Dík. Tu sú tie logy.
aLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:51, on 13. 2. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Windows\PixArt\Pac7311\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.daemon-search.com/startpageR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hp.comO1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel -
res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 7574 bytes
ComboFix 09-02-12.03 - Jana 2009-02-13 9:52:02.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1051.18.2047.1311 [GMT 1:00]
Running from: c:\users\Jana\Desktop\ComboFix.exe
Command switches used :: c:\users\Jana\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\Lic.xxx
c:\windows\System32\eEmpty.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\programdata\Symantec
c:\windows\Lic.xxx
c:\windows\System32\eEmpty.exe
.
((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.
2009-02-12 18:59 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-12 18:59 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-12 18:57 . 2009-02-12 18:57 <DIR> d-------- c:\program files\Trend Micro
2009-02-11 19:47 . 2009-02-11 19:47 626,688 --a------ c:\windows\System32\msvcr80.dll
2009-02-11 19:47 . 2009-02-11 19:47 548,864 --a------ c:\windows\System32\msvcp80.dll
2009-02-11 19:47 . 2005-09-22 23:22 522 --a------ c:\windows\System32\Microsoft.VC80.CRT.manifest
2009-02-11 19:46 . 2009-02-11 19:46 <DIR> d-------- c:\users\All Users\MicroWorld
2009-02-11 19:46 . 2009-02-11 19:46 <DIR> d-------- c:\programdata\MicroWorld
2009-02-10 19:19 . 2009-02-10 19:19 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-05 14:04 . 2009-02-05 14:04 <DIR> d-------- c:\users\All Users\vsosdk
2009-02-05 14:04 . 2009-02-05 14:04 <DIR> d-------- c:\programdata\vsosdk
2009-02-05 12:54 . 2009-02-08 09:42 <DIR> d-------- c:\users\Jana\AppData\Roaming\Vso
2009-02-05 12:54 . 2009-02-05 12:54 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2009-02-05 12:54 . 2009-02-05 12:54 47,360 --a------ c:\users\Jana\AppData\Roaming\pcouffin.sys
2009-02-05 12:53 . 2009-02-05 12:53 <DIR> d-------- c:\program files\DVDFab 5
2009-02-03 16:33 . 2009-02-03 16:33 117,008 --a------ c:\users\Jana\AppData\Roaming\GDIPFONTCACHEV1.DAT
2009-01-24 21:24 . 2009-01-24 21:24 253,952 --------- c:\windows\Setup1.exe
2009-01-24 21:24 . 2009-01-24 21:24 73,216 --a------ c:\windows\ST6UNST.EXE
2009-01-23 14:56 . 2009-01-23 14:55 410,984 --a------ c:\windows\System32\deploytk.dll
2009-01-14 18:38 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 23:08 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-01-13 23:08 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-01-13 23:08 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-01-13 23:08 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-01-13 23:08 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-01-13 23:08 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-01-13 23:08 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-01-13 23:08 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-01-13 23:01 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-01-13 23:01 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-01-13 23:01 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-13 23:00 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-01-13 23:00 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-01-13 22:34 . 2009-01-13 22:34 <DIR> d-------- c:\windows\PrimoPDF4
2009-01-13 22:34 . 2006-12-11 22:12 176,235 --a------ c:\windows\System32\Primomonnt.dll
2009-01-13 22:19 . 2009-01-13 22:19 <DIR> d-------- C:\inetpub
2009-01-13 21:20 . 2009-01-13 21:27 <DIR> d-------- c:\program files\MSECACHE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 19:37 --------- d-----w c:\programdata\Microsoft Help
2009-02-12 19:35 --------- d-----w c:\program files\Windows Mail
2009-02-10 20:02 --------- d-----w c:\users\Deti\AppData\Roaming\Skype
2009-02-10 17:10 --------- d-----w c:\users\Deti\AppData\Roaming\skypePM
2009-02-08 14:59 --------- d-----w c:\users\Deti\AppData\Roaming\ICQ
2009-02-02 11:09 --------- d-----w c:\program files\ESET
2009-01-24 20:21 --------- d-----w c:\users\Jana\AppData\Roaming\skypePM
2009-01-24 20:21 --------- d-----w c:\users\Jana\AppData\Roaming\Skype
2009-01-23 13:55 --------- d-----w c:\program files\Java
2009-01-14 17:28 --------- d-----w c:\program files\Spyware Terminator
2009-01-12 12:35 --------- d-----w c:\program files\CCleaner
2009-01-08 18:05 --------- d-----w c:\users\Deti\AppData\Roaming\Audacity
2009-01-05 22:33 3,751,995 ----a-w c:\windows\System32\GPhotos.scr
2009-01-01 15:04 --------- d-----w c:\users\Deti\AppData\Roaming\Winamp
2008-12-28 12:24 --------- d-----w c:\users\Deti\AppData\Roaming\vlc
2008-12-27 20:05 --------- d-----w c:\program files\Zuma Deluxe
2008-12-27 20:05 --------- d-----w c:\program files\PopCap Games
2008-12-27 14:16 --------- d-----w c:\users\Jana\AppData\Roaming\GHISLER
2008-12-26 10:48 --------- d-----w c:\users\Jana\AppData\Roaming\dvdcss
2008-12-25 18:44 --------- d-----w c:\users\Deti\AppData\Roaming\Happy Foto
2008-12-22 16:38 230,432 ----a-w C:\PA7311.DAT
2008-12-19 16:47 --------- d-----w c:\programdata\Roxio
2008-12-16 20:06 --------- d-----w c:\users\Jana\AppData\Roaming\ICQ
2008-11-06 16:35 30 ----a-w c:\users\Deti\jagex_runescape_preferences.dat
2008-07-25 18:15 174 --sha-w c:\program files\desktop.ini
2008-07-20 09:55 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-07-20 09:55 56 ---ha-w c:\programdata\ezsidmv.dat
2008-05-23 05:19 32 ----a-w c:\users\All Users\ezsid.dat
2008-05-23 05:19 32 ----a-w c:\programdata\ezsid.dat
2008-05-22 16:42 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-07-25 20:03 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008072520080726\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-02-12_19.21.12.69 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-14 19:18:28 1,165,584 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-12 19:37:04 1,165,584 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2009-01-14 19:18:29 20,240 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-02-12 19:37:04 20,240 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-01-14 19:18:29 217,864 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2009-02-12 19:37:04 217,864 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2009-01-14 19:18:29 18,704 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-02-12 19:37:04 18,704 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-14 19:18:29 35,088 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-02-12 19:37:04 35,088 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-01-14 19:18:29 845,584 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-02-12 19:37:04 845,584 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2009-01-14 19:18:29 922,384 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-02-12 19:37:04 922,384 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2009-01-14 19:18:29 272,648 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-02-12 19:37:04 272,648 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2009-01-14 19:18:29 888,080 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-02-12 19:37:04 888,080 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-01-14 19:18:29 1,172,240 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-02-12 19:37:04 1,172,240 ----a-r c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-02-12 17:51:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-13 08:36:13 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-02-12 17:51:21 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-02-13 08:36:15 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-12 17:52:22 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-13 08:37:51 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-13 08:37:51 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-02-12 17:53:13 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-13 08:37:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-13 08:37:56 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-03 18:14:47 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-12 19:37:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-03 18:14:47 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-12 19:37:30 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-03 18:14:47 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-12 19:37:30 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-12 18:18:05 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-13 08:51:31 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2008-10-16 04:47:29 6,068,736 ----a-w c:\windows\System32\ieframe.dll
+ 2009-01-15 06:07:53 6,069,248 ----a-w c:\windows\System32\ieframe.dll
- 2008-10-16 04:47:29 270,336 ----a-w c:\windows\System32\iertutil.dll
+ 2009-01-15 06:07:53 270,336 ----a-w c:\windows\System32\iertutil.dll
- 2008-10-16 04:47:30 28,160 ----a-w c:\windows\System32\jsproxy.dll
+ 2009-01-15 06:08:05 28,160 ----a-w c:\windows\System32\jsproxy.dll
- 2008-01-19 07:34:58 458,240 ----a-w c:\windows\System32\msfeeds.dll
+ 2009-01-15 06:08:34 458,240 ----a-w c:\windows\System32\msfeeds.dll
- 2008-12-12 05:52:52 3,578,880 ----a-w c:\windows\System32\mshtml.dll
+ 2009-01-15 06:08:35 3,580,416 ----a-w c:\windows\System32\mshtml.dll
- 2008-10-16 04:47:32 671,232 ----a-w c:\windows\System32\mstime.dll
+ 2009-01-15 06:08:50 671,232 ----a-w c:\windows\System32\mstime.dll
- 2009-02-12 17:58:57 121,666 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-13 08:42:19 125,496 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-12 17:58:57 32,176 ----a-w c:\windows\System32\perfc01B.dat
+ 2009-02-13 08:42:19 32,176 ----a-w c:\windows\System32\perfc01B.dat
- 2009-02-12 17:58:57 652,862 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-13 08:42:19 656,692 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-12 17:58:57 98,422 ----a-w c:\windows\System32\perfh01B.dat
+ 2009-02-13 08:42:19 98,422 ----a-w c:\windows\System32\perfh01B.dat
- 2009-02-12 17:57:06 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-02-12 22:17:50 6,291,456 ----a-w c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-10-16 04:47:34 1,166,336 ----a-w c:\windows\System32\urlmon.dll
+ 2009-01-15 06:11:05 1,166,336 ----a-w c:\windows\System32\urlmon.dll
- 2009-02-12 17:53:15 15,488 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2454127258-88638492-652577630-1006_UserData.bin
+ 2009-02-13 08:38:05 15,488 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2454127258-88638492-652577630-1006_UserData.bin
- 2009-02-12 17:53:15 86,238 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-13 08:38:04 86,380 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-12 17:53:13 59,714 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-13 08:38:03 59,714 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-12 17:58:17 191,467,837 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-02-12 19:37:08 191,620,667 ----a-w c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-01-15 04:15:58 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.16809_none_a9ee2d39f5a1db5c\advpack.dll
+ 2009-01-15 04:14:44 124,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_6.0.6000.20996_none_aa1379db0f0b2a9a\advpack.dll
+ 2009-01-15 04:16:02 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.16809_none_ebe936e9163ac15b\pngfilt.dll
+ 2009-01-15 04:18:35 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_6.0.6000.20996_none_ec0e838a2fa41099\pngfilt.dll
+ 2009-01-15 04:16:03 1,160,192 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.16809_none_b305df9bd99b38bf\urlmon.dll
+ 2009-01-15 04:19:06 1,163,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.20996_none_b32b2c3cf30487fd\urlmon.dll
+ 2009-01-15 06:11:05 1,166,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18203_none_b4e61c85d6c731a6\urlmon.dll
+ 2009-01-16 04:59:50 1,166,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.22355_none_b53baa48f00b8fd3\urlmon.dll
+ 2009-01-15 04:16:01 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.16809_none_dee86e647f43f82e\mstime.dll
+ 2009-01-15 04:17:12 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6000.20996_none_df0dbb0598ad476c\mstime.dll
+ 2009-01-15 06:08:50 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.18203_none_e0c8ab4e7c6ff115\mstime.dll
+ 2009-01-16 04:57:07 671,232 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_6.0.6001.22355_none_e11e391195b44f42\mstime.dll
+ 2009-01-15 04:16:00 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\jsproxy.dll
+ 2009-01-15 04:16:03 826,368 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\wininet.dll
+ 2009-01-15 04:16:03 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\WininetPlugin.dll
+ 2009-01-15 04:16:04 27,648 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\jsproxy.dll
+ 2009-01-15 04:19:13 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\wininet.dll
+ 2009-01-15 04:19:13 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\WininetPlugin.dll
+ 2009-01-15 06:08:05 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\jsproxy.dll
+ 2009-01-15 06:11:16 827,392 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\wininet.dll
+ 2009-01-16 04:56:01 28,160 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\jsproxy.dll
+ 2009-01-16 05:00:04 827,904 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\wininet.dll
+ 2009-01-16 05:00:04 64,512 ----a-w c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\WininetPlugin.dll
+ 2009-01-15 04:16:00 383,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.16809_none_f9b4de176e8fd9a5\ieapfltr.dll
+ 2009-01-15 04:15:42 380,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_6.0.6000.20996_none_f9da2ab887f928e3\ieapfltr.dll
+ 2009-01-15 04:15:59 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16809_none_95e916cf84755fd3\dxtmsft.dll
+ 2009-01-15 04:15:59 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.16809_none_95e916cf84755fd3\dxtrans.dll
+ 2009-01-15 04:15:22 347,136 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20996_none_960e63709ddeaf11\dxtmsft.dll
+ 2009-01-15 04:15:22 214,528 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_6.0.6000.20996_none_960e63709ddeaf11\dxtrans.dll
+ 2009-01-15 04:16:00 459,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.16809_none_5e09520c3d47b20a\msfeeds.dll
+ 2009-01-15 04:16:41 459,264 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6000.20996_none_5e2e9ead56b10148\msfeeds.dll
+ 2009-01-15 06:08:34 458,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.18203_none_5fe98ef63a73aaf1\msfeeds.dll
+ 2009-01-16 04:56:39 458,240 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_6.0.6001.22355_none_603f1cb953b8091e\msfeeds.dll
+ 2009-01-15 04:16:00 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.16809_none_464bb12746361260\mshtmled.dll
+ 2009-01-15 04:16:46 477,696 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_6.0.6000.20996_none_4670fdc85f9f619e\mshtmled.dll
+ 2009-01-15 04:16:00 3,594,752 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.16809_none_1165da5c24fac888\mshtml.dll
+ 2009-01-15 04:16:45 3,596,288 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6000.20996_none_118b26fd3e6417c6\mshtml.dll
+ 2009-01-15 06:08:35 3,580,416 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18203_none_134617462226c16f\mshtml.dll
+ 2009-01-16 04:56:43 3,580,928 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.22355_none_139ba5093b6b1f9c\mshtml.dll
+ 2009-01-15 04:16:00 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.16809_none_58be4726670f5491\icardie.dll
+ 2009-01-15 04:15:42 63,488 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_6.0.6000.20996_none_58e393c78078a3cf\icardie.dll
+ 2009-01-15 04:15:30 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\ieUnatt.exe
+ 2009-01-15 04:14:36 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
+ 2009-01-15 02:05:46 26,624 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\ieUnatt.exe
+ 2009-01-15 04:18:47 634,024 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
+ 2009-01-15 04:16:00 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\iertutil.dll
+ 2009-01-15 04:16:02 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16809_none_45c672198f557daf\sqmapi.dll
+ 2009-01-15 04:15:44 267,776 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_45ebbebaa8becced\iertutil.dll
+ 2009-01-15 04:18:57 134,144 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.20996_none_45ebbebaa8becced\sqmapi.dll
+ 2009-01-15 06:07:53 270,336 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_none_47a6af038c817696\iertutil.dll
+ 2009-01-16 04:55:51 270,848 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_47fc3cc6a5c5d4c3\iertutil.dll
+ 2009-01-16 04:59:31 129,536 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.22355_none_47fc3cc6a5c5d4c3\sqmapi.dll
+ 2009-01-15 04:15:30 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\ie4uinit.exe
+ 2009-01-15 04:16:00 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\iernonce.dll
+ 2009-01-15 04:16:00 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.16809_none_c3f37ce4614a96da\iesetup.dll
+ 2009-01-15 02:05:40 70,656 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\ie4uinit.exe
+ 2009-01-15 04:15:44 44,544 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\iernonce.dll
+ 2009-01-15 04:15:44 56,320 ----a-w c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_6.0.6000.20996_none_c418c9857ab3e618\iesetup.dll
+ 2009-01-15 04:16:00 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.16809_none_2a18935467fa6c37\iebrshim.dll
+ 2009-01-15 04:15:42 52,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-iebrshim_31bf3856ad364e35_6.0.6000.20996_none_2a3ddff58163bb75\iebrshim.dll
+ 2009-01-15 04:16:00 6,066,688 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16809_none_62c5345fb0f056b5\ieframe.dll
+ 2009-01-15 04:16:00 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.16809_none_62c5345fb0f056b5\ieui.dll
+ 2009-01-15 04:15:44 6,068,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20996_none_62ea8100ca59a5f3\ieframe.dll
+ 2009-01-15 04:15:44 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6000.20996_none_62ea8100ca59a5f3\ieui.dll
+ 2009-01-15 06:07:53 6,069,248 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.18203_none_64a57149ae1c4f9c\ieframe.dll
+ 2009-01-16 04:55:51 6,070,784 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22355_none_64faff0cc760adc9\ieframe.dll
+ 2009-01-16 04:55:51 180,736 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_6.0.6001.22355_none_64faff0cc760adc9\ieui.dll
+ 2009-01-15 04:15:30 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.16809_none_e6bea0de9473aaed\ieinstal.exe
+ 2009-01-15 02:05:59 263,168 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_6.0.6000.20996_none_e6e3ed7faddcfa2b\ieinstal.exe
+ 2009-01-15 04:15:30 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.16809_none_0b66d5fad6ee6a9f\ieuser.exe
+ 2009-01-15 02:06:01 301,568 ----a-w c:\windows\winsxs\x86_microsoft-windows-ieuser_31bf3856ad364e35_6.0.6000.20996_none_0b8c229bf057b9dd\ieuser.exe
+ 2009-01-09 23:21:31 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16808_none_f0a9e19a6e4c873c\OESpamFilter.dat
+ 2009-01-08 23:21:51 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20995_none_f0cf2e3b87b5d67a\OESpamFilter.dat
+ 2009-01-08 23:21:09 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18202_none_f28a1e846b788023\OESpamFilter.dat
+ 2009-01-08 23:21:04 2,410,800 ----a-w c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22353_none_f2deabfd84bdc4f9\OESpamFilter.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 833072]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 317128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-06-11 163840]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-07-25 2776576]
"Monitor"="c:\windows\PixArt\PAC7311\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-23 136600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 17:04 49152 c:\windows\System32\DeviceNP.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Auto run of VideoCam Suite 1.0.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk
backup=c:\windows\pss\Auto run of VideoCam Suite 1.0.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
--a------ 2008-04-15 12:42 70912 c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BA417191-CD31-472D-822A-32A3A505C111}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{F2EA5B9B-76B5-42F0-91FE-9AC58FDFDF6B}c:\\program files\\icq6\\icq.exe"= Disabled:UDP:c:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{D9D8762E-28AC-42A8-9B45-EA8B086081E7}c:\\program files\\icq6\\icq.exe"= Disabled:TCP:c:\program files\icq6\icq.exe:ICQ Library
"{9ED79A84-2049-4848-8F1F-0E81124DB244}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{306BA4D5-1FAC-4AA3-BA40-45E4857E958B}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb
"{7F4F9C34-CFB4-422E-A37A-248A9DC485CF}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{401704EC-3803-4204-8152-7AB6EC49A848}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{5B984C0B-C913-4B9A-8AEB-3198DD1CCDCD}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{266A2977-85D7-4AF7-9CEC-B0977A1B9409}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{4ABE43F0-651F-467A-8C7C-1E3CCC33A46C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5AFFF8C1-2DA2-467B-8625-9D0014B4B5BA}c:\\program files\\valve\\hltv.exe"= UDP:c:\program files\valve\hltv.exe:HLTV Launcher
"UDP Query User{4820F6AC-BE89-49BF-9620-35A5373B5158}c:\\program files\\valve\\hltv.exe"= TCP:c:\program files\valve\hltv.exe:HLTV Launcher
"TCP Query User{E742A376-73C2-456D-88F1-8AB059908C5D}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{62E107F4-7B93-4BC3-8870-99530514066B}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{219497E7-76D2-4395-9839-6D61C0B0996C}c:\\users\\deti\\desktop\\hry\\flat out 2\\flatout2.exe"= UDP:c:\users\deti\desktop\hry\flat out 2\flatout2.exe:flatout2.exe
"UDP Query User{1690DE48-D43D-4BB3-B3DA-0B9202FFFC8D}c:\\users\\deti\\desktop\\hry\\flat out 2\\flatout2.exe"= TCP:c:\users\deti\desktop\hry\flat out 2\flatout2.exe:flatout2.exe
"{A271B0DD-EA42-4DE3-BD75-2258F0BFFA34}"= UDP:c:\users\Jana\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{6C8D0F44-0DDC-43BE-A4E0-45F122C09127}"= TCP:c:\users\Jana\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"TCP Query User{E8444593-6245-4540-A1AB-D0187F3218A3}c:\\users\\deti\\desktop\\hry\\cs 1.6\\hl.exe"= UDP:c:\users\deti\desktop\hry\cs 1.6\hl.exe:hl.exe
"UDP Query User{CC2159BA-B261-45B8-BD41-8A517204A628}c:\\users\\deti\\desktop\\hry\\cs 1.6\\hl.exe"= TCP:c:\users\deti\desktop\hry\cs 1.6\hl.exe:hl.exe
"TCP Query User{DCB58BA5-5FD2-40DF-9D09-4219F725B38E}c:\\program files\\unreal anthology\\ut2004\\system\\ut2004.exe"= UDP:c:\program files\unreal anthology\ut2004\system\ut2004.exe:UT2004
"UDP Query User{7E10DC12-8682-4EAB-A38E-05A13CA6BA09}c:\\program files\\unreal anthology\\ut2004\\system\\ut2004.exe"= TCP:c:\program files\unreal anthology\ut2004\system\ut2004.exe:UT2004
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2008-07-01 34312]
R1 PSched;QoS Packet Scheduler;c:\windows\System32\drivers\pacer.sys [2008-07-26 72192]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [2008-08-06 138624]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2007-09-03 540448]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2006-11-02 167936]
S3 DAMDrv;DAMDrv;c:\windows\System32\drivers\DAMDrv.sys [2007-09-03 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\System32\flcdlock.exe [2007-06-08 172131]
S3 PAC7311;VGA SoC PC-Camera;c:\windows\System32\drivers\PA707UCM.SYS [2006-11-08 530304]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-01-13 c:\windows\Tasks\HPCeeScheduleForJana.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-06-15 22:46]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.daemon-search.com/startpageuDefault_Search_URL =
hxxp://www.google.com/iemStart Page =
hxxp://www.hp.comuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\Microsoft Office\Office10\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\vkf2tqpt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.zoznam.sk/FF - prefs.js: keyword.URL -
hxxp://search.icq.com/search/afe_result ... id=afex&q=FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-13 09:54:53
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
Completion time: 2009-02-13 9:57:47
ComboFix-quarantined-files.txt 2009-02-13 08:57:45
Pre-Run: 128 435 462 144 bytes free
Post-Run: 128,407,429,120 bytes free
371 --- E O F --- 2009-02-12 19:37:48