Máte problém s virem? Vložte sem log z FRST nebo RSIT.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST
[návod zde] nebo RSIT
[návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte
Pravidlo o zamykání témat . Děkujeme za pochopení.
!NOVINKA!www.neslape.cz
MrDjrmx
Návštěvník
Příspěvky: 13 Registrován: 02 úno 2010 21:17
#1
Příspěvek
od MrDjrmx 02 úno 2010 21:36
Dobry den
Potreboval bi som pomoct s pocitacom cca pred tyzdnom mi zacal blbnut internet teras uz z tazka nacita stranku Vsetko ide v poriadku Len internet je spomaleny.
Ked som telefonoval operatorovi z chello zistovali problemi nic nenasli a povedali ze u nich problem nieje.
Co sem mam postnut aby ste mi vedeli povedat v com je chyba.
Dakujem.
HiJackThis
Kód: Vybrat vše
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:43, on 2.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\program files\relevantknowledge\rlvknlg.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Symantec Shared\NPC\npcLUStb.exe
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Mr.Djrmx\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.battlefieldheroes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\System32\winsys2.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [swg] "C:\WINDOWS\system32\regsvr32.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Správca pre program Google Desktop 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8081 bytes
DDS
Kód: Vybrat vše
DSS
DDS (Ver_09-12-01.01) - NTFSx86
Run by Mr.Djrmx at 21:34:42,46 on ut 02.02.2010
Internet Explorer: 6.0.2900.5512
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.3327.2431 [GMT 1:00]
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\program files\relevantknowledge\rlvknlg.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\Mr.Djrmx\Desktop\dds.pif
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.battlefieldheroes.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\windows\system32\regsvr32.exe"
uRun: [Google Update] "c:\documents and settings\mr.djrmx\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [CLJ] 0 (0x0)
mRun: [RelevantKnowledge] c:\program files\relevantknowledge\rlvknlg.exe -boot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [Power2GoExpress] "c:\program files\cyberlink\power2go\Power2GoExpress.exe" /Startup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download Using &BitSpirit - c:\program files\bitspirit\bsurl.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-6 149864]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-6 149864]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-6 149864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-2 109616]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080122.037\NAVENG.SYS [2010-2-2 82256]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080122.037\NAVEX15.SYS [2010-2-2 895312]
R3 PSched;QoS Packet Scheduler;c:\windows\system32\drivers\psched.sys [2003-3-31 69120]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2010-2-2 1245064]
S3 GoogleDesktopManager-110309-193829;Správca pre program Google Desktop 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-20 30192]
=============== Created Last 30 ================
2010-02-02 20:33:20 0 d--h--w- c:\windows\PIF
2010-02-02 12:46:59 0 d-----w- c:\docume~1\mr0f77~1.djr\applic~1\Symantec
2010-02-02 12:45:32 0 d-----w- c:\program files\Norton Internet Security
2010-02-02 12:45:00 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-02 12:45:00 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-02 12:45:00 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-02 12:45:00 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-02 12:44:55 0 d-----w- c:\program files\Symantec
2010-02-02 12:44:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-02-02 12:44:37 0 d-----w- c:\program files\common files\Symantec Shared
2010-02-01 23:15:15 1699840 ----a-w- c:\documents and settings\mr.djrmx\NTUSER.DAT.rctemp
2010-02-01 23:06:54 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-02-01 23:01:58 0 d-----w- c:\program files\Yamicsoft
2010-02-01 22:59:27 0 d-----w- c:\program files\CCleaner
2010-02-01 22:59:05 0 d-----w- c:\program files\K-Lite Codec Pack
2010-01-31 10:28:25 424960 ----a-w- c:\windows\system32\wmavds32.ax
2010-01-31 10:28:25 245760 ----a-w- c:\windows\system32\mp4sds32.ax
2010-01-31 10:28:25 1415680 ----a-w- c:\windows\system32\wmv9vcm.dll
2010-01-31 00:09:34 509488 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-31 00:09:34 353840 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-31 00:09:34 1066544 ----a-w- c:\windows\system32\mfc71.dll
2010-01-31 00:08:10 0 d-----w- C:\DECCHECK
2010-01-31 00:05:38 0 d-----w- c:\program files\Windows Media Connect 2
2010-01-31 00:00:46 0 d-----w- c:\program files\RelevantKnowledge
2010-01-30 23:59:39 0 d-----w- c:\program files\GustoSoft
2010-01-29 16:16:32 0 d-----w- C:\Downloads
2010-01-28 23:50:38 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-01-28 23:49:25 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-01-28 21:51:23 0 d-----w- c:\docume~1\mr0f77~1.djr\applic~1\BitSpirit
2010-01-28 21:51:14 0 d-----w- c:\program files\BitSpirit
2010-01-28 06:09:59 0 d-----w- c:\docume~1\alluse~1\applic~1\EA Core
2010-01-28 06:09:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Electronic Arts
2010-01-26 15:45:39 0 d-----w- c:\program files\DivX
2010-01-26 15:45:39 0 d-----w- c:\program files\common files\DivX Shared
2010-01-24 12:14:01 0 d-----w- c:\docume~1\mr0f77~1.djr\applic~1\Canneverbe_Limited
2010-01-24 02:22:07 0 d-----w- c:\program files\ReflexiveArcade
2010-01-24 02:10:23 0 d-----w- c:\docume~1\mr0f77~1.djr\applic~1\TeamViewer
2010-01-23 00:06:57 0 d-----w- c:\docume~1\mr0f77~1.djr\applic~1\TortoiseSVN
2010-01-23 00:04:46 0 d-----w- c:\docume~1\mr0f77~1.djr\applic~1\Subversion
2010-01-23 00:03:47 0 d-----w- c:\program files\TortoiseSVN
2010-01-23 00:03:47 0 d-----w- c:\program files\common files\TortoiseOverlays
2010-01-22 22:06:07 138056 ----a-w- c:\docume~1\mr0f77~1.djr\applic~1\PnkBstrK.sys
2010-01-22 22:05:44 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-01-22 20:15:31 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-01-22 20:07:31 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-22 20:05:57 0 d-----r- c:\program files\Skype
2010-01-22 15:10:41 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-01-22 07:02:04 0 d-----w- c:\windows\system32\XPSViewer
2010-01-22 07:01:44 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-22 07:01:44 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-22 07:01:44 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-22 07:01:44 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-22 07:01:44 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-22 07:01:44 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-22 07:01:44 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-21 22:07:41 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-01-21 22:07:40 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-01-21 22:07:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-01-21 22:07:40 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-01-21 22:07:40 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-01-21 22:07:38 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-21 22:07:28 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-21 22:07:28 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-21 22:07:28 0 d-----w- c:\program files\OpenAL
2010-01-21 12:49:56 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-21 12:48:39 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-21 12:46:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-21 10:30:21 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-21 10:30:14 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-21 10:30:14 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-21 10:30:13 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-21 10:30:08 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-21 10:30:04 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-21 10:30:00 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-21 10:28:53 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2010-01-21 10:28:53 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2010-01-21 10:28:19 0 d-----w- c:\windows\system32\PreInstall
2010-01-21 10:28:17 0 d--h--w- c:\windows\$hf_mig$
2010-01-20 23:37:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Solidshield
2010-01-20 22:27:57 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-20 22:27:57 0 d-----w- c:\windows\system32\LogFiles
2010-01-20 22:03:59 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-01-20 21:57:12 991744 -c----w- c:\windows\system32\dllcache\drmv2clt.dll
2010-01-20 21:56:12 0 d-----w- c:\windows\network diagnostic
2010-01-20 21:56:11 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-01-20 21:51:02 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-01-20 21:48:40 316640 ----a-w- c:\windows\WMSysPr9.prx
2010-01-20 21:48:30 0 d-----w- c:\windows\system32\wbem\AutoRecover
2010-01-20 21:44:49 0 d-----w- c:\windows\ServicePackFiles
2010-01-20 21:44:24 2897920 ------w- c:\windows\system32\xpsp2res.dll
2010-01-20 21:43:37 0 d-----w- c:\windows\EHome
2010-01-20 21:37:30 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{27B0A538-DF16-44D6-820D-D0B042C42C20}
2010-01-20 21:37:29 0 d-----w- c:\program files\UPC Fiber Power Optimizer
2010-01-20 20:58:16 13646 ----a-w- c:\windows\system32\wpa.bak
2010-01-20 20:17:59 83456 ----a-w- c:\windows\system32\dpvsetup.exe
2010-01-20 19:53:23 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2010-01-20 19:46:09 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-20 19:43:39 0 d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2010-01-20 19:43:33 0 d-----w- c:\program files\NVIDIA Corporation
2010-01-20 19:42:26 0 d-----w- c:\program files\common files\ODBC
2010-01-20 19:42:25 0 d-----w- c:\program files\common files\SpeechEngines
2010-01-20 19:42:11 0 d-----r- c:\documents and settings\all users\Documents
2010-01-20 19:33:38 0 d-----w- c:\program files\SystemRequirementsLab
2010-01-20 19:10:19 0 d-----w- c:\program files\ASUS
2010-01-20 19:09:16 0 d-----w- c:\program files\Realtek
2010-01-20 18:54:32 0 d-sh--w- c:\documents and settings\all users\DRM
2010-01-20 18:53:44 0 d-----w- c:\program files\common files\MSSoap
2010-01-20 18:53:17 0 d-----w- c:\program files\Online Services
2010-01-20 18:53:14 0 d-----w- c:\program files\Messenger
2010-01-20 18:53:11 0 d-----w- c:\program files\MSN Gaming Zone
2010-01-20 18:52:47 0 d-----w- c:\program files\Windows NT
==================== Find3M ====================
2010-01-20 19:09:12 315392 ----a-w- c:\windows\HideWin.exe
2010-01-20 18:53:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-05 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-12-22 05:21:05 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20:58 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-12 14:15:30 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-14 00:49:00 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:49:00 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49:00 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2006-06-24 22:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe
============= FINISH: 21:34:48,93 ===============
Kód: Vybrat vše
Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Systém Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 20.1.2010 19:55:41
System Uptime: 2.2.2010 19:05:26 (2 hours ago)
Motherboard: ASUSTeK Computer INC. | | P5Q SE
Processor: procesor Intel Pentium III Xeon | LGA775 | 2830/333mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 80,224 GiB free.
D: is FIXED (NTFS) - 834 GiB total, 678,308 GiB free.
E: is FIXED (NTFS) - 932 GiB total, 517,972 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
J: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB camera
Device ID: USB\VID_0C45&PID_612A\5&31CFFC1F&0&1
Manufacturer:
Name: USB camera
PNP Device ID: USB\VID_0C45&PID_612A\5&31CFFC1F&0&1
Service:
==== System Restore Points ===================
RP1: 20.1.2010 19:58:02 - System Checkpoint
RP2: 20.1.2010 20:08:48 - Installed Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gi
RP3: 20.1.2010 20:09:15 - Nainštalované Realtek High Definition Audio Driver
RP4: 20.1.2010 20:09:28 - Installed Windows XP KB888111WXP.
RP5: 20.1.2010 20:10:19 - Installed EPU-4 Engine
RP6: 20.1.2010 20:45:09 - Installed Windows Installer KB893803v2.
RP7: 20.1.2010 20:52:36 - Installed Driver Detective.
RP8: 20.1.2010 20:54:28 - Removed Driver Detective.
RP9: 20.1.2010 21:17:59 - Installed DirectX
RP10: 20.1.2010 22:44:08 - Installed Windows XP Service Pack 2.
RP11: 20.1.2010 22:55:48 - Installed Windows XP Service Pack 3.
RP12: 21.1.2010 0:32:14 - Installed James Cameron's AVATAR(tm): THE GAME
RP13: 21.1.2010 0:34:03 - Nainštalovaný Microsoft Visual C++ 2005 Redistributable
RP14: 21.1.2010 0:34:12 - Installed DirectX
RP15: 21.1.2010 11:28:15 - Software Distribution Service 3.0
RP16: 21.1.2010 13:24:17 - Installed Battlefield 2(TM)
RP17: 21.1.2010 13:26:51 - Installed Battlefield 2(TM)
RP18: 21.1.2010 13:29:57 - Installed Battlefield 2 Patch
RP19: 21.1.2010 13:31:13 - Installed Battlefield 2: Special Forces
RP20: 21.1.2010 13:34:37 - Installed Battlefield 2 Patch v1.41
RP21: 21.1.2010 13:37:20 - Installed Battlefield 2 Patch v1.41
RP22: 21.1.2010 13:42:07 - Instalováno Battlefield 2142 Deluxe Edition
RP23: 21.1.2010 13:43:48 - Installed DirectX
RP24: 21.1.2010 13:57:23 - Software Distribution Service 3.0
RP25: 21.1.2010 23:07:35 - Installed DirectX
RP26: 21.1.2010 23:48:42 - Software Distribution Service 3.0
RP27: 22.1.2010 7:59:46 - Software Distribution Service 3.0
RP28: 23.1.2010 1:03:45 - Installed TortoiseSVN 1.6.7.18415 (32 bit)
RP29: 23.1.2010 3:00:13 - Software Distribution Service 3.0
RP30: 24.1.2010 20:48:26 - Kontrolný bod systému
RP31: 25.1.2010 21:29:54 - Kontrolný bod systému
RP32: 28.1.2010 9:51:00 - Kontrolný bod systému
RP33: 29.1.2010 0:48:56 - Odstránený Microsoft Visual C++ 2005 Redistributable
RP34: 29.1.2010 0:49:09 - Nainštalovaný Microsoft Visual C++ 2005 Redistributable
RP35: 29.1.2010 0:50:13 - Installed Battlefield Bad Company 2 - BETA
RP36: 30.1.2010 18:31:29 - Kontrolný bod systému
RP37: 31.1.2010 1:04:39 - Installed Windows Media Player 11
RP38: 31.1.2010 1:04:53 - Installed Windows XP Wudf01000.
RP39: 31.1.2010 1:05:48 - Installed Windows XP MSCompPackV1.
RP40: 31.1.2010 1:09:29 - Installed Power2Go
Rudy
Site Admin
Příspěvky: 119400 Registrován: 30 říj 2003 13:42Bydliště: Plzeň
Kontaktovat uživatele:
#2
Příspěvek
od Rudy 02 úno 2010 22:18
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum :
https://platba.viry.cz/payment/ .
Navštivte:
e-mail:
rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
MrDjrmx
Návštěvník
Příspěvky: 13 Registrován: 02 úno 2010 21:17
#3
Příspěvek
od MrDjrmx 03 úno 2010 06:54
Pridavam log s
ComboFix
Kód: Vybrat vše
ComboFix 10-02-02.02 - Mr.Djrmx 03.02.2010 6:41.1.4 - x86
Systém Microsoft Windows XP Home Edition 5.1.2600.3.1250.421.1033.18.3327.2632 [GMT 1:00]
Running from: c:\documents and settings\Mr.Djrmx\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\MSVCP71.DLL
c:\program files\RelevantKnowledge\MSVCR71.DLL
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
D:\install.exe
.
((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.
2010-02-02 20:33 . 2010-02-02 20:33 -------- d--h--w- c:\windows\PIF
2010-02-02 12:46 . 2010-02-02 12:46 -------- d-----w- c:\documents and settings\Mr.Djrmx\Application Data\Symantec
2010-02-02 12:45 . 2010-02-02 12:45 -------- d-----w- c:\program files\Windows Sidebar
2010-02-02 12:45 . 2010-02-02 12:46 -------- d-----w- c:\program files\Norton Internet Security
2010-02-02 12:45 . 2010-02-02 12:46 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-02-02 12:45 . 2010-02-02 12:46 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-02 12:44 . 2010-02-02 13:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-02 12:44 . 2010-02-02 12:46 -------- d-----w- c:\program files\Symantec
2010-02-02 12:44 . 2010-02-03 05:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-01 23:06 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-02-01 23:01 . 2010-02-01 23:01 -------- d-----w- c:\program files\Yamicsoft
2010-02-01 22:59 . 2010-02-01 22:59 -------- d-----w- c:\program files\CCleaner
2010-02-01 22:59 . 2009-12-12 14:15 178176 ----a-w- c:\windows\system32\unrar.dll
2010-02-01 22:59 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-01 22:59 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-01 22:59 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-01 22:59 . 2010-01-05 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-01 22:59 . 2010-02-01 22:59 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-31 11:57 . 2010-01-31 11:57 -------- d-----w- c:\documents and settings\Mr.Djrmx\Application Data\DivX
2010-01-31 10:28 . 2003-06-23 00:44 1415680 ----a-w- c:\windows\system32\wmv9vcm.dll
2010-01-31 00:10 . 2010-01-31 10:25 -------- d-----w- c:\documents and settings\Mr.Djrmx\Application Data\CyberLink
2010-01-31 00:10 . 2010-01-31 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-31 00:09 . 2010-01-31 00:09 -------- d-----w- c:\documents and settings\Mr.Djrmx\Local Settings\Application Data\Power2Go
2010-01-31 00:09 . 2010-01-31 00:09 -------- d-----w- c:\program files\Cyberlink
2010-01-31 00:09 . 2010-01-31 00:09 509488 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-31 00:09 . 2010-01-31 00:09 353840 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-31 00:09 . 2010-01-31 00:09 1066544 ----a-w- c:\windows\system32\mfc71.dll
2010-01-31 00:08 . 2010-01-31 00:08 -------- d-----w- C:\DECCHECK
2010-01-31 00:05 . 2008-04-14 04:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-31 00:05 . 2010-01-31 00:05 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-31 00:04 . 2010-01-31 00:05 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-30 23:59 . 2010-01-30 23:59 -------- d-----w- c:\program files\GustoSoft
2010-01-29 16:16 . 2010-01-29 16:16 -------- d-----w- C:\Downloads
2010-01-28 23:50 . 2010-01-28 23:50 -------- d-----w- c:\program files\Electronic Arts
2010-01-28 23:50 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-01-28 23:49 . 2010-01-28 23:49 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-01-28 21:51 . 2010-01-28 21:51 -------- d-----w- c:\documents and settings\Mr.Djrmx\Application Data\BitSpirit
2010-01-28 21:51 . 2010-01-28 21:51 -------- d-----w- c:\program files\BitSpirit
2010-01-28 06:09 . 2010-01-28 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core
2010-01-28 06:09 . 2010-01-28 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-01-28 06:09 . 2010-01-28 06:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-28 06:09 . 2010-01-28 06:09 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-26 15:45 . 2010-02-01 23:07 -------- d-----w- c:\program files\DivX
2010-01-26 15:45 . 2010-01-31 10:33 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-24 12:14 . 2010-01-24 12:14 -------- d-----w- c:\documents and settings\Mr.Djrmx\Application Data\Canneverbe_Limited
2010-01-24 12:13 . 2010-01-24 12:13 -------- d-----w- c:\program files\CDBurnerXP
2010-01-24 02:22 . 2010-01-24 02:22 -------- d-----w- c:\program files\ReflexiveArcade
2010-01-24 02:10 . 2010-01-24 02:10 -------- d-----w- c:\documents and settings\Mr.Djrmx\Application Data\TeamViewer
2010-01-23 13:00 . 2010-02-03 05:46 -------- d-----w- c:\documents and settings\Mr.Djrmx\Local Settings\Application Data\TSVNCache
2010-01-23 00:06 . 2010-01-23 00:06 -------- d-----w- c:\documents and settings\Mr.Djrmx\Application Data\TortoiseSVN
2010-01-23 00:04 . 2010-01-23 00:04 -------- d-----w- c:\documents and settings\Mr.Djrmx\Application Data\Subversion
2010-01-23 00:03 . 2010-01-23 00:03 -------- d-----w- c:\program files\TortoiseSVN
2010-01-23 00:03 . 2010-01-23 00:03 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-01-22 22:06 . 2010-01-28 23:49 138056 ----a-w- c:\documents and settings\Mr.Djrmx\Application Data\PnkBstrK.sys
2010-01-22 22:05 . 2010-01-22 22:05 2395944 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-01-22 20:07 . 2010-02-03 04:54 -------- d-----w- c:\documents and settings\Mr.Djrmx\Application Data\skypePM
2010-01-22 20:07 . 2010-01-22 20:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-22 20:06 . 2010-02-03 05:46 -------- d-----w- c:\documents and settings\Mr.Djrmx\Application Data\Skype
2010-01-22 20:05 . 2010-01-22 20:05 -------- d-----w- c:\program files\Common Files\Skype
2010-01-22 20:05 . 2010-01-22 20:05 -------- d-----r- c:\program files\Skype
2010-01-22 20:05 . 2010-01-22 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-22 07:02 . 2010-01-22 07:02 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-22 07:02 . 2010-01-22 07:02 -------- d-----w- c:\program files\MSBuild
2010-01-22 07:01 . 2010-01-22 07:01 -------- d-----w- c:\program files\Reference Assemblies
2010-01-22 07:01 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-22 07:01 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-22 07:01 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-22 07:01 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-22 07:01 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-22 07:01 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-22 07:01 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-22 07:01 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-22 07:01 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-21 22:07 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-01-21 22:07 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-01-21 22:07 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-01-21 22:07 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-01-21 22:07 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-01-21 22:07 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-21 22:07 . 2010-01-21 22:07 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-21 22:07 . 2010-01-21 22:07 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-21 22:07 . 2010-01-21 22:07 -------- d-----w- c:\program files\OpenAL
2010-01-21 12:49 . 2010-02-02 21:44 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-21 12:48 . 2010-02-02 21:44 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-21 12:46 . 2010-01-21 12:46 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-21 12:28 . 2010-01-21 12:24 380928 ----a-w- c:\documents and settings\Mr.Djrmx\Application Data\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\_setup.dll
2010-01-21 12:26 . 2004-10-22 04:16 118736 ----a-w- c:\documents and settings\Mr.Djrmx\Application Data\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe
2010-01-21 12:26 . 2010-01-21 12:26 -------- d-----w- c:\documents and settings\Mr.Djrmx\Application Data\InstallShield Installation Information
2010-01-21 10:30 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-21 10:30 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-01-21 10:30 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-01-21 10:30 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-21 10:30 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-21 10:30 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-21 10:30 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-21 10:28 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2010-01-21 10:28 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2010-01-21 10:28 . 2010-01-22 15:10 -------- d--h--w- c:\windows\$hf_mig$
2010-01-20 23:37 . 2010-01-20 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
2010-01-20 22:27 . 2010-01-31 00:04 -------- d-----w- c:\windows\system32\LogFiles
2010-01-20 22:27 . 2010-01-28 23:49 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-20 22:27 . 2010-01-28 23:52 -------- d-----w- c:\documents and settings\Mr.Djrmx\Local Settings\Application Data\PunkBuster
2010-01-20 22:03 . 2009-10-13 10:30 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2010-01-20 21:57 . 2008-04-14 04:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-01-20 21:56 . 2008-04-13 23:10 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-01-20 21:51 . 2010-02-02 13:17 -------- d-----w- c:\documents and settings\Mr.Djrmx\Local Settings\Application Data\Temp
2010-01-20 21:48 . 2010-01-22 07:02 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-01-20 21:44 . 2010-01-20 21:44 -------- d-----w- c:\windows\ServicePackFiles
2010-01-20 21:44 . 2008-04-13 22:09 2897920 ------w- c:\windows\system32\xpsp2res.dll
2010-01-20 21:43 . 2010-01-20 21:54 -------- d-----w- c:\windows\EHome
2010-01-20 21:37 . 2010-01-20 21:37 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{27B0A538-DF16-44D6-820D-D0B042C42C20}
2010-01-20 21:37 . 2009-09-17 15:50 2760720 -c--a-w- c:\documents and settings\All Users\Application Data\{27B0A538-DF16-44D6-820D-D0B042C42C20}\upc optimizer.exe
2010-01-20 21:37 . 2010-01-20 21:37 -------- d-----w- c:\program files\UPC Fiber Power Optimizer
2010-01-20 21:37 . 2010-01-20 21:37 -------- d-----w- c:\documents and settings\Mr.Djrmx\Local Settings\Application Data\PackageAware
2010-01-20 20:17 . 2008-05-30 13:01 80896 ----a-w- c:\windows\system32\dxdllreg.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 12:46 . 2010-02-02 12:45 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-02 12:46 . 2010-02-02 12:45 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-31 00:09 . 2010-01-20 19:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 19:57 . 2010-01-20 19:53 13104 ----a-w- c:\documents and settings\Mr.Djrmx\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-20 21:59 . 2010-01-20 18:54 147275 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-01-20 21:59 . 2010-01-20 18:54 5408 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2010-01-20 21:45 . 2010-01-20 18:54 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2010-01-20 19:57 . 2010-01-20 19:22 -------- d-----w- c:\program files\Google
2010-01-20 19:53 . 2010-01-20 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-01-20 19:48 . 2010-01-20 19:48 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-20 19:48 . 2010-01-20 19:43 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-20 19:46 . 2010-01-20 19:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-20 19:43 . 2010-01-20 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-01-20 19:33 . 2010-01-20 19:33 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-20 19:33 . 2010-01-20 19:33 -------- d-----w- c:\program files\SystemRequirementsLab
2010-01-20 19:32 . 2010-01-20 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-20 19:22 . 2010-01-20 19:22 1975408 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\GoogleToolbarInstaller_en32_signed.exe
2010-01-20 19:22 . 2010-01-20 19:22 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-01-20 19:10 . 2010-01-20 19:10 -------- d-----w- c:\program files\ASUS
2010-01-20 19:10 . 2010-01-20 19:09 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-20 19:09 . 2010-01-20 19:09 -------- d-----w- c:\program files\Realtek
2010-01-20 19:09 . 2010-01-20 19:09 315392 ----a-w- c:\windows\HideWin.exe
2010-01-20 19:07 . 2010-01-20 19:07 -------- d-----w- c:\program files\Intel
2010-01-20 18:55 . 2010-01-20 18:55 -------- d-----w- c:\program files\microsoft frontpage
2010-01-20 18:53 . 2010-01-20 18:53 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-22 05:21 . 2003-03-31 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2010-01-20 21:45 81920 ------w- c:\windows\system32\ieencode.dll
2009-11-21 15:51 . 2003-03-31 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:49 . 2010-01-31 10:33 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-14 00:49 . 2010-01-31 10:33 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-14 00:49 . 2010-01-31 10:33 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-14 00:49 . 2010-01-31 10:33 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:49 . 2010-01-31 10:33 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2010-01-31 10:33 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 18:12 86280 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\windows\system32\regsvr32.exe" [2008-04-14 11776]
"Google Update"="c:\documents and settings\Mr.Djrmx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-20 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLJ"="0 (0x0)" [X]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-07-09 13533184]
"WinSys2"="c:\windows\System32\winsys2.exe" [2008-07-17 208896]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-06-25 5625344]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-07-09 86016]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2007-09-27 122880]
"nwiz"="nwiz.exe" [2008-07-09 1657376]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-09-29 2680104]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 16871936]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-20 30192]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-06 51048]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2008-02-06 718704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Hry\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\Avatar.exe"=
"d:\\Hry\\Ubisoft\\James Cameron's AVATAR - THE GAME\\bin\\AvatarLauncher.exe"=
"d:\\Hry\\EA Games\\Battlefield 2\\BF2.exe"=
"d:\\Hry\\Electronic Arts\\Battlefield 2142 deluxe Edition\\BF2142.exe"=
"d:\\Programy\\Steam\\steamapps\\common\\zero gear\\Server\\iw4mp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Programy\\Steam\\steamapps\\common\\zero gear\\ZeroGear.bat"=
"d:\\Programy\\Steam\\steamapps\\mrdjrmx22\\garrysmod\\hl2.exe"=
"d:\\Hry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\BitSpirit\\BitSpirit.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2 - BETA\\BFBC2BetaUpdater.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2 - BETA\\BFBC2Game.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [6.2.2008 20:48 149864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2.2.2010 13:44 109616]
S3 GoogleDesktopManager-110309-193829;Správca pre program Google Desktop 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [20.1.2010 20:57 30192]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-789336058-839522115-1004Core.job
- c:\documents and settings\Mr.Djrmx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-20 21:51]
2010-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-789336058-839522115-1004UA.job
- c:\documents and settings\Mr.Djrmx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-20 21:51]
2010-02-02 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mr.Djrmx.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.battlefieldheroes.com/
mStart Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Download Using &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
.
- - - - ORPHANS REMOVED - - - -
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 06:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CLJ = 63
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2672)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\documents and settings\Mr.Djrmx\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-02-03 06:47:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-03 05:47
Pre-Run: 86 282 362 880 bytes free
Post-Run: 86 725 857 280 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 88B268BD881A22B7EFC5DC71E0081063
Rudy
Site Admin
Příspěvky: 119400 Registrován: 30 říj 2003 13:42Bydliště: Plzeň
Kontaktovat uživatele:
#4
Příspěvek
od Rudy 03 úno 2010 18:05
Několik infikovaných položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum :
https://platba.viry.cz/payment/ .
Navštivte:
e-mail:
rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Rudy
Site Admin
Příspěvky: 119400 Registrován: 30 říj 2003 13:42Bydliště: Plzeň
Kontaktovat uživatele:
#7
Příspěvek
od Rudy 03 úno 2010 20:51
Nejste pod FUPem?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum :
https://platba.viry.cz/payment/ .
Navštivte:
e-mail:
rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Rudy
Site Admin
Příspěvky: 119400 Registrován: 30 říj 2003 13:42Bydliště: Plzeň
Kontaktovat uživatele:
#9
Příspěvek
od Rudy 03 úno 2010 22:22
Zkuste restartovat modem, příp. jiný síť. prvek v datové cestě.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum :
https://platba.viry.cz/payment/ .
Navštivte:
e-mail:
rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Rudy
Site Admin
Příspěvky: 119400 Registrován: 30 říj 2003 13:42Bydliště: Plzeň
Kontaktovat uživatele:
#11
Příspěvek
od Rudy 04 úno 2010 20:07
Udělejte sken IceSword:
http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a KernelModule.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum :
https://platba.viry.cz/payment/ .
Navštivte:
e-mail:
rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
MrDjrmx
Návštěvník
Příspěvky: 13 Registrován: 02 úno 2010 21:17
#12
Příspěvek
od MrDjrmx 04 úno 2010 20:32
Process:
Kód: Vybrat vše
System Idle Process
System
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Cyberlink\Power2Go\Power2GoExpress.exe
C:\WINDOWS\RTHDCPL.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mr.Djrmx\Desktop\IceSword122en\IceSword.exe
C:\WINDOWS\system32\alg.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Mr.Djrmx\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Kernel Module:
Kód: Vybrat vše
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\nv4_mini.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\HDAudBus.sys
\SystemRoot\System32\DRIVERS\l1e51x86.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\ASACPI.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SymIM.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\Drivers\SYMTDI.SYS
\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\SRTSPX.SYS
\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\DRIVERS\kbdhid.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\system32\drivers\AsIO.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\DRIVERS\ndisuio.sys
\??\C:\WINDOWS\system32\drivers\CO_Mon.sys
\SystemRoot\System32\Drivers\SYMREDRV.SYS
\SystemRoot\System32\Drivers\SYMDNS.SYS
\SystemRoot\System32\Drivers\SYMNDIS.SYS
\SystemRoot\System32\Drivers\SYMFW.SYS
\SystemRoot\System32\Drivers\SYMIDS.SYS
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20071204.002\SymIDSCo.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\PnkBstrK.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
Rudy
Site Admin
Příspěvky: 119400 Registrován: 30 říj 2003 13:42Bydliště: Plzeň
Kontaktovat uživatele:
#13
Příspěvek
od Rudy 04 úno 2010 20:49
Rootkit v PC rovněž není. Poslední možnost: sken AVPTool:
http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum :
https://platba.viry.cz/payment/ .
Navštivte:
e-mail:
rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
MrDjrmx
Návštěvník
Příspěvky: 13 Registrován: 02 úno 2010 21:17
#14
Příspěvek
od MrDjrmx 04 úno 2010 21:39
Co to moze sposobovat ze mi ide tak pomaly internet ako sa da zistit ci ma nahodou nedali pod FUP
Rudy
Site Admin
Příspěvky: 119400 Registrován: 30 říj 2003 13:42Bydliště: Plzeň
Kontaktovat uživatele:
#15
Příspěvek
od Rudy 04 úno 2010 22:51
...ci ma nahodou nedali pod FUP
Na tohle jsem se vás ptal a tvrdil jste, že ne. Podle mého by vám to měl říci provider.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum :
https://platba.viry.cz/payment/ .
Navštivte:
e-mail:
rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?