Logfile of random's system information tool 1.08 (written by random/random)
Run by Leebusha at 2010-10-23 14:58:10
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (45%) free of 78 GB
Total RAM: 1279 MB (14% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:58:37, on 23.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\windows\system32\kernell.dll
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Leebusha\LOCALS~1\Temp\Jnd.exe
C:\windows\system32\rundll32.exe
C:\Documents and Settings\Leebusha\Desktop\RSIT.exe
C:\Program Files\trend micro\Leebusha.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
F2 - REG:system.ini: UserInit=C:\windows\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: IHPIEHook Class - {0eceeac0-8a08-11d4-a521-0020af300fc7} - C:\xfonyvxe\HPIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [HKLM] C:\windows\system32\windir\Svchost.exe
O4 - HKLM\..\Run: [Winservice] C:\windows\winservice.exe
O4 - HKLM\..\Run: [Windows UAC] C:\windows\csrse.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:enu
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [IJKUK66HMN] C:\DOCUME~1\Leebusha\LOCALS~1\Temp\Jnd.exe
O4 - HKCU\..\Run: [HKCU] C:\windows\system32\windir\Svchost.exe
O4 - HKCU\..\Run: [Winservice] C:\windows\winservice.exe
O4 - HKCU\..\Run: [Windows UAC] C:\windows\csrse.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\windows\system32\windir\Svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\windows\system32\windir\Svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: santa.bat
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 12386 bytes
======Scheduled tasks folder======
C:\windows\tasks\AppleSoftwareUpdate.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\Norton Security Scan for Leebusha.job
C:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0 CE\Acrobat\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0eceeac0-8a08-11d4-a521-0020af300fc7}]
IHPIEHook Class - C:\xfonyvxe\HPIE.dll [2010-09-05 40960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant - C:\Program Files\SGPSA\BHO.dll [2009-11-06 293376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
Fast Browser Search Toolbar Helper - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-11-24 953800]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-04-08 48752]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-25 198160]
"VGAUtil"=C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe [2005-08-16 544768]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-04-17 85184]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2010-03-16 13670504]
"NvMediaCenter"=C:\windows\system32\NvMcTray.dll [2010-03-16 110696]
"Device Detector"=DevDetect.exe -autorun []
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168]
"HKLM"=C:\windows\system32\windir\Svchost.exe [2006-01-09 1156472]
"Winservice"=C:\windows\winservice.exe [2010-10-19 195584]
"Windows UAC"=C:\windows\csrse.exe [2010-10-19 19968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\windows\system32\windir\Svchost.exe [2006-01-09 1156472]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]
"LogitechSetup"=D:\Setup\Setup.exe /start /restart /l:enu []
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"IJKUK66HMN"=C:\DOCUME~1\Leebusha\LOCALS~1\Temp\Jnd.exe [2010-10-17 208896]
"HKCU"=C:\windows\system32\windir\Svchost.exe [2006-01-09 1156472]
"Winservice"=C:\windows\winservice.exe [2010-10-19 195584]
"Windows UAC"=C:\windows\csrse.exe [2010-10-19 19968]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\windows\system32\windir\Svchost.exe [2006-01-09 1156472]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Documents and Settings\Leebusha\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe
santa.bat
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2005-04-17 43712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"=C:\windows\system32\Wshxt.dll [2010-09-05 53248]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe"="C:\Program Files\GigaByte\VGA Utility Manager\G-vga.exe:*:Disabled:Menu"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\EA Sports\NHL 09\nhl2009.exe"="C:\Program Files\EA Sports\NHL 09\nhl2009.exe:*:Enabled:nhl2009"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"="C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\WINDOWS\Temp\~os3.tmp\pmropn.exe"="C:\WINDOWS\Temp\~os3.tmp\pmropn.exe:*:Enabled:pmropn.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe"="C:\Program Files\Steam\steamapps\common\mafia ii - public demo\launcher.exe:*:Enabled:Mafia II - Demo"
"C:\WINDOWS\msde.exe"="C:\WINDOWS\msde.exe:*:Enabled:Services controller"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
======List of files/folders created in the last 1 months======
2010-10-23 14:58:10 ----D---- C:\rsit
2010-10-23 14:58:10 ----D---- C:\Program Files\trend micro
2010-10-19 20:37:10 ----A---- C:\windows\tinservice.exe
2010-10-19 20:37:10 ----A---- C:\windows\csrse.exe
2010-10-19 20:37:09 ----A---- C:\windows\winservice.exe
2010-10-19 20:34:12 ----A---- C:\Documents and Settings\Leebusha\Application Data\Leebusha3SQLite3.dll
2010-10-17 14:38:20 ----A---- C:\windows\system32\sshnas21.dll
======List of files/folders modified in the last 1 months======
2010-10-23 14:58:18 ----D---- C:\windows\Prefetch
2010-10-23 14:58:10 ----RD---- C:\Program Files
2010-10-23 14:47:20 ----SD---- C:\windows\Tasks
2010-10-23 14:37:49 ----D---- C:\Documents and Settings\Leebusha\Application Data\Skype
2010-10-23 14:31:50 ----D---- C:\windows\system32\CatRoot2
2010-10-23 13:11:08 ----D---- C:\Program Files\Mozilla Firefox
2010-10-23 13:08:41 ----HD---- C:\windows\Temp
2010-10-23 13:06:19 ----D---- C:\WINDOWS
2010-10-23 13:03:57 ----D---- C:\Documents and Settings\Leebusha\Application Data\Hamachi
2010-10-23 13:00:29 ----D---- C:\Program Files\Symantec AntiVirus
2010-10-23 12:58:43 ----D---- C:\windows\system32
2010-10-22 06:52:35 ----N---- C:\windows\SchedLgU.Txt
2010-10-22 00:04:26 ----D---- C:\Documents and Settings\Leebusha\Application Data\skypePM
2010-10-19 18:06:17 ----D---- C:\windows\Minidump
2010-10-16 13:22:04 ----SHD---- C:\windows\Installer
2010-09-26 09:54:07 ----D---- C:\Program Files\Google
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 agp440;Intel AGP Bus Filter; C:\windows\system32\DRIVERS\agp440.sys [2008-04-14 42368]
R0 giveio;giveio; C:\windows\system32\giveio.sys [1996-04-03 5248]
R0 speedfan;speedfan; C:\windows\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2009-12-14 691696]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\windows\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 Winhpfile;Winhpfile; \??\C:\xfonyvxe\HPFile.sys []
R2 IOSLINK;IOSLINK; \??\C:\windows\system32\drivers\IosLink.sys []
R2 regi;regi; \??\C:\windows\system32\drivers\regi.sys []
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\windows\system32\DRIVERS\e100b325.sys [2003-09-22 145408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 GPCIDrv;GPCIDrv; \??\C:\WINDOWS\GPCIDrv.sys []
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2009-12-19 25280]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\windows\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101022.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101022.004\navex15.sys []
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2010-03-16 10232352]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2003-06-13 578752]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\windows\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ai8ic2yb;ai8ic2yb; C:\windows\system32\drivers\ai8ic2yb.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\windows\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\windows\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 EraserUtilDrv11010;EraserUtilDrv11010; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys []
S3 GVCplDrv;GVCplDrv; C:\windows\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 hidusb;Microsoft HID Class Driver; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 LVcKap;Logitech AEC Driver; C:\windows\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\windows\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\windows\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 mouhid;Mouse HID Driver; C:\windows\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\windows\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\windows\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 pepifilter;Volume Adapter; C:\windows\system32\DRIVERS\lv302af.sys [2007-02-03 14240]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\windows\system32\DRIVERS\LV302V32.SYS [2007-02-03 938272]
S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-04-08 185968]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-04-08 161392]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-04-17 19648]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2010-03-16 154216]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-04-17 1706176]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-03-27 136176]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-04-08 83568]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
pomoc, napadnuty comp pri spusteni sa mi spustila pesnicka
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
Zdravim a pekny den preji 
Uprimne, zaliskane to mate jak jetel 
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Uprimne, zaliskane to mate jak jetel PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
ComboFix 10-10-22.05 - Leebusha 23.10.2010 17:51:26.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1279.857 [GMT 2:00]
Running from: c:\documents and settings\Leebusha\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Leebusha\Application Data\inst.exe
c:\documents and settings\Leebusha\Application Data\Leebusha3SQLite3.dll
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\1.bat
c:\program files\Fast Browser Search\about.html
c:\program files\Fast Browser Search\affid.dat
c:\program files\Fast Browser Search\basis.xml
c:\program files\Fast Browser Search\basis_br.xml
c:\program files\Fast Browser Search\basis_de.xml
c:\program files\Fast Browser Search\basis_en.xml
c:\program files\Fast Browser Search\basis_es.xml
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\tbhelper.dll
c:\program files\Fast Browser Search\tbs_include_script_003175.js
c:\program files\Fast Browser Search\tbs_include_script_005064.js
c:\program files\Fast Browser Search\tbs_include_script_012817.js
c:\program files\Fast Browser Search\Toolbar Help.htm
c:\program files\Fast Browser Search\ToolBarBHO.dll
c:\program files\Fast Browser Search\uninstall.exe
c:\program files\Fast Browser Search\uninstalSGP.exe
c:\program files\Fast Browser Search\uninstalSGPU.exe
c:\program files\Fast Browser Search\update.exe
c:\program files\Fast Browser Search\version.txt
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard PlusU
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\windows\csrse.exe
c:\windows\system32\sshnas21.dll
c:\windows\system32\windir\Svchost.exe
c:\windows\winservice.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.
2010-10-23 12:58 . 2010-10-23 12:58 -------- d-----w- C:\rsit
2010-10-23 12:58 . 2010-10-23 12:58 -------- d-----w- c:\program files\trend micro
2010-10-19 18:37 . 2010-10-19 18:37 195584 ----a-w- c:\windows\tinservice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 10:58 . 2009-07-11 19:32 13440 ----a-w- c:\windows\GPCIDrv.sys
2010-10-23 10:58 . 2009-07-11 19:32 23524 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-09-05 13:59 . 2010-09-05 13:59 53248 ----a-w- c:\windows\system32\wshxt.dll
2010-09-05 13:59 . 2010-09-05 13:59 40960 ----a-w- c:\windows\system32\wmsprog.dll
2010-09-05 13:59 . 2010-09-05 13:59 124928 ----a-w- c:\windows\system32\kernell.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-25 198160]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Leebusha\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-12-19 624416]
santa.bat [2009-10-3 151]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe [2009-6-22 82026]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-5-23 67128]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "c:\windows\system32\Wshxt.dll" [2010-09-05 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 Winhpfile;Winhpfile;c:\xfonyvxe\HPFile.sys [5.9.2010 15:59 16601]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.3.2010 1:39 136176]
S3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [11.7.2009 21:32 13440]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [11.7.2009 21:32 23524]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [17.4.2005 12:30 124608]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.7.2009 17:38 691696]
--- Other Services/Drivers In Memory ---
*Deregistered* - EraserUtilDrv11010
.
Contents of the 'Scheduled Tasks' folder
2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 23:39]
2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 23:39]
2010-10-23 c:\windows\Tasks\Norton Security Scan for Leebusha.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-23 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyServer = http=
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/resul ... D374EA}&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-LogitechSetup - d:\setup\Setup.exe
HKCU-Run-Windows UAC - c:\windows\csrse.exe
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-Winservice - c:\windows\winservice.exe
HKLM-Run-Windows UAC - c:\windows\csrse.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 17:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\PROTOKOL
C:\SKRYTY
C:\XFONYVXE
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-725345543-1060284298-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a5,2a,1d,55,e5,ec,17,b9,5e,4d,3b,bb,58,1f,44,8b,64,cc,60,be,12,40,08,
95,cb,ab,62,ca,d3,e3,84,e1,49,30,27,38,78,9a,3f,0f,69,41,f6,b3,83,53,96,88,\
"??"=hex:f0,cf,c3,61,86,c8,e4,1b,43,10,c7,7a,4a,d2,41,14
.
Completion time: 2010-10-23 17:57:54
ComboFix-quarantined-files.txt 2010-10-23 15:57
Pre-Run: 37 008 019 456 bytes free
Post-Run: 15 adresárov, 37 177 266 176 voľných bajtov
- - End Of File - - FD12666B6D2F5B14FF9C77B5B3DC6C15
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1279.857 [GMT 2:00]
Running from: c:\documents and settings\Leebusha\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Leebusha\Application Data\inst.exe
c:\documents and settings\Leebusha\Application Data\Leebusha3SQLite3.dll
c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\1.bat
c:\program files\Fast Browser Search\about.html
c:\program files\Fast Browser Search\affid.dat
c:\program files\Fast Browser Search\basis.xml
c:\program files\Fast Browser Search\basis_br.xml
c:\program files\Fast Browser Search\basis_de.xml
c:\program files\Fast Browser Search\basis_en.xml
c:\program files\Fast Browser Search\basis_es.xml
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\tbhelper.dll
c:\program files\Fast Browser Search\tbs_include_script_003175.js
c:\program files\Fast Browser Search\tbs_include_script_005064.js
c:\program files\Fast Browser Search\tbs_include_script_012817.js
c:\program files\Fast Browser Search\Toolbar Help.htm
c:\program files\Fast Browser Search\ToolBarBHO.dll
c:\program files\Fast Browser Search\uninstall.exe
c:\program files\Fast Browser Search\uninstalSGP.exe
c:\program files\Fast Browser Search\uninstalSGPU.exe
c:\program files\Fast Browser Search\update.exe
c:\program files\Fast Browser Search\version.txt
c:\program files\Search Guard Plus
c:\program files\Search Guard Plus\fbsProtection.xml
c:\program files\Search Guard Plus\fbsSearchProvider.xml
c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
c:\program files\Search Guard PlusU
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll
c:\windows\csrse.exe
c:\windows\system32\sshnas21.dll
c:\windows\system32\windir\Svchost.exe
c:\windows\winservice.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
.
2010-10-23 12:58 . 2010-10-23 12:58 -------- d-----w- C:\rsit
2010-10-23 12:58 . 2010-10-23 12:58 -------- d-----w- c:\program files\trend micro
2010-10-19 18:37 . 2010-10-19 18:37 195584 ----a-w- c:\windows\tinservice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 10:58 . 2009-07-11 19:32 13440 ----a-w- c:\windows\GPCIDrv.sys
2010-10-23 10:58 . 2009-07-11 19:32 23524 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-09-05 13:59 . 2010-09-05 13:59 53248 ----a-w- c:\windows\system32\wshxt.dll
2010-09-05 13:59 . 2010-09-05 13:59 40960 ----a-w- c:\windows\system32\wmsprog.dll
2010-09-05 13:59 . 2010-09-05 13:59 124928 ----a-w- c:\windows\system32\kernell.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-25 198160]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\Leebusha\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-12-19 624416]
santa.bat [2009-10-3 151]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0 CE\Distillr\AcroTray.exe [2009-6-22 82026]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-5-23 67128]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{DAE0285D-0788-4E87-985E-01DF2EDE4ACD}"= "c:\windows\system32\Wshxt.dll" [2010-09-05 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 Winhpfile;Winhpfile;c:\xfonyvxe\HPFile.sys [5.9.2010 15:59 16601]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.3.2010 1:39 136176]
S3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [11.7.2009 21:32 13440]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [11.7.2009 21:32 23524]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [17.4.2005 12:30 124608]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.7.2009 17:38 691696]
--- Other Services/Drivers In Memory ---
*Deregistered* - EraserUtilDrv11010
.
Contents of the 'Scheduled Tasks' folder
2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 23:39]
2010-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 23:39]
2010-10-23 c:\windows\Tasks\Norton Security Scan for Leebusha.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-23 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyServer = http=
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/resul ... EF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/resul ... D374EA}&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-LogitechSetup - d:\setup\Setup.exe
HKCU-Run-Windows UAC - c:\windows\csrse.exe
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-Winservice - c:\windows\winservice.exe
HKLM-Run-Windows UAC - c:\windows\csrse.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-23 17:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\PROTOKOL
C:\SKRYTY
C:\XFONYVXE
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-725345543-1060284298-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a5,2a,1d,55,e5,ec,17,b9,5e,4d,3b,bb,58,1f,44,8b,64,cc,60,be,12,40,08,
95,cb,ab,62,ca,d3,e3,84,e1,49,30,27,38,78,9a,3f,0f,69,41,f6,b3,83,53,96,88,\
"??"=hex:f0,cf,c3,61,86,c8,e4,1b,43,10,c7,7a,4a,d2,41,14
.
Completion time: 2010-10-23 17:57:54
ComboFix-quarantined-files.txt 2010-10-23 15:57
Pre-Run: 37 008 019 456 bytes free
Post-Run: 15 adresárov, 37 177 266 176 voľných bajtov
- - End Of File - - FD12666B6D2F5B14FF9C77B5B3DC6C15
-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
no je to ten psravny log? este sa mi nezda byt comp ok...
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
Omlouvam se za zpozdeni 
Ja taky netvrdim, ze PC ma uz byt v poradku - log z CF je treba docistit...vydrzte maly moment, dam dalsi postup...
Ja taky netvrdim, ze PC ma uz byt v poradku - log z CF je treba docistit...vydrzte maly moment, dam dalsi postup..."Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
Program Hlidaci Pes Vam neco rika 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
akurat som ho odstranil
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
Akurat = ted nebo jeste pred pouzitim ComboFixu - tam totiz stale videt je... Pres co jste jej odstranoval "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
terza som ho odstranil
no uz mi bol zbytocny volakedy som monitoroval comp ci mi tam niekto nechodi
no uz mi bol zbytocny volakedy som monitoroval comp ci mi tam niekto nechodi
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
Pri prubehu leceni se nedoporucuje provadet svevolne instalace\odinstalace bez doporuceni Radce, jelikoz ten pak nevi co tam ma a nema Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Folder:: C:\PROTOKOL C:\SKRYTY C:\XFONYVXE Registry:: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=- "Skype"=- "ICQ"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Device Detector"=- "iTunesHelper"=- "QuickTime Task"=- "SunJavaUpdateSched"=- "TkBellExe"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000000 File:: c:\documents and settings\Leebusha\Start Menu\Programs\Startup\hamachi.lnk c:\documents and settings\Leebusha\Start Menu\Programs\Startup\santa.bat c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk c:\windows\Tasks\AppleSoftwareUpdate.job c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\xfonyvxe\HPFile.sys Driver:: EraserUtilDrv11010 Winhpfile FireFox:: FF - ProfilePath - c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/result ... EF&v=19&q= FF - prefs.js: browser.search.selectedEngine - Fast Browser Search FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/result ... &v=19&tid={F115E995-7165-C861-5D7E-51B888D374EA}&q= RegLock:: [HKEY_USERS\S-1-5-21-725345543-1060284298-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
ComboFix 10-10-22.05 - Leebusha 24.10.2010 13:34:23.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1279.499 [GMT 2:00]
Running from: c:\documents and settings\Leebusha\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Leebusha\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk"
"c:\documents and settings\Leebusha\Start Menu\Programs\Startup\hamachi.lnk"
"c:\documents and settings\Leebusha\Start Menu\Programs\Startup\santa.bat"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\xfonyvxe\HPFile.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
c:\documents and settings\Leebusha\Start Menu\Programs\Startup\hamachi.lnk
c:\documents and settings\Leebusha\Start Menu\Programs\Startup\santa.bat
C:\PROTOKOL
c:\protokol\LEEBUSHA-8F62F0-20090623.hps
c:\protokol\LEEBUSHA-8F62F0-20090624.hps
c:\protokol\LEEBUSHA-8F62F0-20090625.hps
c:\protokol\LEEBUSHA-8F62F0-20090626.hps
c:\protokol\LEEBUSHA-8F62F0-20090627.hps
c:\protokol\LEEBUSHA-8F62F0-20090628.hps
c:\protokol\LEEBUSHA-8F62F0-20090629.hps
c:\protokol\LEEBUSHA-8F62F0-20090630.hps
c:\protokol\LEEBUSHA-8F62F0-20090701.hps
c:\protokol\LEEBUSHA-8F62F0-20090702.hps
c:\protokol\LEEBUSHA-8F62F0-20090703.hps
c:\protokol\LEEBUSHA-8F62F0-20090705.hps
c:\protokol\LEEBUSHA-8F62F0-20090706.hps
c:\protokol\LEEBUSHA-8F62F0-20090707.hps
c:\protokol\LEEBUSHA-8F62F0-20090708.hps
c:\protokol\LEEBUSHA-8F62F0-20090709.hps
c:\protokol\LEEBUSHA-8F62F0-20090710.hps
c:\protokol\LEEBUSHA-8F62F0-20090711.hps
c:\protokol\LEEBUSHA-8F62F0-20090712.hps
c:\protokol\LEEBUSHA-8F62F0-20090713.hps
c:\protokol\LEEBUSHA-8F62F0-20090714.hps
c:\protokol\LEEBUSHA-8F62F0-20090715.hps
c:\protokol\LEEBUSHA-8F62F0-20090716.hps
c:\protokol\LEEBUSHA-8F62F0-20090717.hps
c:\protokol\LEEBUSHA-8F62F0-20090718.hps
c:\protokol\LEEBUSHA-8F62F0-20090719.hps
c:\protokol\LEEBUSHA-8F62F0-20090720.hps
c:\protokol\LEEBUSHA-8F62F0-20090722.hps
c:\protokol\LEEBUSHA-8F62F0-20090725.hps
c:\protokol\LEEBUSHA-8F62F0-20090727.hps
c:\protokol\LEEBUSHA-8F62F0-20090728.hps
c:\protokol\LEEBUSHA-8F62F0-20090729.hps
c:\protokol\LEEBUSHA-8F62F0-20090730.hps
c:\protokol\LEEBUSHA-8F62F0-20090731.hps
c:\protokol\LEEBUSHA-8F62F0-20090831.hps
c:\protokol\LEEBUSHA-8F62F0-20090901.hps
c:\protokol\LEEBUSHA-8F62F0-20090902.hps
c:\protokol\LEEBUSHA-8F62F0-20090903.hps
c:\protokol\LEEBUSHA-8F62F0-20090905.hps
c:\protokol\LEEBUSHA-8F62F0-20090914.hps
c:\protokol\LEEBUSHA-8F62F0-20090915.hps
c:\protokol\LEEBUSHA-8F62F0-20090916.hps
c:\protokol\LEEBUSHA-8F62F0-20090917.hps
c:\protokol\LEEBUSHA-8F62F0-20090918.hps
c:\protokol\LEEBUSHA-8F62F0-20090919.hps
c:\protokol\LEEBUSHA-8F62F0-20090920.hps
c:\protokol\LEEBUSHA-8F62F0-20090921.hps
c:\protokol\LEEBUSHA-8F62F0-20090922.hps
c:\protokol\LEEBUSHA-8F62F0-20090923.hps
c:\protokol\LEEBUSHA-8F62F0-20090924.hps
c:\protokol\LEEBUSHA-8F62F0-20090925.hps
c:\protokol\LEEBUSHA-8F62F0-20090926.hps
c:\protokol\LEEBUSHA-8F62F0-20090927.hps
c:\protokol\LEEBUSHA-8F62F0-20090928.hps
c:\protokol\LEEBUSHA-8F62F0-20090929.hps
c:\protokol\LEEBUSHA-8F62F0-20090930.hps
c:\protokol\LEEBUSHA-8F62F0-20091001.hps
c:\protokol\LEEBUSHA-8F62F0-20091002.hps
c:\protokol\LEEBUSHA-8F62F0-20091003.hps
c:\protokol\LEEBUSHA-8F62F0-20091004.hps
c:\protokol\LEEBUSHA-8F62F0-20091005.hps
c:\protokol\LEEBUSHA-8F62F0-20091006.hps
c:\protokol\LEEBUSHA-8F62F0-20091007.hps
c:\protokol\LEEBUSHA-8F62F0-20091008.hps
c:\protokol\LEEBUSHA-8F62F0-20091009.hps
c:\protokol\LEEBUSHA-8F62F0-20091011.hps
c:\protokol\LEEBUSHA-8F62F0-20091012.hps
c:\protokol\LEEBUSHA-8F62F0-20091013.hps
c:\protokol\LEEBUSHA-8F62F0-20091014.hps
c:\protokol\LEEBUSHA-8F62F0-20091015.hps
c:\protokol\LEEBUSHA-8F62F0-20091016.hps
c:\protokol\LEEBUSHA-8F62F0-20091017.hps
c:\protokol\LEEBUSHA-8F62F0-20091018.hps
c:\protokol\LEEBUSHA-8F62F0-20091019.hps
c:\protokol\LEEBUSHA-8F62F0-20091020.hps
c:\protokol\LEEBUSHA-8F62F0-20091021.hps
c:\protokol\LEEBUSHA-8F62F0-20091022.hps
c:\protokol\LEEBUSHA-8F62F0-20091023.hps
c:\protokol\LEEBUSHA-8F62F0-20091024.hps
c:\protokol\LEEBUSHA-8F62F0-20091025.hps
c:\protokol\LEEBUSHA-8F62F0-20091026.hps
c:\protokol\LEEBUSHA-8F62F0-20091027.hps
c:\protokol\LEEBUSHA-8F62F0-20091028.hps
c:\protokol\LEEBUSHA-8F62F0-20091029.hps
c:\protokol\LEEBUSHA-8F62F0-20091030.hps
c:\protokol\LEEBUSHA-8F62F0-20091031.hps
c:\protokol\LEEBUSHA-8F62F0-20091101.hps
c:\protokol\LEEBUSHA-8F62F0-20091102.hps
c:\protokol\LEEBUSHA-8F62F0-20091103.hps
c:\protokol\LEEBUSHA-8F62F0-20091104.hps
c:\protokol\LEEBUSHA-8F62F0-20091105.hps
c:\protokol\LEEBUSHA-8F62F0-20091106.hps
c:\protokol\LEEBUSHA-8F62F0-20091107.hps
c:\protokol\LEEBUSHA-8F62F0-20091108.hps
c:\protokol\LEEBUSHA-8F62F0-20091109.hps
c:\protokol\LEEBUSHA-8F62F0-20091110.hps
c:\protokol\LEEBUSHA-8F62F0-20091111.hps
c:\protokol\LEEBUSHA-8F62F0-20091112.hps
c:\protokol\LEEBUSHA-8F62F0-20091113.hps
c:\protokol\LEEBUSHA-8F62F0-20091213.hps
c:\protokol\LEEBUSHA-8F62F0-20091214.hps
c:\protokol\LEEBUSHA-8F62F0-20091215.hps
c:\protokol\LEEBUSHA-8F62F0-20091216.hps
c:\protokol\LEEBUSHA-8F62F0-20091217.hps
c:\protokol\LEEBUSHA-8F62F0-20091218.hps
c:\protokol\LEEBUSHA-8F62F0-20091219.hps
c:\protokol\LEEBUSHA-8F62F0-20091220.hps
c:\protokol\LEEBUSHA-8F62F0-20091221.hps
c:\protokol\LEEBUSHA-8F62F0-20091222.hps
c:\protokol\LEEBUSHA-8F62F0-20091223.hps
c:\protokol\LEEBUSHA-8F62F0-20091224.hps
c:\protokol\LEEBUSHA-8F62F0-20091225.hps
c:\protokol\LEEBUSHA-8F62F0-20091226.hps
c:\protokol\LEEBUSHA-8F62F0-20091227.hps
c:\protokol\LEEBUSHA-8F62F0-20091228.hps
c:\protokol\LEEBUSHA-8F62F0-20100905.hps
c:\protokol\LEEBUSHA-8F62F0-20100906.hps
c:\protokol\LEEBUSHA-8F62F0-20100907.hps
c:\protokol\LEEBUSHA-8F62F0-20100908.hps
c:\protokol\LEEBUSHA-8F62F0-20100911.hps
c:\protokol\LEEBUSHA-8F62F0-20100913.hps
c:\protokol\LEEBUSHA-8F62F0-20100914.hps
c:\protokol\LEEBUSHA-8F62F0-20100915.hps
c:\protokol\LEEBUSHA-8F62F0-20100916.hps
c:\protokol\LEEBUSHA-8F62F0-20100917.hps
c:\protokol\LEEBUSHA-8F62F0-20100920.hps
c:\protokol\LEEBUSHA-8F62F0-20100921.hps
c:\protokol\LEEBUSHA-8F62F0-20100923.hps
c:\protokol\LEEBUSHA-8F62F0-20100924.hps
c:\protokol\LEEBUSHA-8F62F0-20100927.hps
c:\protokol\LEEBUSHA-8F62F0-20100928.hps
c:\protokol\LEEBUSHA-8F62F0-20100929.hps
c:\protokol\LEEBUSHA-8F62F0-20101005.hps
c:\protokol\LEEBUSHA-8F62F0-20101011.hps
c:\protokol\LEEBUSHA-8F62F0-20101012.hps
c:\protokol\LEEBUSHA-8F62F0-20101014.hps
c:\protokol\LEEBUSHA-8F62F0-20101016.hps
c:\protokol\LEEBUSHA-8F62F0-20101017.hps
c:\protokol\LEEBUSHA-8F62F0-20101019.hps
c:\protokol\LEEBUSHA-8F62F0-20101021.hps
c:\protokol\LEEBUSHA-8F62F0-20101022.hps
c:\protokol\LEEBUSHA-8F62F0-20101023.hps
c:\protokol\LEEBUSHA-8F62F0-20101024.hps
C:\SKRYTY
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ERASERUTILDRV11010
-------\Legacy_WINHPFILE
-------\Service_EraserUtilDrv11010
((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.
2010-10-23 12:58 . 2010-10-23 12:58 -------- d-----w- C:\rsit
2010-10-23 12:58 . 2010-10-23 12:58 -------- d-----w- c:\program files\trend micro
2010-10-19 18:37 . 2010-10-19 18:37 195584 ----a-w- c:\windows\tinservice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 11:43 . 2009-07-11 19:32 13440 ----a-w- c:\windows\GPCIDrv.sys
2010-10-24 11:42 . 2009-07-11 19:32 23524 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-10-23_15.55.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-24 11:42 . 2010-10-24 11:42 16384 c:\windows\Temp\Perflib_Perfdata_790.dat
+ 2010-10-24 04:14 . 2002-12-11 22:14 46592 c:\windows\system32\dxdllreg.exe
+ 2010-10-24 04:14 . 2004-07-09 02:26 52096 c:\windows\system32\drivers\msdv.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 15104 c:\windows\system32\drivers\mpe.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 11392 c:\windows\system32\drivers\bdasup.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 47104 c:\windows\system32\dllcache\wstdecod.dll
+ 2010-10-24 04:14 . 2002-08-29 01:41 31744 c:\windows\system32\dllcache\pid.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 52096 c:\windows\system32\dllcache\msdv.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 13312 c:\windows\system32\dllcache\msdmo.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 15104 c:\windows\system32\dllcache\mpe.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 34304 c:\windows\system32\dllcache\mciqtz32.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 18432 c:\windows\system32\dllcache\dswave.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 79360 c:\windows\system32\dllcache\dpwsockx.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 80896 c:\windows\system32\dllcache\dpvsetup.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 19968 c:\windows\system32\dllcache\dpvacm.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 16896 c:\windows\system32\dllcache\dpnsvr.exe
+ 2010-10-24 04:14 . 2003-03-24 07:00 68096 c:\windows\system32\dllcache\dpnhupnp.dll
+ 2010-10-24 04:14 . 2003-03-24 07:00 32768 c:\windows\system32\dllcache\dpnhpast.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 77824 c:\windows\system32\dllcache\dpmodemx.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 28160 c:\windows\system32\dllcache\dplaysvr.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 98816 c:\windows\system32\dllcache\dmstyle.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 76800 c:\windows\system32\dllcache\dmscript.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 33280 c:\windows\system32\dllcache\dmloader.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 58368 c:\windows\system32\dllcache\dmcompos.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 27136 c:\windows\system32\dllcache\dmband.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 24064 c:\windows\system32\dllcache\ddrawex.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 11392 c:\windows\system32\dllcache\bdasup.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 64512 c:\windows\system32\dllcache\amstream.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 47104 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstdecod.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 18688 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstcodec.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 14976 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\streamip.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 10880 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\slip.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 10112 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ndisip.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 83968 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\nabtsfec.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 16896 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msyuv.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 15104 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\mpe.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 16384 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ccdecode.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 11392 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\bdasup.sys
+ 2010-10-24 04:14 . 2004-07-09 02:27 48512 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\stream.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 13312 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\msdmo.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 34304 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mciqtz32.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 18944 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\encapi.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 46592 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 18432 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dswave.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 79360 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpwsockx.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 80896 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvsetup.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 19968 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvacm.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 16896 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnsvr.exe
+ 2010-10-24 04:14 . 2003-03-24 07:00 68096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhupnp.dll
+ 2010-10-24 04:14 . 2003-03-24 07:00 32768 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhpast.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 77824 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpmodemx.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 28160 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplaysvr.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 98816 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmstyle.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 76800 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmscript.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 33280 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmloader.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 58368 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmcompos.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 27136 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmband.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 24064 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddrawex.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 64512 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\amstream.dll
+ 2010-10-23 16:50 . 2010-10-23 16:50 21504 c:\windows\Installer\638407.msi
+ 2010-10-24 04:14 . 2004-07-09 02:26 18688 c:\windows\Driver Cache\i386\wstcodec.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 14976 c:\windows\Driver Cache\i386\streamip.sys
+ 2010-10-24 04:14 . 2004-07-09 02:27 48512 c:\windows\Driver Cache\i386\stream.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 10880 c:\windows\Driver Cache\i386\slip.sys
+ 2010-10-24 04:14 . 2002-08-29 01:41 31744 c:\windows\Driver Cache\i386\pid.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 10112 c:\windows\Driver Cache\i386\ndisip.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 83968 c:\windows\Driver Cache\i386\nabtsfec.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 16896 c:\windows\Driver Cache\i386\msyuv.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 52096 c:\windows\Driver Cache\i386\msdv.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 15104 c:\windows\Driver Cache\i386\mpe.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 16384 c:\windows\Driver Cache\i386\ccdecode.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 11392 c:\windows\Driver Cache\i386\bdasup.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 3072 c:\windows\system32\dllcache\dpnlobby.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 3072 c:\windows\system32\dllcache\dpnaddr.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 8192 c:\windows\system32\dllcache\d3d8thk.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 4096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\swenum.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 5504 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mstee.sys
+ 2010-10-24 04:14 . 2001-08-23 03:00 4608 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspqm.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 5248 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspclock.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 7424 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mskssrv.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 4096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 3072 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnlobby.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 3072 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnaddr.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 8192 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8thk.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 4096 c:\windows\Driver Cache\i386\swenum.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 5504 c:\windows\Driver Cache\i386\mstee.sys
+ 2010-10-24 04:14 . 2001-08-23 03:00 4608 c:\windows\Driver Cache\i386\mspqm.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 5248 c:\windows\Driver Cache\i386\mspclock.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 7424 c:\windows\Driver Cache\i386\mskssrv.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 4096 c:\windows\Driver Cache\i386\ksuser.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 354816 c:\windows\system32\psisdecd.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 733184 c:\windows\system32\dllcache\qedwipes.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 470528 c:\windows\system32\dllcache\qdvd.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 316928 c:\windows\system32\dllcache\qdv.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 257024 c:\windows\system32\dllcache\qcap.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 354816 c:\windows\system32\dllcache\psisdecd.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 324096 c:\windows\system32\dllcache\mswebdvd.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 974848 c:\windows\system32\dllcache\dxdiag.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 602624 c:\windows\system32\dllcache\dx7vb.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 381952 c:\windows\system32\dllcache\dsound.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 491520 c:\windows\system32\dllcache\dsdmoprp.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 186880 c:\windows\system32\dllcache\dsdmo.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 112128 c:\windows\system32\dllcache\dpvvox.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 381952 c:\windows\system32\dllcache\dpvoice.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 723968 c:\windows\system32\dllcache\dpnet.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 230400 c:\windows\system32\dllcache\dplayx.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 122880 c:\windows\system32\dllcache\dmusic.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 100864 c:\windows\system32\dllcache\dmsynth.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 181248 c:\windows\system32\dllcache\dmime.dll
+ 2010-10-24 04:14 . 2002-08-29 01:40 667648 c:\windows\system32\dllcache\dinput8.dll
+ 2010-10-24 04:14 . 2002-08-29 01:40 648704 c:\windows\system32\dllcache\dinput.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 132608 c:\windows\system32\dllcache\devenum.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 292864 c:\windows\system32\dllcache\ddraw.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 797184 c:\windows\system32\dllcache\d3dim700.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 354816 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\psisdecd.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 733184 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qedwipes.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 470528 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdvd.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 316928 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdv.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 257024 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qcap.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 173056 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qasf.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 324096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mswebdvd.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 130304 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ks.sys
+ 2010-10-24 04:14 . 2004-07-09 02:27 974848 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 602624 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dx7vb.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 381952 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 491520 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsdmoprp.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 186880 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsdmo.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 112128 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvvox.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 381952 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvoice.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 723968 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnet.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 230400 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplayx.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 122880 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmusic.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 100864 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmsynth.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 181248 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmime.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 132608 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\devenum.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 292864 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 797184 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3dim700.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 354816 c:\windows\Driver Cache\i386\psisdecd.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 130304 c:\windows\Driver Cache\i386\ks.sys
+ 2010-10-24 04:14 . 2003-05-30 07:00 1962496 c:\windows\system32\dllcache\quartz.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 1798144 c:\windows\system32\dllcache\qedit.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 1230336 c:\windows\system32\dllcache\msvidctl.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 1189888 c:\windows\system32\dllcache\dx8vb.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 1294336 c:\windows\system32\dllcache\dsound3d.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 1201152 c:\windows\system32\dllcache\d3d8.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 1230336 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msvidctl.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 1962496 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\quartz.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 1798144 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qedit.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 1189888 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dx8vb.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 1294336 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound3d.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 1201152 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Leebusha\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-5-23 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [11.7.2009 21:32 13440]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [11.7.2009 21:32 23524]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.3.2010 1:39 136176]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [17.4.2005 12:30 124608]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.7.2009 17:38 691696]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ERASERUTILDRV11010
*Deregistered* - EraserUtilDrv11010
.
Contents of the 'Scheduled Tasks' folder
2010-10-23 c:\windows\Tasks\Norton Security Scan for Leebusha.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-23 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyServer = http=
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 13:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-725345543-1060284298-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a5,2a,1d,55,e5,ec,17,b9,5e,4d,3b,bb,58,1f,44,8b,64,cc,60,be,12,40,08,
95,cb,ab,62,ca,d3,e3,84,e1,49,30,27,38,78,9a,3f,0f,69,41,f6,b3,83,53,96,88,\
"??"=hex:f0,cf,c3,61,86,c8,e4,1b,43,10,c7,7a,4a,d2,41,14
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(7896)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-24 13:47:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-24 11:47
ComboFix2.txt 2010-10-23 15:57
Pre-Run: 32 905 625 600 bytes free
Post-Run: 15 adresárov, 32 815 132 672 voľných bajtov
- - End Of File - - 5538B70892BC2BA882D60F94D478AE9D
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1279.499 [GMT 2:00]
Running from: c:\documents and settings\Leebusha\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Leebusha\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk"
"c:\documents and settings\Leebusha\Start Menu\Programs\Startup\hamachi.lnk"
"c:\documents and settings\Leebusha\Start Menu\Programs\Startup\santa.bat"
"c:\windows\Tasks\AppleSoftwareUpdate.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\xfonyvxe\HPFile.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
c:\documents and settings\Leebusha\Start Menu\Programs\Startup\hamachi.lnk
c:\documents and settings\Leebusha\Start Menu\Programs\Startup\santa.bat
C:\PROTOKOL
c:\protokol\LEEBUSHA-8F62F0-20090623.hps
c:\protokol\LEEBUSHA-8F62F0-20090624.hps
c:\protokol\LEEBUSHA-8F62F0-20090625.hps
c:\protokol\LEEBUSHA-8F62F0-20090626.hps
c:\protokol\LEEBUSHA-8F62F0-20090627.hps
c:\protokol\LEEBUSHA-8F62F0-20090628.hps
c:\protokol\LEEBUSHA-8F62F0-20090629.hps
c:\protokol\LEEBUSHA-8F62F0-20090630.hps
c:\protokol\LEEBUSHA-8F62F0-20090701.hps
c:\protokol\LEEBUSHA-8F62F0-20090702.hps
c:\protokol\LEEBUSHA-8F62F0-20090703.hps
c:\protokol\LEEBUSHA-8F62F0-20090705.hps
c:\protokol\LEEBUSHA-8F62F0-20090706.hps
c:\protokol\LEEBUSHA-8F62F0-20090707.hps
c:\protokol\LEEBUSHA-8F62F0-20090708.hps
c:\protokol\LEEBUSHA-8F62F0-20090709.hps
c:\protokol\LEEBUSHA-8F62F0-20090710.hps
c:\protokol\LEEBUSHA-8F62F0-20090711.hps
c:\protokol\LEEBUSHA-8F62F0-20090712.hps
c:\protokol\LEEBUSHA-8F62F0-20090713.hps
c:\protokol\LEEBUSHA-8F62F0-20090714.hps
c:\protokol\LEEBUSHA-8F62F0-20090715.hps
c:\protokol\LEEBUSHA-8F62F0-20090716.hps
c:\protokol\LEEBUSHA-8F62F0-20090717.hps
c:\protokol\LEEBUSHA-8F62F0-20090718.hps
c:\protokol\LEEBUSHA-8F62F0-20090719.hps
c:\protokol\LEEBUSHA-8F62F0-20090720.hps
c:\protokol\LEEBUSHA-8F62F0-20090722.hps
c:\protokol\LEEBUSHA-8F62F0-20090725.hps
c:\protokol\LEEBUSHA-8F62F0-20090727.hps
c:\protokol\LEEBUSHA-8F62F0-20090728.hps
c:\protokol\LEEBUSHA-8F62F0-20090729.hps
c:\protokol\LEEBUSHA-8F62F0-20090730.hps
c:\protokol\LEEBUSHA-8F62F0-20090731.hps
c:\protokol\LEEBUSHA-8F62F0-20090831.hps
c:\protokol\LEEBUSHA-8F62F0-20090901.hps
c:\protokol\LEEBUSHA-8F62F0-20090902.hps
c:\protokol\LEEBUSHA-8F62F0-20090903.hps
c:\protokol\LEEBUSHA-8F62F0-20090905.hps
c:\protokol\LEEBUSHA-8F62F0-20090914.hps
c:\protokol\LEEBUSHA-8F62F0-20090915.hps
c:\protokol\LEEBUSHA-8F62F0-20090916.hps
c:\protokol\LEEBUSHA-8F62F0-20090917.hps
c:\protokol\LEEBUSHA-8F62F0-20090918.hps
c:\protokol\LEEBUSHA-8F62F0-20090919.hps
c:\protokol\LEEBUSHA-8F62F0-20090920.hps
c:\protokol\LEEBUSHA-8F62F0-20090921.hps
c:\protokol\LEEBUSHA-8F62F0-20090922.hps
c:\protokol\LEEBUSHA-8F62F0-20090923.hps
c:\protokol\LEEBUSHA-8F62F0-20090924.hps
c:\protokol\LEEBUSHA-8F62F0-20090925.hps
c:\protokol\LEEBUSHA-8F62F0-20090926.hps
c:\protokol\LEEBUSHA-8F62F0-20090927.hps
c:\protokol\LEEBUSHA-8F62F0-20090928.hps
c:\protokol\LEEBUSHA-8F62F0-20090929.hps
c:\protokol\LEEBUSHA-8F62F0-20090930.hps
c:\protokol\LEEBUSHA-8F62F0-20091001.hps
c:\protokol\LEEBUSHA-8F62F0-20091002.hps
c:\protokol\LEEBUSHA-8F62F0-20091003.hps
c:\protokol\LEEBUSHA-8F62F0-20091004.hps
c:\protokol\LEEBUSHA-8F62F0-20091005.hps
c:\protokol\LEEBUSHA-8F62F0-20091006.hps
c:\protokol\LEEBUSHA-8F62F0-20091007.hps
c:\protokol\LEEBUSHA-8F62F0-20091008.hps
c:\protokol\LEEBUSHA-8F62F0-20091009.hps
c:\protokol\LEEBUSHA-8F62F0-20091011.hps
c:\protokol\LEEBUSHA-8F62F0-20091012.hps
c:\protokol\LEEBUSHA-8F62F0-20091013.hps
c:\protokol\LEEBUSHA-8F62F0-20091014.hps
c:\protokol\LEEBUSHA-8F62F0-20091015.hps
c:\protokol\LEEBUSHA-8F62F0-20091016.hps
c:\protokol\LEEBUSHA-8F62F0-20091017.hps
c:\protokol\LEEBUSHA-8F62F0-20091018.hps
c:\protokol\LEEBUSHA-8F62F0-20091019.hps
c:\protokol\LEEBUSHA-8F62F0-20091020.hps
c:\protokol\LEEBUSHA-8F62F0-20091021.hps
c:\protokol\LEEBUSHA-8F62F0-20091022.hps
c:\protokol\LEEBUSHA-8F62F0-20091023.hps
c:\protokol\LEEBUSHA-8F62F0-20091024.hps
c:\protokol\LEEBUSHA-8F62F0-20091025.hps
c:\protokol\LEEBUSHA-8F62F0-20091026.hps
c:\protokol\LEEBUSHA-8F62F0-20091027.hps
c:\protokol\LEEBUSHA-8F62F0-20091028.hps
c:\protokol\LEEBUSHA-8F62F0-20091029.hps
c:\protokol\LEEBUSHA-8F62F0-20091030.hps
c:\protokol\LEEBUSHA-8F62F0-20091031.hps
c:\protokol\LEEBUSHA-8F62F0-20091101.hps
c:\protokol\LEEBUSHA-8F62F0-20091102.hps
c:\protokol\LEEBUSHA-8F62F0-20091103.hps
c:\protokol\LEEBUSHA-8F62F0-20091104.hps
c:\protokol\LEEBUSHA-8F62F0-20091105.hps
c:\protokol\LEEBUSHA-8F62F0-20091106.hps
c:\protokol\LEEBUSHA-8F62F0-20091107.hps
c:\protokol\LEEBUSHA-8F62F0-20091108.hps
c:\protokol\LEEBUSHA-8F62F0-20091109.hps
c:\protokol\LEEBUSHA-8F62F0-20091110.hps
c:\protokol\LEEBUSHA-8F62F0-20091111.hps
c:\protokol\LEEBUSHA-8F62F0-20091112.hps
c:\protokol\LEEBUSHA-8F62F0-20091113.hps
c:\protokol\LEEBUSHA-8F62F0-20091213.hps
c:\protokol\LEEBUSHA-8F62F0-20091214.hps
c:\protokol\LEEBUSHA-8F62F0-20091215.hps
c:\protokol\LEEBUSHA-8F62F0-20091216.hps
c:\protokol\LEEBUSHA-8F62F0-20091217.hps
c:\protokol\LEEBUSHA-8F62F0-20091218.hps
c:\protokol\LEEBUSHA-8F62F0-20091219.hps
c:\protokol\LEEBUSHA-8F62F0-20091220.hps
c:\protokol\LEEBUSHA-8F62F0-20091221.hps
c:\protokol\LEEBUSHA-8F62F0-20091222.hps
c:\protokol\LEEBUSHA-8F62F0-20091223.hps
c:\protokol\LEEBUSHA-8F62F0-20091224.hps
c:\protokol\LEEBUSHA-8F62F0-20091225.hps
c:\protokol\LEEBUSHA-8F62F0-20091226.hps
c:\protokol\LEEBUSHA-8F62F0-20091227.hps
c:\protokol\LEEBUSHA-8F62F0-20091228.hps
c:\protokol\LEEBUSHA-8F62F0-20100905.hps
c:\protokol\LEEBUSHA-8F62F0-20100906.hps
c:\protokol\LEEBUSHA-8F62F0-20100907.hps
c:\protokol\LEEBUSHA-8F62F0-20100908.hps
c:\protokol\LEEBUSHA-8F62F0-20100911.hps
c:\protokol\LEEBUSHA-8F62F0-20100913.hps
c:\protokol\LEEBUSHA-8F62F0-20100914.hps
c:\protokol\LEEBUSHA-8F62F0-20100915.hps
c:\protokol\LEEBUSHA-8F62F0-20100916.hps
c:\protokol\LEEBUSHA-8F62F0-20100917.hps
c:\protokol\LEEBUSHA-8F62F0-20100920.hps
c:\protokol\LEEBUSHA-8F62F0-20100921.hps
c:\protokol\LEEBUSHA-8F62F0-20100923.hps
c:\protokol\LEEBUSHA-8F62F0-20100924.hps
c:\protokol\LEEBUSHA-8F62F0-20100927.hps
c:\protokol\LEEBUSHA-8F62F0-20100928.hps
c:\protokol\LEEBUSHA-8F62F0-20100929.hps
c:\protokol\LEEBUSHA-8F62F0-20101005.hps
c:\protokol\LEEBUSHA-8F62F0-20101011.hps
c:\protokol\LEEBUSHA-8F62F0-20101012.hps
c:\protokol\LEEBUSHA-8F62F0-20101014.hps
c:\protokol\LEEBUSHA-8F62F0-20101016.hps
c:\protokol\LEEBUSHA-8F62F0-20101017.hps
c:\protokol\LEEBUSHA-8F62F0-20101019.hps
c:\protokol\LEEBUSHA-8F62F0-20101021.hps
c:\protokol\LEEBUSHA-8F62F0-20101022.hps
c:\protokol\LEEBUSHA-8F62F0-20101023.hps
c:\protokol\LEEBUSHA-8F62F0-20101024.hps
C:\SKRYTY
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ERASERUTILDRV11010
-------\Legacy_WINHPFILE
-------\Service_EraserUtilDrv11010
((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.
2010-10-23 12:58 . 2010-10-23 12:58 -------- d-----w- C:\rsit
2010-10-23 12:58 . 2010-10-23 12:58 -------- d-----w- c:\program files\trend micro
2010-10-19 18:37 . 2010-10-19 18:37 195584 ----a-w- c:\windows\tinservice.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 11:43 . 2009-07-11 19:32 13440 ----a-w- c:\windows\GPCIDrv.sys
2010-10-24 11:42 . 2009-07-11 19:32 23524 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-10-23_15.55.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-24 11:42 . 2010-10-24 11:42 16384 c:\windows\Temp\Perflib_Perfdata_790.dat
+ 2010-10-24 04:14 . 2002-12-11 22:14 46592 c:\windows\system32\dxdllreg.exe
+ 2010-10-24 04:14 . 2004-07-09 02:26 52096 c:\windows\system32\drivers\msdv.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 15104 c:\windows\system32\drivers\mpe.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 11392 c:\windows\system32\drivers\bdasup.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 47104 c:\windows\system32\dllcache\wstdecod.dll
+ 2010-10-24 04:14 . 2002-08-29 01:41 31744 c:\windows\system32\dllcache\pid.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 52096 c:\windows\system32\dllcache\msdv.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 13312 c:\windows\system32\dllcache\msdmo.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 15104 c:\windows\system32\dllcache\mpe.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 34304 c:\windows\system32\dllcache\mciqtz32.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 18432 c:\windows\system32\dllcache\dswave.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 79360 c:\windows\system32\dllcache\dpwsockx.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 80896 c:\windows\system32\dllcache\dpvsetup.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 19968 c:\windows\system32\dllcache\dpvacm.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 16896 c:\windows\system32\dllcache\dpnsvr.exe
+ 2010-10-24 04:14 . 2003-03-24 07:00 68096 c:\windows\system32\dllcache\dpnhupnp.dll
+ 2010-10-24 04:14 . 2003-03-24 07:00 32768 c:\windows\system32\dllcache\dpnhpast.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 77824 c:\windows\system32\dllcache\dpmodemx.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 28160 c:\windows\system32\dllcache\dplaysvr.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 98816 c:\windows\system32\dllcache\dmstyle.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 76800 c:\windows\system32\dllcache\dmscript.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 33280 c:\windows\system32\dllcache\dmloader.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 58368 c:\windows\system32\dllcache\dmcompos.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 27136 c:\windows\system32\dllcache\dmband.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 24064 c:\windows\system32\dllcache\ddrawex.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 11392 c:\windows\system32\dllcache\bdasup.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 64512 c:\windows\system32\dllcache\amstream.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 47104 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstdecod.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 18688 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\wstcodec.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 14976 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\streamip.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 10880 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\slip.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 10112 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ndisip.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 83968 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\nabtsfec.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 16896 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msyuv.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 15104 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\mpe.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 16384 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\ccdecode.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 11392 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\bdasup.sys
+ 2010-10-24 04:14 . 2004-07-09 02:27 48512 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\stream.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 13312 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\msdmo.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 34304 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mciqtz32.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 18944 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\encapi.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 46592 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 18432 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dswave.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 79360 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpwsockx.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 80896 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvsetup.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 19968 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvacm.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 16896 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnsvr.exe
+ 2010-10-24 04:14 . 2003-03-24 07:00 68096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhupnp.dll
+ 2010-10-24 04:14 . 2003-03-24 07:00 32768 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnhpast.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 77824 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpmodemx.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 28160 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplaysvr.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 98816 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmstyle.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 76800 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmscript.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 33280 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmloader.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 58368 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmcompos.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 27136 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmband.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 24064 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddrawex.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 64512 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\amstream.dll
+ 2010-10-23 16:50 . 2010-10-23 16:50 21504 c:\windows\Installer\638407.msi
+ 2010-10-24 04:14 . 2004-07-09 02:26 18688 c:\windows\Driver Cache\i386\wstcodec.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 14976 c:\windows\Driver Cache\i386\streamip.sys
+ 2010-10-24 04:14 . 2004-07-09 02:27 48512 c:\windows\Driver Cache\i386\stream.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 10880 c:\windows\Driver Cache\i386\slip.sys
+ 2010-10-24 04:14 . 2002-08-29 01:41 31744 c:\windows\Driver Cache\i386\pid.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 10112 c:\windows\Driver Cache\i386\ndisip.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 83968 c:\windows\Driver Cache\i386\nabtsfec.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 16896 c:\windows\Driver Cache\i386\msyuv.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 52096 c:\windows\Driver Cache\i386\msdv.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 15104 c:\windows\Driver Cache\i386\mpe.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 16384 c:\windows\Driver Cache\i386\ccdecode.sys
+ 2010-10-24 04:14 . 2004-07-09 02:26 11392 c:\windows\Driver Cache\i386\bdasup.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 3072 c:\windows\system32\dllcache\dpnlobby.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 3072 c:\windows\system32\dllcache\dpnaddr.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 8192 c:\windows\system32\dllcache\d3d8thk.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 4096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\swenum.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 5504 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mstee.sys
+ 2010-10-24 04:14 . 2001-08-23 03:00 4608 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspqm.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 5248 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mspclock.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 7424 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mskssrv.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 4096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ksuser.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 3072 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnlobby.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 3072 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnaddr.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 8192 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8thk.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 4096 c:\windows\Driver Cache\i386\swenum.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 5504 c:\windows\Driver Cache\i386\mstee.sys
+ 2010-10-24 04:14 . 2001-08-23 03:00 4608 c:\windows\Driver Cache\i386\mspqm.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 5248 c:\windows\Driver Cache\i386\mspclock.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 7424 c:\windows\Driver Cache\i386\mskssrv.sys
+ 2010-10-24 04:14 . 2002-12-11 22:14 4096 c:\windows\Driver Cache\i386\ksuser.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 354816 c:\windows\system32\psisdecd.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 733184 c:\windows\system32\dllcache\qedwipes.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 470528 c:\windows\system32\dllcache\qdvd.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 316928 c:\windows\system32\dllcache\qdv.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 257024 c:\windows\system32\dllcache\qcap.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 354816 c:\windows\system32\dllcache\psisdecd.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 324096 c:\windows\system32\dllcache\mswebdvd.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 974848 c:\windows\system32\dllcache\dxdiag.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 602624 c:\windows\system32\dllcache\dx7vb.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 381952 c:\windows\system32\dllcache\dsound.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 491520 c:\windows\system32\dllcache\dsdmoprp.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 186880 c:\windows\system32\dllcache\dsdmo.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 112128 c:\windows\system32\dllcache\dpvvox.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 381952 c:\windows\system32\dllcache\dpvoice.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 723968 c:\windows\system32\dllcache\dpnet.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 230400 c:\windows\system32\dllcache\dplayx.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 122880 c:\windows\system32\dllcache\dmusic.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 100864 c:\windows\system32\dllcache\dmsynth.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 181248 c:\windows\system32\dllcache\dmime.dll
+ 2010-10-24 04:14 . 2002-08-29 01:40 667648 c:\windows\system32\dllcache\dinput8.dll
+ 2010-10-24 04:14 . 2002-08-29 01:40 648704 c:\windows\system32\dllcache\dinput.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 132608 c:\windows\system32\dllcache\devenum.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 292864 c:\windows\system32\dllcache\ddraw.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 797184 c:\windows\system32\dllcache\d3dim700.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 354816 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\psisdecd.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 733184 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qedwipes.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 470528 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdvd.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 316928 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qdv.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 257024 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qcap.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 173056 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qasf.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 324096 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\mswebdvd.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 130304 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ks.sys
+ 2010-10-24 04:14 . 2004-07-09 02:27 974848 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe
+ 2010-10-24 04:14 . 2002-12-11 22:14 602624 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dx7vb.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 381952 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 491520 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsdmoprp.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 186880 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsdmo.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 112128 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvvox.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 381952 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpvoice.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 723968 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dpnet.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 230400 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplayx.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 122880 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmusic.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 100864 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmsynth.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 181248 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmime.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 132608 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\devenum.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 292864 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\ddraw.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 797184 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3dim700.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 354816 c:\windows\Driver Cache\i386\psisdecd.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 130304 c:\windows\Driver Cache\i386\ks.sys
+ 2010-10-24 04:14 . 2003-05-30 07:00 1962496 c:\windows\system32\dllcache\quartz.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 1798144 c:\windows\system32\dllcache\qedit.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 1230336 c:\windows\system32\dllcache\msvidctl.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 1189888 c:\windows\system32\dllcache\dx8vb.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 1294336 c:\windows\system32\dllcache\dsound3d.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 1201152 c:\windows\system32\dllcache\d3d8.dll
+ 2010-10-24 04:14 . 2004-07-09 02:26 1230336 c:\windows\RegisteredPackages\{AA936DF4-2B08-4B1F-B071-72192E287704}\msvidctl.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 1962496 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\quartz.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 1798144 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\qedit.dll
+ 2010-10-24 04:14 . 2003-05-30 07:00 1189888 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dx8vb.dll
+ 2010-10-24 04:14 . 2002-12-11 22:14 1294336 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound3d.dll
+ 2010-10-24 04:14 . 2004-07-09 02:27 1201152 c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\d3d8.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Leebusha\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-5-23 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\EA Sports\\NHL 09\\nhl2009.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [11.7.2009 21:32 13440]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [11.7.2009 21:32 23524]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27.3.2010 1:39 136176]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [17.4.2005 12:30 124608]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.7.2009 17:38 691696]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ERASERUTILDRV11010
*Deregistered* - EraserUtilDrv11010
.
Contents of the 'Scheduled Tasks' folder
2010-10-23 c:\windows\Tasks\Norton Security Scan for Leebusha.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-23 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyServer = http=
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\Leebusha\Application Data\Mozilla\Firefox\Profiles\isi2af5u.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 13:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-725345543-1060284298-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a5,2a,1d,55,e5,ec,17,b9,5e,4d,3b,bb,58,1f,44,8b,64,cc,60,be,12,40,08,
95,cb,ab,62,ca,d3,e3,84,e1,49,30,27,38,78,9a,3f,0f,69,41,f6,b3,83,53,96,88,\
"??"=hex:f0,cf,c3,61,86,c8,e4,1b,43,10,c7,7a,4a,d2,41,14
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(7896)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-24 13:47:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-24 11:47
ComboFix2.txt 2010-10-23 15:57
Pre-Run: 32 905 625 600 bytes free
Post-Run: 15 adresárov, 32 815 132 672 voľných bajtov
- - End Of File - - 5538B70892BC2BA882D60F94D478AE9D
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
Jak se chova PC
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
marilynman
- Návštěvník
- Příspěvky: 127
- Registrován: 14 bře 2006 22:25
- Bydliště: bratislava
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
lepsie , ovela lepsie. myslim ze slape ok
Re: pomoc, napadnuty comp pri spusteni sa mi spustila pesnic
Odinstalujte Combofix
- Start - Spustit (nebo pouzijte klavesobou zkratku Win+R)
- Napiste ComboFix /Uninstall
- Stisknete Enter
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner (viz muj podpis), pri instalaci dejte fajfku pryc u yahoo toolbaruPanel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Vlozte novy log a napiste zda-li jsou s PC jeste problemy..."Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?