
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Sekanie hier + RSIT log
zdravim pls pomozte mi sekaju mi vsetky hry, pritom este vcera isli v pohode...
log z rsit:
(neslo ho sem cely dat tak som ho uploadol na sendspace)
vopred dik
log z rsit:
vopred dik
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Sekanie hier + RSIT log
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Sekanie hier + RSIT log
log z combofix
ComboFix 10-01-02.01 - Patrik Hanko 02.01.2010 22:24:23.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2935 [GMT 1:00]
Running from: h:\documents and settings\Patrik Hanko\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
h:\program files\ICQ6.5\ICQLRun.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.
2010-01-02 21:24 . 2010-01-02 21:24 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\ESET
2010-01-01 22:48 . 2008-04-14 04:42 294912 -c----w- h:\windows\system32\dllcache\dlimport.exe
2010-01-01 17:13 . 2010-01-01 17:13 64603 ----a-w- h:\windows\BricoPackUninst.cmd
2010-01-01 17:11 . 2010-01-01 17:13 6120 ----a-w- h:\windows\BricoPackFoldersDelete.cmd
2010-01-01 17:11 . 2010-01-01 17:11 -------- d-----w- h:\windows\BricoPacks
2010-01-01 15:55 . 2010-01-01 15:58 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Uniblue
2010-01-01 15:55 . 2010-01-01 15:58 -------- d-----w- h:\documents and settings\All Users\Application Data\DriverScanner
2010-01-01 14:50 . 2008-07-30 05:20 68616 ----a-w- h:\windows\system32\XAPOFX1_1.dll
2010-01-01 14:50 . 2008-07-30 05:20 509448 ----a-w- h:\windows\system32\XAudio2_2.dll
2010-01-01 14:50 . 2008-07-30 05:20 238088 ----a-w- h:\windows\system32\xactengine3_2.dll
2010-01-01 14:50 . 2008-07-10 10:01 467984 ----a-w- h:\windows\system32\d3dx10_39.dll
2010-01-01 14:50 . 2008-07-10 10:00 1493528 ----a-w- h:\windows\system32\D3DCompiler_39.dll
2010-01-01 14:50 . 2008-07-10 10:00 3851784 ----a-w- h:\windows\system32\D3DX9_39.dll
2010-01-01 14:43 . 2010-01-01 14:43 -------- d-----w- h:\windows\system32\AGEIA
2010-01-01 14:43 . 2010-01-01 14:43 -------- d-----w- h:\program files\AGEIA Technologies
2009-12-31 16:57 . 2009-12-31 16:58 -------- d-----w- h:\program files\Vypínač na dobrou noc
2009-12-31 01:24 . 2009-12-31 01:24 -------- d-----w- h:\program files\ICQ6Toolbar
2009-12-31 01:24 . 2009-12-31 01:24 -------- d-----w- h:\documents and settings\All Users\Application Data\ICQ
2009-12-31 00:45 . 2009-12-31 01:26 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\ICQ
2009-12-31 00:45 . 2010-01-02 21:26 -------- d-----w- h:\program files\ICQ6.5
2009-12-29 19:30 . 2008-04-14 09:45 33792 ----a-w- h:\documents and settings\All Users\Application Data\EPSON\EPSON SX100 Series\Language\041b.E_H9E0D7.DLL
2009-12-29 15:23 . 2009-12-29 15:30 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Adobe
2009-12-29 15:18 . 2009-12-29 15:18 -------- d-----w- h:\documents and settings\All Users\Application Data\Adobe Systems
2009-12-29 15:18 . 2009-12-29 15:18 -------- d-----w- h:\program files\Common Files\Adobe Systems Shared
2009-12-29 15:18 . 2009-12-29 15:19 -------- d-----w- h:\program files\Common Files\Adobe
2009-12-28 18:24 . 2009-12-28 18:24 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\EPSON
2009-12-26 19:01 . 2003-06-18 23:31 18944 ----a-w- h:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-12-26 19:01 . 2003-06-18 23:31 17920 ----a-w- h:\windows\system32\mdimon.dll
2009-12-26 19:00 . 2009-12-26 19:00 -------- d-----w- h:\windows\SHELLNEW
2009-12-26 19:00 . 2009-12-26 19:00 -------- d-----w- h:\program files\Microsoft.NET
2009-12-26 18:50 . 2009-12-26 18:50 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\GHISLER
2009-12-25 22:38 . 2009-12-25 22:38 -------- d--h--r- h:\documents and settings\Patrik Hanko\Application Data\SecuROM
2009-12-25 20:31 . 2010-01-02 21:20 1205256 ----a-w- h:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-25 19:44 . 2008-04-14 09:43 39424 ----a-w- h:\documents and settings\All Users\Application Data\EPSON\EPSON SX100 Series\Language\041b.E_DIX0RE.DLL
2009-12-25 19:38 . 2009-12-25 19:38 -------- d-----w- h:\documents and settings\All Users\Application Data\UDL
2009-12-25 19:38 . 2009-12-25 19:38 -------- d-----w- h:\program files\Epson Software
2009-12-25 19:38 . 2009-12-25 19:38 -------- d-----w- h:\program files\ABBYY FineReader 6.0 Sprint
2009-12-25 19:29 . 2009-09-04 16:29 453456 ----a-w- h:\windows\system32\d3dx10_42.dll
2009-12-25 19:29 . 2009-09-04 16:29 1892184 ----a-w- h:\windows\system32\D3DX9_42.dll
2009-12-25 19:28 . 2010-01-01 23:10 -------- dc----w- h:\windows\system32\DRVSTORE
2009-12-25 19:28 . 2009-12-25 19:34 -------- d-----w- h:\documents and settings\All Users\Application Data\EPSON
2009-12-25 19:28 . 2007-07-12 23:00 71680 ----a-w- h:\windows\system32\escwiad.dll
2009-12-25 19:28 . 2009-12-25 19:37 -------- d-----w- h:\program files\epson
2009-12-25 19:01 . 2008-03-05 14:56 1420824 ----a-w- h:\windows\system32\D3DCompiler_37.dll
2009-12-25 19:01 . 2008-02-05 22:07 462864 ----a-w- h:\windows\system32\d3dx10_37.dll
2009-12-25 19:01 . 2008-03-05 14:56 3786760 ----a-w- h:\windows\system32\D3DX9_37.dll
2009-12-25 19:01 . 2007-04-04 17:53 81768 ----a-w- h:\windows\system32\xinput1_3.dll
2009-12-25 19:01 . 2009-12-25 19:29 -------- d-----w- h:\program files\Microsoft Games for Windows - LIVE
2009-12-25 19:01 . 2009-12-25 19:01 -------- d-----w- h:\windows\system32\xlive
2009-12-25 18:40 . 2009-12-30 15:45 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Rockstar Games
2009-12-25 18:24 . 2009-12-25 18:24 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Publish Providers
2009-12-25 18:24 . 2009-12-25 18:24 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Sony
2009-12-25 17:20 . 2002-12-17 15:23 33340 ------w- h:\windows\system32\dbmsqlgc.dll
2009-12-25 17:20 . 2002-10-20 13:05 24576 ------w- h:\windows\system32\dbmsgnet.dll
2009-12-25 17:20 . 1998-10-29 14:45 306688 ----a-w- h:\windows\IsUninst.exe
2009-12-25 17:19 . 2009-12-25 17:19 -------- d-----w- h:\program files\Microsoft SQL Server
2009-12-25 17:19 . 2009-12-25 18:24 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Sony
2009-12-25 17:19 . 2009-12-25 17:19 -------- d-----w- h:\program files\Vstplugins
2009-12-25 17:19 . 2009-12-25 17:19 -------- d-----w- h:\documents and settings\All Users\Application Data\Sony
2009-12-25 17:19 . 2009-12-25 17:19 -------- d-----w- h:\program files\Sony
2009-12-25 17:18 . 2009-12-25 17:22 -------- d-----w- h:\windows\SxsCaPendDel
2009-12-25 17:16 . 2009-12-25 17:16 -------- d-----w- h:\program files\Sony Setup
2009-12-25 15:48 . 2009-12-25 15:48 -------- d-----w- h:\program files\DAEMON Tools Toolbar
2009-12-25 15:48 . 2009-12-25 15:48 691696 ----a-w- h:\windows\system32\drivers\sptd.sys
2009-12-25 15:48 . 2009-12-25 15:54 -------- d-----w- h:\program files\DAEMON Tools Lite
2009-12-25 15:48 . 2009-12-25 18:36 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\DAEMON Tools Lite
2009-12-25 15:47 . 2009-12-25 15:48 -------- d-----w- h:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-25 14:34 . 2009-12-25 14:34 -------- d-----w- h:\program files\MSXML 6.0
2009-12-25 14:25 . 2010-01-01 22:48 -------- d-----w- h:\windows\ServicePackFiles
2009-12-25 14:24 . 2009-12-25 14:24 -------- d-----w- h:\program files\MSXML 4.0
2009-12-25 14:18 . 2008-06-13 11:05 272128 -c----w- h:\windows\system32\dllcache\bthport.sys
2009-12-25 14:18 . 2008-06-13 11:05 272128 ------w- h:\windows\system32\drivers\bthport.sys
2009-12-25 14:15 . 2009-07-10 13:27 1315328 -c----w- h:\windows\system32\dllcache\msoe.dll
2009-12-25 14:15 . 2008-04-11 19:04 691712 -c----w- h:\windows\system32\dllcache\inetcomm.dll
2009-12-25 14:14 . 2008-10-15 16:34 337408 -c----w- h:\windows\system32\dllcache\netapi32.dll
2009-12-25 14:13 . 2008-05-03 11:55 2560 ------w- h:\windows\system32\xpsp4res.dll
2009-12-25 14:13 . 2008-04-21 12:08 215552 -c----w- h:\windows\system32\dllcache\wordpad.exe
2009-12-25 10:48 . 2009-12-25 10:48 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Logitech
2009-12-25 10:46 . 2009-12-25 10:46 -------- d-----w- h:\program files\Common Files\Logitech
2009-12-25 10:46 . 2009-12-25 10:46 -------- d-----w- h:\program files\Logitech
2009-12-25 10:21 . 2009-12-25 10:21 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Identities
2009-12-25 10:21 . 2009-12-31 14:20 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Ahead
2009-12-25 10:16 . 2009-12-25 21:18 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Ahead
2009-12-25 10:15 . 2009-12-25 10:15 -------- d-----w- h:\documents and settings\All Users\Application Data\Ahead
2009-12-25 10:15 . 2009-12-25 10:15 -------- d-----w- h:\program files\Common Files\Ahead
2009-12-25 10:15 . 2009-12-25 10:15 -------- d-----w- h:\program files\Nero
2009-12-25 10:15 . 2009-12-25 10:15 -------- d-----w- h:\documents and settings\All Users\Application Data\Nero
2009-12-25 10:10 . 2009-12-25 10:10 -------- d-----w- H:\totalcmd
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\UC.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\RAR.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\PKZIP.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\PKUNZIP.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\NOCLOSE.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\LHA.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\ARJ.PIF
2009-12-25 00:45 . 2006-12-31 06:57 4569 -c--a-w- h:\windows\system32\dllcache\secupd.dat
2009-12-25 00:45 . 2006-12-31 06:57 4569 ------w- h:\windows\system32\secupd.dat
2009-12-25 00:35 . 2009-12-25 00:35 -------- d-sh--w- h:\documents and settings\Patrik Hanko\IECompatCache
2009-12-25 00:35 . 2009-12-25 00:35 -------- d-sh--w- h:\documents and settings\Patrik Hanko\PrivacIE
2009-12-25 00:32 . 2009-12-25 00:32 -------- d-sh--w- h:\documents and settings\Patrik Hanko\IETldCache
2009-12-25 00:30 . 2009-12-25 14:25 -------- d-----w- h:\windows\ie8updates
2009-12-25 00:29 . 2009-12-25 00:30 -------- dc-h--w- h:\windows\ie8
2009-12-25 00:29 . 2009-12-25 00:30 -------- d-----w- h:\windows\system32\sk-SK
2009-12-25 00:27 . 2009-10-29 07:45 594432 -c----w- h:\windows\system32\dllcache\msfeeds.dll
2009-12-25 00:27 . 2009-10-29 07:45 55296 -c----w- h:\windows\system32\dllcache\msfeedsbs.dll
2009-12-25 00:27 . 2009-10-29 07:45 12800 -c----w- h:\windows\system32\dllcache\xpshims.dll
2009-12-25 00:27 . 2009-10-29 07:45 246272 -c----w- h:\windows\system32\dllcache\ieproxy.dll
2009-12-25 00:27 . 2009-10-29 07:45 1985536 -c----w- h:\windows\system32\dllcache\iertutil.dll
2009-12-25 00:27 . 2009-10-29 07:45 11069952 -c----w- h:\windows\system32\dllcache\ieframe.dll
2009-12-25 00:18 . 2009-08-06 18:24 44768 ----a-w- h:\windows\system32\wups2.dll
2009-12-25 00:14 . 2009-12-25 14:28 -------- d--h--w- h:\windows\$hf_mig$
2009-12-24 23:59 . 2009-12-24 23:59 -------- d-sh--w- h:\documents and settings\Patrik Hanko\UserData
2009-12-24 23:08 . 2009-12-25 19:03 107888 ----a-w- h:\windows\system32\CmdLineExt.dll
2009-12-24 21:13 . 2010-01-02 19:42 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Hamachi
2009-12-24 21:12 . 2009-12-24 21:13 -------- d-----w- h:\program files\Hamachi
2009-12-24 21:12 . 2009-12-24 21:12 25280 ----a-w- h:\windows\system32\drivers\hamachi.sys
2009-12-24 20:44 . 2009-12-24 20:43 737280 ----a-w- h:\windows\iun6002.exe
2009-12-24 20:31 . 2009-12-24 20:31 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\TeamViewer
2009-12-24 20:31 . 2009-12-24 20:31 -------- d-----w- h:\program files\TeamViewer3
2009-12-24 20:30 . 2009-12-24 20:30 -------- d-----w- h:\documents and settings\Patrik Hanko\temp
2009-12-24 20:23 . 2009-12-24 20:23 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Media Player Classic
2009-12-24 20:01 . 2010-01-02 21:19 -------- d---a-w- h:\documents and settings\All Users\Application Data\TEMP
2009-12-24 19:30 . 2008-10-27 08:28 878976 ----a-r- h:\windows\system32\drivers\viahduaa.sys
2009-12-24 19:30 . 2008-02-14 06:12 1389056 ----a-r- h:\windows\system32\drivers\monfilt.sys
2009-12-24 19:30 . 2008-04-14 04:41 4096 ----a-w- h:\windows\system32\ksuser.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 20:35 . 2010-01-02 20:19 -------- d-----w- h:\program files\trend micro
2010-01-02 13:51 . 2010-01-02 13:51 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\ESET
2010-01-02 13:50 . 2010-01-02 13:50 -------- d-----w- h:\program files\ESET
2010-01-02 13:50 . 2010-01-02 13:50 -------- d-----w- h:\documents and settings\All Users\Application Data\ESET
2010-01-02 13:46 . 2010-01-02 13:46 664 ----a-w- h:\windows\system32\d3d9caps.dat
2010-01-02 13:28 . 2009-12-22 12:11 -------- d-----w- h:\program files\ATI
2010-01-02 13:17 . 2009-12-22 11:56 -------- d-----w- h:\program files\ATI Technologies
2010-01-02 13:16 . 2010-01-02 13:16 10134 ----a-r- h:\documents and settings\Patrik Hanko\Application Data\Microsoft\Installer\{A778A787-08A4-4089-CB68-02A9737DE532}\ARPPRODUCTICON.exe
2010-01-02 13:14 . 2010-01-02 13:14 -------- d-----w- h:\program files\CCleaner
2010-01-01 23:22 . 2009-12-22 11:53 43920 ----a-w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 22:53 . 2009-12-22 11:42 5938 ----a-w- h:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-01 22:53 . 2009-12-22 11:42 166455 ----a-w- h:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-01 14:51 . 2010-01-01 14:51 -------- d-----w- h:\program files\Electronic Arts
2009-12-31 01:24 . 2009-12-22 11:56 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-12-25 19:34 . 2009-12-25 19:34 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\InstallShield
2009-12-25 14:35 . 2009-12-25 14:35 -------- d-----w- h:\program files\MSBuild
2009-12-25 14:35 . 2009-12-25 14:35 -------- d-----w- h:\program files\Reference Assemblies
2009-12-25 00:38 . 2009-12-22 12:40 -------- d-----w- h:\program files\NortonInstaller
2009-12-24 19:29 . 2009-12-22 11:56 -------- d-----w- h:\program files\Common Files\InstallShield
2009-12-22 12:40 . 2009-12-22 12:40 -------- d-----w- h:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-22 12:40 . 2009-12-22 12:40 -------- d-----w- h:\documents and settings\All Users\Application Data\Symantec
2009-12-22 12:23 . 2009-12-22 12:23 -------- d-----w- h:\program files\Alwil Software
2009-12-22 12:19 . 2009-12-22 12:19 0 ----a-w- h:\windows\nsreg.dat
2009-12-22 12:11 . 2009-12-22 12:11 -------- d-----w- h:\program files\Realtek
2009-12-22 12:03 . 2009-12-22 12:03 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\ATI
2009-12-22 12:03 . 2009-12-22 12:03 -------- d-----w- h:\documents and settings\All Users\Application Data\ATI
2009-12-22 12:02 . 2009-12-22 12:02 0 ----a-w- h:\windows\ativpsrm.bin
2009-12-22 11:59 . 2009-12-22 11:59 -------- d-----w- h:\program files\Common Files\ATI Technologies
2009-12-22 11:49 . 2009-12-22 11:42 8972 ----a-w- h:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-22 11:42 . 2009-12-22 11:42 -------- d-----w- h:\program files\microsoft frontpage
2009-12-22 11:39 . 2009-12-22 11:39 21640 ----a-w- h:\windows\system32\emptyregdb.dat
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- h:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- h:\windows\system32\xliveinstallhost.exe
2009-11-25 03:50 . 2009-07-15 04:20 4463104 ----a-w- h:\windows\system32\drivers\ati2mtag.sys
2009-11-25 03:27 . 2009-12-22 11:57 446464 ----a-w- h:\windows\system32\ATIDEMGX.dll
2009-11-25 03:26 . 2009-07-15 02:27 300032 ----a-w- h:\windows\system32\ati2dvag.dll
2009-11-25 03:11 . 2009-07-15 02:10 208896 ----a-w- h:\windows\system32\atipdlxx.dll
2009-11-25 03:11 . 2009-07-15 02:10 155648 ----a-w- h:\windows\system32\Oemdspif.dll
2009-11-25 03:10 . 2009-07-15 02:10 26112 ----a-w- h:\windows\system32\Ati2mdxx.exe
2009-11-25 03:10 . 2009-07-15 02:10 43520 ----a-w- h:\windows\system32\ati2edxx.dll
2009-11-25 03:10 . 2009-07-15 02:09 155648 ----a-w- h:\windows\system32\ati2evxx.dll
2009-11-25 03:09 . 2009-07-15 02:08 602112 ----a-w- h:\windows\system32\ati2evxx.exe
2009-11-25 03:07 . 2009-07-15 02:06 53248 ----a-w- h:\windows\system32\ATIDDC.DLL
2009-11-25 02:59 . 2009-12-22 11:57 311296 ----a-w- h:\windows\system32\atiiiexx.dll
2009-11-25 02:59 . 2009-07-15 01:58 3538496 ----a-w- h:\windows\system32\ati3duag.dll
2009-11-25 02:44 . 2009-07-15 01:48 13533184 ----a-w- h:\windows\system32\atioglxx.dll
2009-11-25 02:43 . 2009-07-15 01:44 2142848 ----a-w- h:\windows\system32\ativvaxx.dll
2009-11-25 02:42 . 2009-12-22 11:57 887724 ----a-w- h:\windows\system32\ativva6x.dat
2009-11-25 02:42 . 2009-12-22 11:57 3 ----a-w- h:\windows\system32\ativva5x.dat
2009-11-25 02:26 . 2009-07-15 01:27 65024 ----a-w- h:\windows\system32\atimpc32.dll
2009-11-25 02:26 . 2009-07-15 01:27 65024 ----a-w- h:\windows\system32\amdpcom32.dll
2009-11-25 02:21 . 2009-07-15 01:23 565248 ----a-w- h:\windows\system32\atikvmag.dll
2009-11-25 02:20 . 2009-07-15 01:22 45056 ----a-w- h:\windows\system32\aticalrt.dll
2009-11-25 02:20 . 2009-07-15 01:22 45056 ----a-w- h:\windows\system32\aticalcl.dll
2009-11-25 02:19 . 2009-07-15 01:21 176128 ----a-w- h:\windows\system32\atiadlxx.dll
2009-11-25 02:18 . 2009-07-15 01:20 17408 ----a-w- h:\windows\system32\atitvo32.dll
2009-11-25 02:18 . 2009-07-15 01:20 3612672 ----a-w- h:\windows\system32\aticaldd.dll
2009-11-25 02:18 . 2009-07-15 01:19 53248 ----a-w- h:\windows\system32\drivers\ati2erec.dll
2009-11-25 02:17 . 2009-07-15 01:18 397312 ----a-w- h:\windows\system32\atiok3x2.dll
2009-11-25 02:12 . 2009-07-15 01:14 638976 ----a-w- h:\windows\system32\ati2cqag.dll
2009-11-24 15:39 . 2009-11-24 15:39 1093064 ----a-w- h:\documents and settings\Patrik Hanko\Application Data\Mozilla\Firefox\Profiles\na2maqgz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- h:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- h:\windows\system32\xlivefnt.dll
2009-10-29 07:45 . 2004-08-04 00:56 916480 ----a-w- h:\windows\system32\wininet.dll
2009-10-22 15:59 . 2009-12-22 11:57 196565 ----a-w- h:\windows\system32\atiicdxx.dat
2009-10-13 10:30 . 2004-08-04 00:56 270336 ----a-w- h:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 00:56 149504 ----a-w- h:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 00:56 79872 ----a-w- h:\windows\system32\raschap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="h:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"RGSC"="i:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-12-25 306088]
"msnmsgr"="h:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"HDAudDeck"="h:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-11-21 33533952]
"Start WingMan Profiler"="h:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"egui"="h:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
h:\documents and settings\Patrik Hanko\Start Menu\Programs\Startup\
hamachi.lnk - h:\program files\Hamachi\hamachi.exe [2009-12-24 625952]
[HKLM\~\startupfolder\H:^Documents and Settings^Patrik Hanko^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=h:\documents and settings\Patrik Hanko\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=h:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- h:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- h:\program files\ICQ6.5\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- h:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- h:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSS]
2009-12-22 12:40 634760 ----a-w- h:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.0.52\InstStub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2009-12-25 18:40 306088 ----a-w- i:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\QIP\\qip.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\WINDOWS\\system32\\dpvsetup.exe"=
"i:\\Program Files\\rFactor\\rFactor.exe"=
"i:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"i:\\Program Files\\rFactor ROC\\rFactor.exe"=
"i:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"h:\\totalcmd\\TOTALCMD.EXE"=
"i:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 ehdrv;ehdrv;h:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 ekrn;ESET Service;h:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R2 ICQ Service;ICQ Service;h:\program files\ICQ6Toolbar\ICQ Service.exe [31.12.2009 2:24 222968]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;h:\windows\system32\drivers\viahduaa.sys [24.12.2009 20:30 878976]
S0 sptd;sptd;h:\windows\system32\drivers\sptd.sys [25.12.2009 16:48 691696]
S3 FXDrv32;FXDrv32;\??\g:\fxdrv32.sys --> g:\FXDrv32.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-12-25 h:\windows\Tasks\NSSstub.job
- h:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-12-22 12:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovať do programu Microsoft Excel - h:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - h:\documents and settings\Patrik Hanko\Application Data\Mozilla\Firefox\Profiles\na2maqgz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: h:\documents and settings\Patrik Hanko\Application Data\Mozilla\Firefox\Profiles\na2maqgz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
---- FIREFOX POLICIES ----
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 22:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = h:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1292428093-1454471165-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:18,1e,5e,ee,55,9c,67,f0,ce,7a,22,ad,02,57,2a,62,10,d7,0a,61,58,
e5,d7,f9,12,5d,34,3e,7c,34,92,12,a0,a4,e0,80,ac,1b,32,39,66,a9,6b,b3,29,05,\
"rkeysecu"=hex:f4,6c,cb,0a,2b,5c,7b,bb,10,ff,d9,07,37,ac,b5,0f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1136)
h:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-02 22:27:14
ComboFix-quarantined-files.txt 2010-01-02 21:27
Pre-Run: 165 314 465 792 bytes free
Post-Run: 9 adresárov, 165 318 332 416 voľných bajtov
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 284E953A1FCD78D61836F8932D30EDE4
ComboFix 10-01-02.01 - Patrik Hanko 02.01.2010 22:24:23.1.4 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.3327.2935 [GMT 1:00]
Running from: h:\documents and settings\Patrik Hanko\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
h:\program files\ICQ6.5\ICQLRun.exe
.
((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.
2010-01-02 21:24 . 2010-01-02 21:24 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\ESET
2010-01-01 22:48 . 2008-04-14 04:42 294912 -c----w- h:\windows\system32\dllcache\dlimport.exe
2010-01-01 17:13 . 2010-01-01 17:13 64603 ----a-w- h:\windows\BricoPackUninst.cmd
2010-01-01 17:11 . 2010-01-01 17:13 6120 ----a-w- h:\windows\BricoPackFoldersDelete.cmd
2010-01-01 17:11 . 2010-01-01 17:11 -------- d-----w- h:\windows\BricoPacks
2010-01-01 15:55 . 2010-01-01 15:58 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Uniblue
2010-01-01 15:55 . 2010-01-01 15:58 -------- d-----w- h:\documents and settings\All Users\Application Data\DriverScanner
2010-01-01 14:50 . 2008-07-30 05:20 68616 ----a-w- h:\windows\system32\XAPOFX1_1.dll
2010-01-01 14:50 . 2008-07-30 05:20 509448 ----a-w- h:\windows\system32\XAudio2_2.dll
2010-01-01 14:50 . 2008-07-30 05:20 238088 ----a-w- h:\windows\system32\xactengine3_2.dll
2010-01-01 14:50 . 2008-07-10 10:01 467984 ----a-w- h:\windows\system32\d3dx10_39.dll
2010-01-01 14:50 . 2008-07-10 10:00 1493528 ----a-w- h:\windows\system32\D3DCompiler_39.dll
2010-01-01 14:50 . 2008-07-10 10:00 3851784 ----a-w- h:\windows\system32\D3DX9_39.dll
2010-01-01 14:43 . 2010-01-01 14:43 -------- d-----w- h:\windows\system32\AGEIA
2010-01-01 14:43 . 2010-01-01 14:43 -------- d-----w- h:\program files\AGEIA Technologies
2009-12-31 16:57 . 2009-12-31 16:58 -------- d-----w- h:\program files\Vypínač na dobrou noc
2009-12-31 01:24 . 2009-12-31 01:24 -------- d-----w- h:\program files\ICQ6Toolbar
2009-12-31 01:24 . 2009-12-31 01:24 -------- d-----w- h:\documents and settings\All Users\Application Data\ICQ
2009-12-31 00:45 . 2009-12-31 01:26 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\ICQ
2009-12-31 00:45 . 2010-01-02 21:26 -------- d-----w- h:\program files\ICQ6.5
2009-12-29 19:30 . 2008-04-14 09:45 33792 ----a-w- h:\documents and settings\All Users\Application Data\EPSON\EPSON SX100 Series\Language\041b.E_H9E0D7.DLL
2009-12-29 15:23 . 2009-12-29 15:30 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Adobe
2009-12-29 15:18 . 2009-12-29 15:18 -------- d-----w- h:\documents and settings\All Users\Application Data\Adobe Systems
2009-12-29 15:18 . 2009-12-29 15:18 -------- d-----w- h:\program files\Common Files\Adobe Systems Shared
2009-12-29 15:18 . 2009-12-29 15:19 -------- d-----w- h:\program files\Common Files\Adobe
2009-12-28 18:24 . 2009-12-28 18:24 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\EPSON
2009-12-26 19:01 . 2003-06-18 23:31 18944 ----a-w- h:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-12-26 19:01 . 2003-06-18 23:31 17920 ----a-w- h:\windows\system32\mdimon.dll
2009-12-26 19:00 . 2009-12-26 19:00 -------- d-----w- h:\windows\SHELLNEW
2009-12-26 19:00 . 2009-12-26 19:00 -------- d-----w- h:\program files\Microsoft.NET
2009-12-26 18:50 . 2009-12-26 18:50 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\GHISLER
2009-12-25 22:38 . 2009-12-25 22:38 -------- d--h--r- h:\documents and settings\Patrik Hanko\Application Data\SecuROM
2009-12-25 20:31 . 2010-01-02 21:20 1205256 ----a-w- h:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-25 19:44 . 2008-04-14 09:43 39424 ----a-w- h:\documents and settings\All Users\Application Data\EPSON\EPSON SX100 Series\Language\041b.E_DIX0RE.DLL
2009-12-25 19:38 . 2009-12-25 19:38 -------- d-----w- h:\documents and settings\All Users\Application Data\UDL
2009-12-25 19:38 . 2009-12-25 19:38 -------- d-----w- h:\program files\Epson Software
2009-12-25 19:38 . 2009-12-25 19:38 -------- d-----w- h:\program files\ABBYY FineReader 6.0 Sprint
2009-12-25 19:29 . 2009-09-04 16:29 453456 ----a-w- h:\windows\system32\d3dx10_42.dll
2009-12-25 19:29 . 2009-09-04 16:29 1892184 ----a-w- h:\windows\system32\D3DX9_42.dll
2009-12-25 19:28 . 2010-01-01 23:10 -------- dc----w- h:\windows\system32\DRVSTORE
2009-12-25 19:28 . 2009-12-25 19:34 -------- d-----w- h:\documents and settings\All Users\Application Data\EPSON
2009-12-25 19:28 . 2007-07-12 23:00 71680 ----a-w- h:\windows\system32\escwiad.dll
2009-12-25 19:28 . 2009-12-25 19:37 -------- d-----w- h:\program files\epson
2009-12-25 19:01 . 2008-03-05 14:56 1420824 ----a-w- h:\windows\system32\D3DCompiler_37.dll
2009-12-25 19:01 . 2008-02-05 22:07 462864 ----a-w- h:\windows\system32\d3dx10_37.dll
2009-12-25 19:01 . 2008-03-05 14:56 3786760 ----a-w- h:\windows\system32\D3DX9_37.dll
2009-12-25 19:01 . 2007-04-04 17:53 81768 ----a-w- h:\windows\system32\xinput1_3.dll
2009-12-25 19:01 . 2009-12-25 19:29 -------- d-----w- h:\program files\Microsoft Games for Windows - LIVE
2009-12-25 19:01 . 2009-12-25 19:01 -------- d-----w- h:\windows\system32\xlive
2009-12-25 18:40 . 2009-12-30 15:45 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Rockstar Games
2009-12-25 18:24 . 2009-12-25 18:24 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Publish Providers
2009-12-25 18:24 . 2009-12-25 18:24 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Sony
2009-12-25 17:20 . 2002-12-17 15:23 33340 ------w- h:\windows\system32\dbmsqlgc.dll
2009-12-25 17:20 . 2002-10-20 13:05 24576 ------w- h:\windows\system32\dbmsgnet.dll
2009-12-25 17:20 . 1998-10-29 14:45 306688 ----a-w- h:\windows\IsUninst.exe
2009-12-25 17:19 . 2009-12-25 17:19 -------- d-----w- h:\program files\Microsoft SQL Server
2009-12-25 17:19 . 2009-12-25 18:24 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Sony
2009-12-25 17:19 . 2009-12-25 17:19 -------- d-----w- h:\program files\Vstplugins
2009-12-25 17:19 . 2009-12-25 17:19 -------- d-----w- h:\documents and settings\All Users\Application Data\Sony
2009-12-25 17:19 . 2009-12-25 17:19 -------- d-----w- h:\program files\Sony
2009-12-25 17:18 . 2009-12-25 17:22 -------- d-----w- h:\windows\SxsCaPendDel
2009-12-25 17:16 . 2009-12-25 17:16 -------- d-----w- h:\program files\Sony Setup
2009-12-25 15:48 . 2009-12-25 15:48 -------- d-----w- h:\program files\DAEMON Tools Toolbar
2009-12-25 15:48 . 2009-12-25 15:48 691696 ----a-w- h:\windows\system32\drivers\sptd.sys
2009-12-25 15:48 . 2009-12-25 15:54 -------- d-----w- h:\program files\DAEMON Tools Lite
2009-12-25 15:48 . 2009-12-25 18:36 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\DAEMON Tools Lite
2009-12-25 15:47 . 2009-12-25 15:48 -------- d-----w- h:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-12-25 14:34 . 2009-12-25 14:34 -------- d-----w- h:\program files\MSXML 6.0
2009-12-25 14:25 . 2010-01-01 22:48 -------- d-----w- h:\windows\ServicePackFiles
2009-12-25 14:24 . 2009-12-25 14:24 -------- d-----w- h:\program files\MSXML 4.0
2009-12-25 14:18 . 2008-06-13 11:05 272128 -c----w- h:\windows\system32\dllcache\bthport.sys
2009-12-25 14:18 . 2008-06-13 11:05 272128 ------w- h:\windows\system32\drivers\bthport.sys
2009-12-25 14:15 . 2009-07-10 13:27 1315328 -c----w- h:\windows\system32\dllcache\msoe.dll
2009-12-25 14:15 . 2008-04-11 19:04 691712 -c----w- h:\windows\system32\dllcache\inetcomm.dll
2009-12-25 14:14 . 2008-10-15 16:34 337408 -c----w- h:\windows\system32\dllcache\netapi32.dll
2009-12-25 14:13 . 2008-05-03 11:55 2560 ------w- h:\windows\system32\xpsp4res.dll
2009-12-25 14:13 . 2008-04-21 12:08 215552 -c----w- h:\windows\system32\dllcache\wordpad.exe
2009-12-25 10:48 . 2009-12-25 10:48 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Logitech
2009-12-25 10:46 . 2009-12-25 10:46 -------- d-----w- h:\program files\Common Files\Logitech
2009-12-25 10:46 . 2009-12-25 10:46 -------- d-----w- h:\program files\Logitech
2009-12-25 10:21 . 2009-12-25 10:21 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Identities
2009-12-25 10:21 . 2009-12-31 14:20 -------- d-----w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\Ahead
2009-12-25 10:16 . 2009-12-25 21:18 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Ahead
2009-12-25 10:15 . 2009-12-25 10:15 -------- d-----w- h:\documents and settings\All Users\Application Data\Ahead
2009-12-25 10:15 . 2009-12-25 10:15 -------- d-----w- h:\program files\Common Files\Ahead
2009-12-25 10:15 . 2009-12-25 10:15 -------- d-----w- h:\program files\Nero
2009-12-25 10:15 . 2009-12-25 10:15 -------- d-----w- h:\documents and settings\All Users\Application Data\Nero
2009-12-25 10:10 . 2009-12-25 10:10 -------- d-----w- H:\totalcmd
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\UC.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\RAR.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\PKZIP.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\PKUNZIP.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\NOCLOSE.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\LHA.PIF
2009-12-25 10:10 . 2007-09-14 06:02 545 ----a-w- h:\windows\ARJ.PIF
2009-12-25 00:45 . 2006-12-31 06:57 4569 -c--a-w- h:\windows\system32\dllcache\secupd.dat
2009-12-25 00:45 . 2006-12-31 06:57 4569 ------w- h:\windows\system32\secupd.dat
2009-12-25 00:35 . 2009-12-25 00:35 -------- d-sh--w- h:\documents and settings\Patrik Hanko\IECompatCache
2009-12-25 00:35 . 2009-12-25 00:35 -------- d-sh--w- h:\documents and settings\Patrik Hanko\PrivacIE
2009-12-25 00:32 . 2009-12-25 00:32 -------- d-sh--w- h:\documents and settings\Patrik Hanko\IETldCache
2009-12-25 00:30 . 2009-12-25 14:25 -------- d-----w- h:\windows\ie8updates
2009-12-25 00:29 . 2009-12-25 00:30 -------- dc-h--w- h:\windows\ie8
2009-12-25 00:29 . 2009-12-25 00:30 -------- d-----w- h:\windows\system32\sk-SK
2009-12-25 00:27 . 2009-10-29 07:45 594432 -c----w- h:\windows\system32\dllcache\msfeeds.dll
2009-12-25 00:27 . 2009-10-29 07:45 55296 -c----w- h:\windows\system32\dllcache\msfeedsbs.dll
2009-12-25 00:27 . 2009-10-29 07:45 12800 -c----w- h:\windows\system32\dllcache\xpshims.dll
2009-12-25 00:27 . 2009-10-29 07:45 246272 -c----w- h:\windows\system32\dllcache\ieproxy.dll
2009-12-25 00:27 . 2009-10-29 07:45 1985536 -c----w- h:\windows\system32\dllcache\iertutil.dll
2009-12-25 00:27 . 2009-10-29 07:45 11069952 -c----w- h:\windows\system32\dllcache\ieframe.dll
2009-12-25 00:18 . 2009-08-06 18:24 44768 ----a-w- h:\windows\system32\wups2.dll
2009-12-25 00:14 . 2009-12-25 14:28 -------- d--h--w- h:\windows\$hf_mig$
2009-12-24 23:59 . 2009-12-24 23:59 -------- d-sh--w- h:\documents and settings\Patrik Hanko\UserData
2009-12-24 23:08 . 2009-12-25 19:03 107888 ----a-w- h:\windows\system32\CmdLineExt.dll
2009-12-24 21:13 . 2010-01-02 19:42 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Hamachi
2009-12-24 21:12 . 2009-12-24 21:13 -------- d-----w- h:\program files\Hamachi
2009-12-24 21:12 . 2009-12-24 21:12 25280 ----a-w- h:\windows\system32\drivers\hamachi.sys
2009-12-24 20:44 . 2009-12-24 20:43 737280 ----a-w- h:\windows\iun6002.exe
2009-12-24 20:31 . 2009-12-24 20:31 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\TeamViewer
2009-12-24 20:31 . 2009-12-24 20:31 -------- d-----w- h:\program files\TeamViewer3
2009-12-24 20:30 . 2009-12-24 20:30 -------- d-----w- h:\documents and settings\Patrik Hanko\temp
2009-12-24 20:23 . 2009-12-24 20:23 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\Media Player Classic
2009-12-24 20:01 . 2010-01-02 21:19 -------- d---a-w- h:\documents and settings\All Users\Application Data\TEMP
2009-12-24 19:30 . 2008-10-27 08:28 878976 ----a-r- h:\windows\system32\drivers\viahduaa.sys
2009-12-24 19:30 . 2008-02-14 06:12 1389056 ----a-r- h:\windows\system32\drivers\monfilt.sys
2009-12-24 19:30 . 2008-04-14 04:41 4096 ----a-w- h:\windows\system32\ksuser.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 20:35 . 2010-01-02 20:19 -------- d-----w- h:\program files\trend micro
2010-01-02 13:51 . 2010-01-02 13:51 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\ESET
2010-01-02 13:50 . 2010-01-02 13:50 -------- d-----w- h:\program files\ESET
2010-01-02 13:50 . 2010-01-02 13:50 -------- d-----w- h:\documents and settings\All Users\Application Data\ESET
2010-01-02 13:46 . 2010-01-02 13:46 664 ----a-w- h:\windows\system32\d3d9caps.dat
2010-01-02 13:28 . 2009-12-22 12:11 -------- d-----w- h:\program files\ATI
2010-01-02 13:17 . 2009-12-22 11:56 -------- d-----w- h:\program files\ATI Technologies
2010-01-02 13:16 . 2010-01-02 13:16 10134 ----a-r- h:\documents and settings\Patrik Hanko\Application Data\Microsoft\Installer\{A778A787-08A4-4089-CB68-02A9737DE532}\ARPPRODUCTICON.exe
2010-01-02 13:14 . 2010-01-02 13:14 -------- d-----w- h:\program files\CCleaner
2010-01-01 23:22 . 2009-12-22 11:53 43920 ----a-w- h:\documents and settings\Patrik Hanko\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 22:53 . 2009-12-22 11:42 5938 ----a-w- h:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
2010-01-01 22:53 . 2009-12-22 11:42 166455 ----a-w- h:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-01 14:51 . 2010-01-01 14:51 -------- d-----w- h:\program files\Electronic Arts
2009-12-31 01:24 . 2009-12-22 11:56 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-12-25 19:34 . 2009-12-25 19:34 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\InstallShield
2009-12-25 14:35 . 2009-12-25 14:35 -------- d-----w- h:\program files\MSBuild
2009-12-25 14:35 . 2009-12-25 14:35 -------- d-----w- h:\program files\Reference Assemblies
2009-12-25 00:38 . 2009-12-22 12:40 -------- d-----w- h:\program files\NortonInstaller
2009-12-24 19:29 . 2009-12-22 11:56 -------- d-----w- h:\program files\Common Files\InstallShield
2009-12-22 12:40 . 2009-12-22 12:40 -------- d-----w- h:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-22 12:40 . 2009-12-22 12:40 -------- d-----w- h:\documents and settings\All Users\Application Data\Symantec
2009-12-22 12:23 . 2009-12-22 12:23 -------- d-----w- h:\program files\Alwil Software
2009-12-22 12:19 . 2009-12-22 12:19 0 ----a-w- h:\windows\nsreg.dat
2009-12-22 12:11 . 2009-12-22 12:11 -------- d-----w- h:\program files\Realtek
2009-12-22 12:03 . 2009-12-22 12:03 -------- d-----w- h:\documents and settings\Patrik Hanko\Application Data\ATI
2009-12-22 12:03 . 2009-12-22 12:03 -------- d-----w- h:\documents and settings\All Users\Application Data\ATI
2009-12-22 12:02 . 2009-12-22 12:02 0 ----a-w- h:\windows\ativpsrm.bin
2009-12-22 11:59 . 2009-12-22 11:59 -------- d-----w- h:\program files\Common Files\ATI Technologies
2009-12-22 11:49 . 2009-12-22 11:42 8972 ----a-w- h:\windows\pchealth\helpctr\Config\Cntstore.bin
2009-12-22 11:42 . 2009-12-22 11:42 -------- d-----w- h:\program files\microsoft frontpage
2009-12-22 11:39 . 2009-12-22 11:39 21640 ----a-w- h:\windows\system32\emptyregdb.dat
2009-11-30 17:02 . 2009-11-30 17:02 171144 ----a-w- h:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02 72840 ----a-w- h:\windows\system32\xliveinstallhost.exe
2009-11-25 03:50 . 2009-07-15 04:20 4463104 ----a-w- h:\windows\system32\drivers\ati2mtag.sys
2009-11-25 03:27 . 2009-12-22 11:57 446464 ----a-w- h:\windows\system32\ATIDEMGX.dll
2009-11-25 03:26 . 2009-07-15 02:27 300032 ----a-w- h:\windows\system32\ati2dvag.dll
2009-11-25 03:11 . 2009-07-15 02:10 208896 ----a-w- h:\windows\system32\atipdlxx.dll
2009-11-25 03:11 . 2009-07-15 02:10 155648 ----a-w- h:\windows\system32\Oemdspif.dll
2009-11-25 03:10 . 2009-07-15 02:10 26112 ----a-w- h:\windows\system32\Ati2mdxx.exe
2009-11-25 03:10 . 2009-07-15 02:10 43520 ----a-w- h:\windows\system32\ati2edxx.dll
2009-11-25 03:10 . 2009-07-15 02:09 155648 ----a-w- h:\windows\system32\ati2evxx.dll
2009-11-25 03:09 . 2009-07-15 02:08 602112 ----a-w- h:\windows\system32\ati2evxx.exe
2009-11-25 03:07 . 2009-07-15 02:06 53248 ----a-w- h:\windows\system32\ATIDDC.DLL
2009-11-25 02:59 . 2009-12-22 11:57 311296 ----a-w- h:\windows\system32\atiiiexx.dll
2009-11-25 02:59 . 2009-07-15 01:58 3538496 ----a-w- h:\windows\system32\ati3duag.dll
2009-11-25 02:44 . 2009-07-15 01:48 13533184 ----a-w- h:\windows\system32\atioglxx.dll
2009-11-25 02:43 . 2009-07-15 01:44 2142848 ----a-w- h:\windows\system32\ativvaxx.dll
2009-11-25 02:42 . 2009-12-22 11:57 887724 ----a-w- h:\windows\system32\ativva6x.dat
2009-11-25 02:42 . 2009-12-22 11:57 3 ----a-w- h:\windows\system32\ativva5x.dat
2009-11-25 02:26 . 2009-07-15 01:27 65024 ----a-w- h:\windows\system32\atimpc32.dll
2009-11-25 02:26 . 2009-07-15 01:27 65024 ----a-w- h:\windows\system32\amdpcom32.dll
2009-11-25 02:21 . 2009-07-15 01:23 565248 ----a-w- h:\windows\system32\atikvmag.dll
2009-11-25 02:20 . 2009-07-15 01:22 45056 ----a-w- h:\windows\system32\aticalrt.dll
2009-11-25 02:20 . 2009-07-15 01:22 45056 ----a-w- h:\windows\system32\aticalcl.dll
2009-11-25 02:19 . 2009-07-15 01:21 176128 ----a-w- h:\windows\system32\atiadlxx.dll
2009-11-25 02:18 . 2009-07-15 01:20 17408 ----a-w- h:\windows\system32\atitvo32.dll
2009-11-25 02:18 . 2009-07-15 01:20 3612672 ----a-w- h:\windows\system32\aticaldd.dll
2009-11-25 02:18 . 2009-07-15 01:19 53248 ----a-w- h:\windows\system32\drivers\ati2erec.dll
2009-11-25 02:17 . 2009-07-15 01:18 397312 ----a-w- h:\windows\system32\atiok3x2.dll
2009-11-25 02:12 . 2009-07-15 01:14 638976 ----a-w- h:\windows\system32\ati2cqag.dll
2009-11-24 15:39 . 2009-11-24 15:39 1093064 ----a-w- h:\documents and settings\Patrik Hanko\Application Data\Mozilla\Firefox\Profiles\na2maqgz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2009-11-06 09:59 . 2009-11-06 09:59 15406728 ----a-w- h:\windows\system32\xlive.dll
2009-11-06 09:59 . 2009-11-06 09:59 13642888 ----a-w- h:\windows\system32\xlivefnt.dll
2009-10-29 07:45 . 2004-08-04 00:56 916480 ----a-w- h:\windows\system32\wininet.dll
2009-10-22 15:59 . 2009-12-22 11:57 196565 ----a-w- h:\windows\system32\atiicdxx.dat
2009-10-13 10:30 . 2004-08-04 00:56 270336 ----a-w- h:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 00:56 149504 ----a-w- h:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 00:56 79872 ----a-w- h:\windows\system32\raschap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="h:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"RGSC"="i:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-12-25 306088]
"msnmsgr"="h:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-14 98304]
"HDAudDeck"="h:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-11-21 33533952]
"Start WingMan Profiler"="h:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"egui"="h:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
h:\documents and settings\Patrik Hanko\Start Menu\Programs\Startup\
hamachi.lnk - h:\program files\Hamachi\hamachi.exe [2009-12-24 625952]
[HKLM\~\startupfolder\H:^Documents and Settings^Patrik Hanko^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=h:\documents and settings\Patrik Hanko\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=h:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- h:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2009-11-16 15:36 172792 ----a-w- h:\program files\ICQ6.5\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- h:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- h:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSS]
2009-12-22 12:40 634760 ----a-w- h:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.0.52\InstStub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
2009-12-25 18:40 306088 ----a-w- i:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\QIP\\qip.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\WINDOWS\\system32\\dpvsetup.exe"=
"i:\\Program Files\\rFactor\\rFactor.exe"=
"i:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"i:\\Program Files\\rFactor ROC\\rFactor.exe"=
"i:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"h:\\totalcmd\\TOTALCMD.EXE"=
"i:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 ehdrv;ehdrv;h:\windows\system32\drivers\ehdrv.sys [6.2.2009 14:23 106208]
R2 ekrn;ESET Service;h:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 14:23 727720]
R2 ICQ Service;ICQ Service;h:\program files\ICQ6Toolbar\ICQ Service.exe [31.12.2009 2:24 222968]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;h:\windows\system32\drivers\viahduaa.sys [24.12.2009 20:30 878976]
S0 sptd;sptd;h:\windows\system32\drivers\sptd.sys [25.12.2009 16:48 691696]
S3 FXDrv32;FXDrv32;\??\g:\fxdrv32.sys --> g:\FXDrv32.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-12-25 h:\windows\Tasks\NSSstub.job
- h:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-12-22 12:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovať do programu Microsoft Excel - h:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - h:\documents and settings\Patrik Hanko\Application Data\Mozilla\Firefox\Profiles\na2maqgz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: h:\documents and settings\Patrik Hanko\Application Data\Mozilla\Firefox\Profiles\na2maqgz.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
---- FIREFOX POLICIES ----
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 22:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = h:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1292428093-1454471165-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:18,1e,5e,ee,55,9c,67,f0,ce,7a,22,ad,02,57,2a,62,10,d7,0a,61,58,
e5,d7,f9,12,5d,34,3e,7c,34,92,12,a0,a4,e0,80,ac,1b,32,39,66,a9,6b,b3,29,05,\
"rkeysecu"=hex:f4,6c,cb,0a,2b,5c,7b,bb,10,ff,d9,07,37,ac,b5,0f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1136)
h:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-02 22:27:14
ComboFix-quarantined-files.txt 2010-01-02 21:27
Pre-Run: 165 314 465 792 bytes free
Post-Run: 9 adresárov, 165 318 332 416 voľných bajtov
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 284E953A1FCD78D61836F8932D30EDE4
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Sekanie hier + RSIT log
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Collect::
H:\WINDOWS\001517_.tmp
H:\WINDOWS\SET8.tmp
H:\WINDOWS\SET4.tmp
H:\WINDOWS\SET3.tmp
H:\WINDOWS\000001_.tmp
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?