Dobre odpoledne,
avast mi nalezl tyto infikace, nektere nelzou ani presunout do truhly ci smazat:
Win32:Patched-LF (Trj), Win32:Malware-gen, Win32:Trojan-gen, Win32:ScramEPL (Cryp) ...
Prikladam log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ája a mamča a taťka at 2010-02-05 15:44:52
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (8%) free of 148 GB
Total RAM: 959 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:55, on 5.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Ája a mamča a taťka\Desktop\RSIT.exe
C:\Program Files\trend micro\Ája a mamča a taťka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: D'Accord Music Software Toolbar - {c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: D'Accord Music Software Toolbar - {c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JAAMAM~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg
--
End of file - 7051 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P1.dll [2009-11-13 2166296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]
D'Accord Music Software Toolbar - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll [2009-10-27 2325528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P1.dll [2009-11-13 2166296]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL []
{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - D'Accord Music Software Toolbar - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll [2009-10-27 2325528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-29 344064]
"ULiRaid"=C:\Program Files\ULi5287\ULi5287.exe [2005-08-24 409600]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-08-26 111928]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-29 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\Ája a mamča a taťka\Desktop\bulanci.exe"="C:\Documents and Settings\Ája a mamča a taťka\Desktop\bulanci.exe:*:Enabled:bulanci"
"C:\Documents and Settings\ddddd\Desktop\bulanci.exe"="C:\Documents and Settings\ddddd\Desktop\bulanci.exe:*:Enabled:bulanci"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\Ája a mamča a taťka\Desktop\ComboFix.exe"="C:\Documents and Settings\Ája a mamča a taťka\Desktop\ComboFix.exe:*:Enabled:ComboFix"
"C:\Documents and Settings\ddddd\Desktop\Wowko 2\WoW-3.2.0-enUS-downloader.exe"="C:\Documents and Settings\ddddd\Desktop\Wowko 2\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\ddddd\Desktop\Wowko 2\Launcher.exe"="C:\Documents and Settings\ddddd\Desktop\Wowko 2\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\ddddd\Desktop\VoipBuster\VoipBuster.exe"="C:\Documents and Settings\ddddd\Desktop\VoipBuster\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\Documents and Settings\ddddd\Desktop\hry dan\wowko\World of Wacraft\Database\bin\mysqld-nt.exe"="C:\Documents and Settings\ddddd\Desktop\hry dan\wowko\World of Wacraft\Database\bin\mysqld-nt.exe:*:Disabled:mysqld-nt"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-05 15:29:57 ----SD---- C:\ComboFix
2010-02-04 14:53:20 ----A---- C:\WINDOWS\NCLogConfig.ini
2010-02-02 17:43:26 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-01 08:16:02 ----A---- C:\WINDOWS\_MSRSTRT.EXE
2010-01-24 16:55:19 ----D---- C:\Program Files\Free MP3 Sound Recorder
2010-01-24 16:55:19 ----A---- C:\WINDOWS\system32\NCTAudioVisualization2.dll
2010-01-24 16:55:19 ----A---- C:\WINDOWS\system32\NCTAudioRecord2.dll
2010-01-24 16:55:19 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2010-01-13 19:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 19:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
======List of files/folders modified in the last 1 months======
2010-02-05 15:44:53 ----D---- C:\Program Files\trend micro
2010-02-05 15:40:23 ----D---- C:\Documents and Settings\Ája a mamča a taťka\Application Data\skypePM
2010-02-05 15:40:20 ----D---- C:\Documents and Settings\Ája a mamča a taťka\Application Data\Skype
2010-02-05 15:39:51 ----D---- C:\WINDOWS\Prefetch
2010-02-05 15:39:40 ----SHD---- C:\WINDOWS\Installer
2010-02-05 15:39:40 ----D---- C:\Config.Msi
2010-02-05 15:37:23 ----D---- C:\Program Files\Mozilla Firefox
2010-02-05 15:30:18 ----D---- C:\WINDOWS
2010-02-05 15:29:58 ----D---- C:\Qoobox
2010-02-05 14:38:36 ----D---- C:\WINDOWS\Temp
2010-02-04 10:49:27 ----D---- C:\WINDOWS\Registration
2010-02-04 00:27:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-02 17:51:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-02 17:43:52 ----D---- C:\WINDOWS\system32\drivers
2010-02-02 17:43:50 ----D---- C:\WINDOWS\system32
2010-02-01 08:25:01 ----RD---- C:\Program Files
2010-02-01 08:12:48 ----D---- C:\WINDOWS\system
2010-01-29 21:21:06 ----HD---- C:\WINDOWS\inf
2010-01-22 06:57:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 06:57:56 ----D---- C:\WINDOWS\system32\en-US
2010-01-22 06:57:56 ----D---- C:\Program Files\Internet Explorer
2010-01-22 06:57:45 ----D---- C:\WINDOWS\ie7updates
2010-01-22 06:07:09 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 19:04:22 ----D---- C:\Program Files\ICQ6.5
2010-01-21 18:56:20 ----RD---- C:\Program Files\Skype
2010-01-19 07:01:48 ----D---- C:\Documents and Settings
2010-01-19 07:01:32 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt
2010-01-14 06:13:43 ----D---- C:\WINDOWS\Debug
2010-01-14 05:52:26 ----D---- C:\WINDOWS\AppPatch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2009-10-12 2996]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-09-15 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-08 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 TotRec7;Total Recorder WDM audio driver; C:\WINDOWS\system32\drivers\TotRec7.sys [2009-03-02 127496]
R3 ULI5261XP;ULi M526X Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-23 28672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-20 25280]
S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture; C:\WINDOWS\system32\drivers\HCWUSB2AV.sys [2008-06-26 150784]
S3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2007-02-06 185728]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-29 376832]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
andrea.benackova
- Návštěvník
- Příspěvky: 9
- Registrován: 14 lis 2009 20:34
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
Hezké odpoledne 
V kterých souborech vir našel?
Vy jste spouštěl/a combofix?
V kterých souborech vir našel?
Vy jste spouštěl/a combofix?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
andrea.benackova
- Návštěvník
- Příspěvky: 9
- Registrován: 14 lis 2009 20:34
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
Dekuji za brzkou odpoved. Ne Combifix jsem jeste nespoustela, jen RSIT. Bude Vam stacit tento print screen z truhly avastu?
- Přílohy
-
- vypis.JPG
- (137.07 KiB) Staženo 319 x
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
Nestačí, když Vám je nesmaže ani nepřesune do karanteny, tak tam nejsou vidět 
. To bude napsané v logu, nicméně spustte combofix
Zazálohujte si důležitá data, pro jistotu
Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
. To bude napsané v logu, nicméně spustte combofix Zazálohujte si důležitá data, pro jistotu Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe -souhlaste s instalací konzole pro zotavení
- ComboFix je třeba spustit pod účtem s právy administrátora
- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano
- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna
- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
andrea.benackova
- Návštěvník
- Příspěvky: 9
- Registrován: 14 lis 2009 20:34
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
ehm neocekavane.. Nicmene zde je log z ComboFix:ComboFix 10-02-04.07 - Ája a mamča a taťka 05.02.2010 16:18:19.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.959.460 [GMT 1:00]
Spuštěný z: c:\documents and settings\Ája a mamča a taťka\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100204-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\SIntf16.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-05 do 2010-02-05 )))))))))))))))))))))))))))))))
.
2010-02-02 16:43 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-02 16:43 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-02 16:43 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-02 16:43 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-02-02 16:43 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-02 16:43 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-02 16:43 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-02 16:43 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-02 16:43 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-01 07:16 . 2010-02-01 07:16 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-01-24 15:55 . 2010-01-24 15:55 -------- d-----w- c:\program files\Free MP3 Sound Recorder
2010-01-24 15:55 . 2004-12-02 17:20 1843200 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2010-01-24 15:55 . 2004-08-25 12:53 311296 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2010-01-24 15:55 . 2004-05-20 12:07 335872 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2010-01-21 18:48 . 2010-02-05 14:03 -------- d-----w- c:\documents and settings\ddddd\Application Data\skypePM
2010-01-21 17:56 . 2010-02-05 14:27 -------- d-----w- c:\documents and settings\ddddd\Application Data\Skype
2010-01-13 15:35 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 15:23 . 2009-09-10 05:24 -------- d-----w- c:\program files\ICQ6.5
2010-02-05 14:55 . 2009-11-14 19:25 -------- d-----w- c:\program files\trend micro
2010-02-04 14:18 . 2008-06-27 08:46 -------- d-----w- c:\documents and settings\ddddd\Application Data\Image Zone Express
2010-02-04 13:53 . 2008-06-27 08:45 -------- d-----w- c:\documents and settings\ddddd\Application Data\HP
2010-01-29 13:27 . 2008-06-27 11:43 -------- d-----w- c:\documents and settings\ddddd\Application Data\ICQ
2010-01-21 17:56 . 2008-06-27 09:59 -------- d-----r- c:\program files\Skype
2010-01-05 10:00 . 2004-08-10 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-10 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-10 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-21 17:15 . 2008-10-25 19:14 -------- d-----w- c:\program files\Kat MP3 Recorder
2009-12-02 08:29 . 2009-12-02 08:28 8 ----a-w- c:\documents and settings\All Users\Application Data\VGANGMJYMWPP.SYS
2009-12-02 08:29 . 2009-12-02 08:28 8 ----a-w- c:\documents and settings\All Users\Application Data\VGANGMJYMWPP.SYS
2009-11-28 15:17 . 2009-11-28 15:17 304160 ----a-w- C:\StiImg.dat
2009-11-27 10:32 . 2008-06-27 08:45 24720 ----a-w- c:\documents and settings\ddddd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2004-08-10 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 19:16 . 2008-08-10 14:45 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-07-28 08:48 . 2009-07-28 08:48 1878888 ----a-w- c:\program files\install_flash_player.exe
1999-04-23 22:22 . 1999-04-23 22:22 12 --sha-w- c:\windows\system\WININETICMP32.drv
.
((((((((((((((((((((((((((((( SnapShot@2009-11-15_21.59.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-01 05:16 . 2010-02-01 05:16 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat
+ 2008-06-27 08:17 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2008-06-27 08:17 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
- 2004-08-10 12:00 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-10 12:00 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
- 2004-08-10 12:00 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2004-08-10 12:00 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-10 12:00 . 2009-12-10 13:07 83316 c:\windows\system32\perfc009.dat
- 2004-08-10 12:00 . 2009-10-25 14:52 83316 c:\windows\system32\perfc009.dat
- 2007-08-13 16:54 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 16:54 . 2010-01-05 10:00 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 16:39 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 16:39 . 2009-12-31 15:33 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-10 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\iernonce.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll
+ 2004-08-10 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-10 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-13 16:36 . 2010-01-05 10:00 63488 c:\windows\system32\icardie.dll
- 2007-08-13 16:36 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll
+ 2004-08-10 12:00 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
+ 2004-08-10 12:00 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
- 2004-08-10 12:00 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-27 08:32 . 2010-01-05 10:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-06-27 08:32 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-06-27 08:32 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-06-27 08:32 . 2009-12-31 15:33 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-10 12:00 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2010-01-05 10:00 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 18:09 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-10 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-10 12:00 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-06-27 08:32 . 2010-01-05 10:00 63488 c:\windows\system32\dllcache\icardie.dll
- 2008-06-27 08:32 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-29 16:12 . 2010-01-05 10:00 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-06-29 16:12 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-11-26 14:09 . 2009-11-26 14:09 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
+ 2009-11-20 14:23 . 2009-11-20 14:23 22486 c:\windows\Installer\{E3E8EBA5-EB96-4C1F-A2CB-FD4DC3FB0BEE}\MySQLServer.exe
+ 2009-11-20 14:23 . 2009-11-20 14:23 23558 c:\windows\Installer\{E3E8EBA5-EB96-4C1F-A2CB-FD4DC3FB0BEE}\MysqlCmdShell.exe
+ 2009-11-20 14:23 . 2009-11-20 14:23 22486 c:\windows\Installer\{E3E8EBA5-EB96-4C1F-A2CB-FD4DC3FB0BEE}\InstConfIcon.exe
+ 2010-01-22 05:57 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-01-22 05:57 . 2009-10-28 14:36 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-01-22 05:57 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-01-22 05:57 . 2009-10-28 14:36 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-01-22 05:57 . 2009-10-29 07:46 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 17408 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB976325-IE7\pngfilt.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 52224 c:\windows\ie7updates\KB976325-IE7\msfeedsbs.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 27648 c:\windows\ie7updates\KB976325-IE7\jsproxy.dll
+ 2009-12-09 19:14 . 2009-08-28 10:28 13824 c:\windows\ie7updates\KB976325-IE7\ieudinit.exe
+ 2009-12-09 19:14 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB976325-IE7\iernonce.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 78336 c:\windows\ie7updates\KB976325-IE7\ieencode.dll
+ 2009-12-09 19:14 . 2009-08-28 10:28 70656 c:\windows\ie7updates\KB976325-IE7\ie4uinit.exe
+ 2009-12-09 19:14 . 2009-08-29 07:36 63488 c:\windows\ie7updates\KB976325-IE7\icardie.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 17408 c:\windows\ie7updates\KB976325-IE7\corpol.dll
+ 2009-11-26 14:10 . 2009-07-14 11:03 46080 c:\windows\$NtUninstallKB976098-v2$\tzchange.exe
+ 2009-11-26 14:10 . 2009-10-29 02:03 16896 c:\windows\$NtUninstallKB976098-v2$\spuninst\tzchange.dll
+ 2009-12-09 19:15 . 2008-04-14 00:12 79872 c:\windows\$NtUninstallKB974318$\raschap.dll
+ 2009-12-09 19:15 . 2008-04-14 00:12 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll
+ 2009-12-09 19:15 . 2008-04-14 00:11 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976325-IE7\update\spcustom.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB976325-IE7\spmsg.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\pngfilt.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 52224 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeedsbs.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 27648 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\jsproxy.dll
+ 2009-10-28 14:05 . 2009-10-28 14:05 13824 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieudinit.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 44544 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iernonce.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 78336 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieencode.dll
+ 2009-10-28 14:05 . 2009-10-28 14:05 70656 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ie4uinit.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 63488 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\icardie.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 17408 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\corpol.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2009-12-09 19:15 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2009-12-09 19:15 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 13:28 . 2009-10-12 13:28 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973904\update\spcustom.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB973904\spmsg.dll
+ 2009-11-26 14:10 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll
+ 2009-11-26 14:10 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973687\spmsg.dll
+ 2009-12-09 19:14 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971737\update\spcustom.dll
+ 2009-12-09 19:14 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971737\spmsg.dll
+ 2009-12-09 19:15 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2009-12-09 19:15 . 2009-05-26 11:40 17272 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-10-21 05:40 . 2009-10-21 05:40 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2010-02-01 07:16 . 2010-02-01 07:16 2560 c:\windows\_MSRSTRT.EXE
+ 2004-08-10 12:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 233472 c:\windows\system32\webcheck.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 105984 c:\windows\system32\url.dll
- 2004-08-10 12:00 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll
+ 2004-08-10 12:00 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
+ 2004-08-10 12:00 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
- 2004-08-10 12:00 . 2009-10-25 14:52 471340 c:\windows\system32\perfh009.dat
+ 2004-08-10 12:00 . 2009-12-10 13:07 471340 c:\windows\system32\perfh009.dat
+ 2004-08-10 12:00 . 2010-01-05 10:00 102912 c:\windows\system32\occache.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll
+ 2004-08-10 12:00 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
- 2004-08-10 12:00 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 671232 c:\windows\system32\mstime.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 193024 c:\windows\system32\msrating.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 16:54 . 2010-01-05 10:00 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 16:54 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 16:34 . 2010-01-05 10:00 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 16:34 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 192512 c:\windows\system32\iepeers.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 10:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 10:27 . 2010-01-05 10:00 380928 c:\windows\system32\ieapfltr.dll
- 2004-08-10 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
+ 2004-08-10 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 153088 c:\windows\system32\ieakeng.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll
+ 2008-06-26 12:48 . 2009-11-21 14:59 130888 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-10 12:00 . 2010-01-05 10:00 133120 c:\windows\system32\extmgr.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 214528 c:\windows\system32\dxtrans.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-10 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
- 2004-08-10 12:00 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 105984 c:\windows\system32\dllcache\url.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-27 08:32 . 2010-01-05 10:00 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-27 08:32 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-26 20:08 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2008-06-26 20:08 . 2009-12-18 13:05 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2008-06-27 08:32 . 2010-01-05 10:00 268288 c:\windows\system32\dllcache\iertutil.dll
- 2008-06-27 08:32 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 192512 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-06-27 08:32 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-06-27 08:32 . 2010-01-05 10:00 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-10 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-10 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2004-08-10 12:00 . 2010-01-05 10:00 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll
+ 2008-07-22 16:35 . 2010-02-02 16:40 319488 c:\windows\system32\config\systemprofile\ntuser.dat
- 2008-07-22 16:35 . 2008-07-22 16:35 319488 c:\windows\system32\config\systemprofile\ntuser.dat
- 2004-08-10 12:00 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 124928 c:\windows\system32\advpack.dll
+ 2009-11-26 14:09 . 2009-11-26 14:09 429568 c:\windows\Installer\16618a2.msi
+ 2010-02-05 14:39 . 2010-02-05 14:39 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2009-09-03 19:55 . 2009-09-03 19:55 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2010-01-22 05:57 . 2009-10-29 07:46 832512 c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-01-22 05:57 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-01-22 05:57 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-01-22 05:57 . 2009-10-29 07:46 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-01-22 05:57 . 2009-10-28 06:54 634632 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-01-22 05:57 . 2009-10-29 07:46 268288 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-01-22 05:57 . 2007-08-13 16:54 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 385024 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 380928 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-01-22 05:57 . 2009-10-28 06:52 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 832512 c:\windows\ie7updates\KB976325-IE7\wininet.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 233472 c:\windows\ie7updates\KB976325-IE7\webcheck.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 105984 c:\windows\ie7updates\KB976325-IE7\url.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976325-IE7\spuninst\updspapi.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976325-IE7\spuninst\spuninst.exe
+ 2009-12-09 19:14 . 2009-08-29 07:36 102912 c:\windows\ie7updates\KB976325-IE7\occache.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 671232 c:\windows\ie7updates\KB976325-IE7\mstime.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 193024 c:\windows\ie7updates\KB976325-IE7\msrating.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 477696 c:\windows\ie7updates\KB976325-IE7\mshtmled.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 459264 c:\windows\ie7updates\KB976325-IE7\msfeeds.dll
+ 2009-12-09 19:14 . 2009-08-27 05:18 634648 c:\windows\ie7updates\KB976325-IE7\iexplore.exe
+ 2009-12-09 19:14 . 2009-08-29 07:36 268288 c:\windows\ie7updates\KB976325-IE7\iertutil.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 385024 c:\windows\ie7updates\KB976325-IE7\iedkcs32.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 380928 c:\windows\ie7updates\KB976325-IE7\ieapfltr.dll
+ 2009-12-09 19:14 . 2009-08-27 05:18 161792 c:\windows\ie7updates\KB976325-IE7\ieakui.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 230400 c:\windows\ie7updates\KB976325-IE7\ieaksie.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 153088 c:\windows\ie7updates\KB976325-IE7\ieakeng.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 133120 c:\windows\ie7updates\KB976325-IE7\extmgr.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 214528 c:\windows\ie7updates\KB976325-IE7\dxtrans.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 347136 c:\windows\ie7updates\KB976325-IE7\dxtmsft.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 124928 c:\windows\ie7updates\KB976325-IE7\advpack.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2009-11-26 14:10 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB976098-v2$\spuninst\updspapi.dll
+ 2009-11-26 14:10 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB976098-v2$\spuninst\spuninst.exe
+ 2009-12-09 19:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2009-12-09 19:14 . 2008-04-14 00:12 270336 c:\windows\$NtUninstallKB974392$\oakley.dll
+ 2009-12-09 19:15 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2009-12-09 19:15 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2009-12-09 19:15 . 2008-04-14 00:12 150016 c:\windows\$NtUninstallKB974318$\rastls.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2009-12-09 19:14 . 2004-08-10 12:00 116288 c:\windows\$NtUninstallKB973904$\msconv97.dll
+ 2009-11-26 14:10 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973687$\spuninst\updspapi.dll
+ 2009-11-26 14:10 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe
+ 2009-12-09 19:14 . 2008-12-16 12:30 354304 c:\windows\$NtUninstallKB971737$\winhttp.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB971737$\spuninst\updspapi.dll
+ 2009-12-09 19:14 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971737$\spuninst\spuninst.exe
+ 2009-12-09 19:15 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB970430$\spuninst\updspapi.dll
+ 2009-12-09 19:15 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB970430$\spuninst\spuninst.exe
+ 2009-12-09 19:15 . 2008-04-13 18:53 264832 c:\windows\$NtUninstallKB970430$\http.sys
+ 2009-12-09 19:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB976325-IE7\update\updspapi.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB976325-IE7\update\update.exe
+ 2009-12-09 19:14 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB976325-IE7\spuninst.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 841216 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 233472 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\webcheck.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 105984 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\url.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 102912 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\occache.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 671232 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mstime.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 193024 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msrating.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 477696 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtmled.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 459264 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\msfeeds.dll
+ 2009-10-28 06:54 . 2009-10-28 06:54 634632 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iexplore.exe
+ 2009-10-29 07:45 . 2009-10-29 07:45 268288 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iertutil.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 388608 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\iedkcs32.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 380928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dll
+ 2009-10-28 06:52 . 2009-10-28 06:52 161792 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakui.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 230400 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieaksie.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 153088 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieakeng.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 132608 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\extmgr.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 214528 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtrans.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 347136 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\dxtmsft.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 124928 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\advpack.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2009-12-09 19:14 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:38 . 2009-10-13 10:38 270336 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2009-12-09 19:15 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2009-12-09 19:15 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2009-12-09 19:15 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 13:28 . 2009-10-12 13:28 150016 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2009-12-09 19:14 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2009-12-09 13:19 . 2009-07-29 14:01 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2009-11-26 14:10 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973687\update\updspapi.dll
+ 2009-11-26 14:10 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2009-11-26 14:10 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2009-12-09 19:14 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB971737\update\updspapi.dll
+ 2009-12-09 19:14 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB971737\update\update.exe
+ 2009-12-09 19:14 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971737\spuninst.exe
+ 2009-08-25 09:27 . 2009-08-25 09:27 354816 c:\windows\$hf_mig$\KB971737\SP3QFE\winhttp.dll
+ 2009-12-09 19:15 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2009-12-09 19:15 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2009-12-09 19:15 . 2009-05-26 11:40 231288 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-10-20 15:21 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2009-07-20 23:03 . 2009-07-20 23:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 1168384 c:\windows\system32\urlmon.dll
+ 2008-09-22 20:37 . 2009-07-31 09:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-20 23:05 . 2009-07-20 23:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-10 12:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 3599360 c:\windows\system32\mshtml.dll
+ 2009-11-20 17:55 . 2009-07-10 11:33 1589248 c:\windows\system32\libmysql_d.dll
- 2009-07-20 14:37 . 2006-04-13 09:30 1073152 c:\windows\system32\libmysql_c.dll
+ 2009-07-20 14:37 . 2006-04-13 10:30 1073152 c:\windows\system32\libmysql_c.dll
- 2007-08-13 16:54 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll
+ 2007-08-13 16:54 . 2010-01-05 10:00 6067200 c:\windows\system32\ieframe.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 1168384 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-10 12:00 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-09-22 20:37 . 2009-07-31 09:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-11-13 15:09 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2004-08-10 12:00 . 2010-01-05 10:00 3599360 c:\windows\system32\dllcache\mshtml.dll
+ 2008-06-27 08:32 . 2010-01-05 10:00 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2008-06-27 08:32 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2010-01-21 17:56 . 2010-01-21 17:56 1565696 c:\windows\Installer\b806d.msi
+ 2009-11-20 14:23 . 2009-11-20 14:23 1452032 c:\windows\Installer\4b12c3.msi
+ 2010-01-22 05:57 . 2009-10-29 07:46 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-01-22 05:57 . 2009-10-29 07:46 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 1168384 c:\windows\ie7updates\KB976325-IE7\urlmon.dll
+ 2009-12-09 19:14 . 2009-10-21 04:08 3598336 c:\windows\ie7updates\KB976325-IE7\mshtml.dll
+ 2009-12-09 19:14 . 2009-08-29 07:36 6067200 c:\windows\ie7updates\KB976325-IE7\ieframe.dll
+ 2009-11-26 14:10 . 2008-09-10 01:14 1307648 c:\windows\$NtUninstallKB973687$\msxml6.dll
+ 2009-11-26 14:10 . 2008-09-04 17:15 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 1170944 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\urlmon.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 3602432 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll
+ 2009-10-29 07:45 . 2009-10-29 07:45 6070784 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieframe.dll
+ 2009-12-09 13:22 . 2009-06-29 08:33 2452872 c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\ieapfltr.dat
+ 2009-11-26 08:04 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2009-11-26 08:04 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2008-06-27 08:33 . 2010-01-05 00:17 29634504 c:\windows\system32\MRT.exe
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2009-11-13 13:23 2166296 ----a-w- c:\program files\P2P_Energy\tbP2P1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]
2009-10-27 10:45 2325528 ----a-w- c:\program files\D'Accord_Music_Software\tbD'Ac.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-11-13 2166296]
"{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2009-10-27 2325528]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "c:\program files\P2P_Energy\tbP2P1.dll" [2009-11-13 2166296]
"{C4225628-E1F3-4FD1-AB0B-B24C84BCF12F}"= "c:\program files\D'Accord_Music_Software\tbD'Ac.dll" [2009-10-27 2325528]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CLASSES_ROOT\clsid\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064]
"ULiRaid"="c:\program files\ULi5287\ULi5287.exe" [2005-08-24 409600]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-08-26 111928]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Documents and Settings\\Ája a mamča a taťka\\Desktop\\bulanci.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Documents and Settings\\Ája a mamča a taťka\\Desktop\\ComboFix.exe"=
"c:\\Documents and Settings\\ddddd\\Desktop\\Wowko 2\\Launcher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\ddddd\\Desktop\\hry dan\\wowko\\World of Wacraft\\Database\\bin\\mysqld-nt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13858:TCP"= 13858:TCP:BitComet 13858 TCP
"13858:UDP"= 13858:UDP:BitComet 13858 UDP
"57998:TCP"= 57998:TCP:Pando Media Booster
"57998:UDP"= 57998:UDP:Pando Media Booster
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R0 m5287;m5287;c:\windows\system32\drivers\m5287.sys [15.11.2009 22:36 101120]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2.2.2010 17:43 114768]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [12.10.2009 17:24 2996]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.2.2010 17:43 20560]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [7.10.2009 16:40 127496]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [27.6.2008 1:47 28672]
S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture;c:\windows\system32\drivers\HCWUSB2AV.sys [27.2.2007 23:40 150784]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
FF - ProfilePath - c:\documents and settings\Ája a mamča a taťka\Application Data\Mozilla\Firefox\Profiles\962sxhk0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-SnadBoy's Revelation v2 - c:\progra~1\SNADBO~1\UNWISE.EXE
AddRemove-VoipBuster_is1 - c:\documents and settings\ddddd\Desktop\VoipBuster\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 16:24
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-05 16:26:23
ComboFix-quarantined-files.txt 2010-02-05 15:26
ComboFix2.txt 2009-11-15 22:54
ComboFix3.txt 2009-11-15 22:02
Před spuštěním: 13 100 244 992 bytes free
Po spuštění: 13 309 964 288 bytes free
- - End Of File - - E39C9FD37633C468CDBB904E62A41FCA
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
Otestujte na www.virustotal.comc:\windows\system\WININETICMP32.drv
Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
Sem vložte link s výsledky.
Mohla by jste mrknout na log z Avastu, v kterém souboru viry hlásí?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
andrea.benackova
- Návštěvník
- Příspěvky: 9
- Registrován: 14 lis 2009 20:34
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
No jasne, ze mohla
Zde link na Virustotal:
http://www.virustotal.com/cs/analisis/7 ... 1265388891
Log avast:
Varovani
5.2.2010 11:24:30 ddddd 256 Virus "Win32:Patched-LF [Trj]" byl nalezen v souboru "C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir".
5.2.2010 11:25:00 ddddd 256 Virus "Win32:Malware-gen" byl nalezen v souboru "C:\Qoobox\Quarantine\C\WINDOWS\system32\msxm192z.dll.vir".
5.2.2010 11:43:10 ddddd 256 Virus "Win32:Malware-gen" byl nalezen v souboru "C:\System Volume Information\_restore{5B30A69D-AD9A-4D1E-BACB-23C83C5DBF36}\RP438\A0246354.dll".
5.2.2010 11:54:38 ddddd 256 Virus "Win32:Trojan-gen" byl nalezen v souboru "C:\System Volume Information\_restore{5B30A69D-AD9A-4D1E-BACB-23C83C5DBF36}\RP483\A0271566.exe\wow.exe".
5.2.2010 11:54:55 ddddd 256 Virus "Win32:ScramEPL [Cryp]" byl nalezen v souboru "C:\System Volume Information\_restore{5B30A69D-AD9A-4D1E-BACB-23C83C5DBF36}\RP483\A0271566.exe\boer.exe\$INSTDIR\main.exe".
5.2.2010 11:54:59 ddddd 256 Virus "Win32:Malware-gen" byl nalezen v souboru "C:\System Volume Information\_restore{5B30A69D-AD9A-4D1E-BACB-23C83C5DBF36}\RP483\A0271566.exe\boer.exe\$INSTDIR\main.dll".
5.2.2010 11:55:02 ddddd 256 Virus "Win32:Trojan-gen" byl nalezen v souboru "C:\System Volume Information\_restore{5B30A69D-AD9A-4D1E-BACB-23C83C5DBF36}\RP483\A0271566.exe\boer.exe\$INSTDIR\exmlrpc.fne".
Zde link na Virustotal:
http://www.virustotal.com/cs/analisis/7 ... 1265388891
Log avast:
Varovani
5.2.2010 11:24:30 ddddd 256 Virus "Win32:Patched-LF [Trj]" byl nalezen v souboru "C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir".
5.2.2010 11:25:00 ddddd 256 Virus "Win32:Malware-gen" byl nalezen v souboru "C:\Qoobox\Quarantine\C\WINDOWS\system32\msxm192z.dll.vir".
5.2.2010 11:43:10 ddddd 256 Virus "Win32:Malware-gen" byl nalezen v souboru "C:\System Volume Information\_restore{5B30A69D-AD9A-4D1E-BACB-23C83C5DBF36}\RP438\A0246354.dll".
5.2.2010 11:54:38 ddddd 256 Virus "Win32:Trojan-gen" byl nalezen v souboru "C:\System Volume Information\_restore{5B30A69D-AD9A-4D1E-BACB-23C83C5DBF36}\RP483\A0271566.exe\wow.exe".
5.2.2010 11:54:55 ddddd 256 Virus "Win32:ScramEPL [Cryp]" byl nalezen v souboru "C:\System Volume Information\_restore{5B30A69D-AD9A-4D1E-BACB-23C83C5DBF36}\RP483\A0271566.exe\boer.exe\$INSTDIR\main.exe".
5.2.2010 11:54:59 ddddd 256 Virus "Win32:Malware-gen" byl nalezen v souboru "C:\System Volume Information\_restore{5B30A69D-AD9A-4D1E-BACB-23C83C5DBF36}\RP483\A0271566.exe\boer.exe\$INSTDIR\main.dll".
5.2.2010 11:55:02 ddddd 256 Virus "Win32:Trojan-gen" byl nalezen v souboru "C:\System Volume Information\_restore{5B30A69D-AD9A-4D1E-BACB-23C83C5DBF36}\RP483\A0271566.exe\boer.exe\$INSTDIR\exmlrpc.fne".
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
Vy jste dnes použila combofix 5.2.2010 11:24:30, a mě jste říkala, že ne 
.
Tak jak to je? Pravděpodobně jste měla infikovaný systémový soubor, combofix ho vyměnil .
Jak se ted chová počítač?
.Tak jak to je? Pravděpodobně jste měla infikovaný systémový soubor, combofix ho vyměnil .
Jak se ted chová počítač?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
andrea.benackova
- Návštěvník
- Příspěvky: 9
- Registrován: 14 lis 2009 20:34
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
Combofix jsem si uz kdysi stahovala pri reseni jineho problemu, v 11:24:30 jsem jen zkousela, jestli mi na nej uz nevyprsela mesicni lhuta. A opravdu vyprsela, Combofix se vubec neotevrel. Pouzila jsem ho jen s Vami, potom, co jsem ho znovu stahla. 
A snazila jsem se znovu projet ty infikovane soubory, co nesly smaznout jeste jednou, ale v pocitaci mi je avast uz nenasel.
A snazila jsem se znovu projet ty infikovane soubory, co nesly smaznout jeste jednou, ale v pocitaci mi je avast uz nenasel.
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
No vidíte, on se sice Výám neotevřel, ale pracoval .
A combofix si v počítači nenechávejte, vždy je lepší mít nově stažený, aktualizuje se častěji než 1xza měsíc a hlavně ho používejte pod dozorem rádce
Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry
Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?
.A combofix si v počítači nenechávejte, vždy je lepší mít nově stažený, aktualizuje se častěji než 1xza měsíc a hlavně ho používejte pod dozorem rádce
Odinstalujte combofix přesStart >> Spustit zkopírujte do okénka:
ComboFix /Uninstall
stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.
Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir
Stahněte OTC a použijtehttp://oldtimer.geekstogo.com/OTC.exe
Stáhněte Ccleaner,viz můj podpis-nainstalujte a vyčištěte dočasné soubory, i registry
Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
andrea.benackova
- Návštěvník
- Příspěvky: 9
- Registrován: 14 lis 2009 20:34
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
Rozkaz proveden, Combofix vymazan dekuji za upozorneni. Vse jsem provedla dle postupu, avast mi infikovane soubory, co nesly smaznout, uz vubec nenasel. Zde je log z RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ája a mamča a taťka at 2010-02-05 22:00:52
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (12%) free of 148 GB
Total RAM: 959 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:59, on 5.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ája a mamča a taťka\Desktop\RSIT.exe
C:\Program Files\trend micro\Ája a mamča a taťka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: D'Accord Music Software Toolbar - {c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: D'Accord Music Software Toolbar - {c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JAAMAM~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg
--
End of file - 6763 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P1.dll [2009-11-13 2166296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]
D'Accord Music Software Toolbar - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll [2009-10-27 2325528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P1.dll [2009-11-13 2166296]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - D'Accord Music Software Toolbar - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll [2009-10-27 2325528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-29 344064]
"ULiRaid"=C:\Program Files\ULi5287\ULi5287.exe [2005-08-24 409600]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-08-26 111928]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-29 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\Ája a mamča a taťka\Desktop\bulanci.exe"="C:\Documents and Settings\Ája a mamča a taťka\Desktop\bulanci.exe:*:Enabled:bulanci"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\Ája a mamča a taťka\Desktop\ComboFix.exe"="C:\Documents and Settings\Ája a mamča a taťka\Desktop\ComboFix.exe:*:Enabled:ComboFix"
"C:\Documents and Settings\ddddd\Desktop\Wowko 2\Launcher.exe"="C:\Documents and Settings\ddddd\Desktop\Wowko 2\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\ddddd\Desktop\hry dan\wowko\World of Wacraft\Database\bin\mysqld-nt.exe"="C:\Documents and Settings\ddddd\Desktop\hry dan\wowko\World of Wacraft\Database\bin\mysqld-nt.exe:*:Disabled:mysqld-nt"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-05 22:00:52 ----D---- C:\rsit
2010-02-05 18:11:30 ----SHD---- C:\RECYCLER
2010-02-04 14:53:20 ----A---- C:\WINDOWS\NCLogConfig.ini
2010-02-02 17:43:26 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-01 08:16:02 ----A---- C:\WINDOWS\_MSRSTRT.EXE
2010-01-24 16:55:19 ----D---- C:\Program Files\Free MP3 Sound Recorder
2010-01-24 16:55:19 ----A---- C:\WINDOWS\system32\NCTAudioVisualization2.dll
2010-01-24 16:55:19 ----A---- C:\WINDOWS\system32\NCTAudioRecord2.dll
2010-01-24 16:55:19 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2010-01-13 19:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 19:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
======List of files/folders modified in the last 1 months======
2010-02-05 22:00:59 ----D---- C:\Program Files\trend micro
2010-02-05 21:59:05 ----D---- C:\Program Files\Mozilla Firefox
2010-02-05 21:58:07 ----D---- C:\WINDOWS\Prefetch
2010-02-05 21:58:05 ----D---- C:\WINDOWS
2010-02-05 21:51:33 ----D---- C:\WINDOWS\Temp
2010-02-05 21:51:16 ----D---- C:\WINDOWS\Registration
2010-02-05 21:50:54 ----SHD---- C:\System Volume Information
2010-02-05 21:50:54 ----D---- C:\WINDOWS\system32\Restore
2010-02-05 21:49:18 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-05 21:49:00 ----D---- C:\Documents and Settings\Ája a mamča a taťka\Application Data\Skype
2010-02-05 21:43:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-05 16:24:17 ----A---- C:\WINDOWS\system.ini
2010-02-05 16:23:07 ----D---- C:\WINDOWS\system32
2010-02-05 16:23:07 ----D---- C:\Program Files\ICQ6.5
2010-02-05 16:21:46 ----D---- C:\WINDOWS\system32\drivers
2010-02-05 16:21:46 ----D---- C:\WINDOWS\AppPatch
2010-02-05 16:21:41 ----D---- C:\Program Files\Common Files
2010-02-05 16:00:23 ----D---- C:\Documents and Settings\Ája a mamča a taťka\Application Data\skypePM
2010-02-05 15:39:40 ----SHD---- C:\WINDOWS\Installer
2010-02-05 15:39:40 ----D---- C:\Config.Msi
2010-02-01 08:25:01 ----RD---- C:\Program Files
2010-02-01 08:12:48 ----D---- C:\WINDOWS\system
2010-01-29 21:21:06 ----HD---- C:\WINDOWS\inf
2010-01-22 06:57:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 06:57:56 ----D---- C:\WINDOWS\system32\en-US
2010-01-22 06:57:56 ----D---- C:\Program Files\Internet Explorer
2010-01-22 06:57:45 ----D---- C:\WINDOWS\ie7updates
2010-01-22 06:07:09 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 18:56:20 ----RD---- C:\Program Files\Skype
2010-01-19 07:01:48 ----D---- C:\Documents and Settings
2010-01-19 07:01:32 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt
2010-01-14 06:13:43 ----D---- C:\WINDOWS\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2009-10-12 2996]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-09-15 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-08 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 TotRec7;Total Recorder WDM audio driver; C:\WINDOWS\system32\drivers\TotRec7.sys [2009-03-02 127496]
R3 ULI5261XP;ULi M526X Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-23 28672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-20 25280]
S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture; C:\WINDOWS\system32\drivers\HCWUSB2AV.sys [2008-06-26 150784]
S3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2007-02-06 185728]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-29 376832]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
dekuji za upozorneni. Vse jsem provedla dle postupu, avast mi infikovane soubory, co nesly smaznout, uz vubec nenasel. Zde je log z RSIT:Logfile of random's system information tool 1.06 (written by random/random)
Run by Ája a mamča a taťka at 2010-02-05 22:00:52
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (12%) free of 148 GB
Total RAM: 959 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:59, on 5.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ULi5287\ULi5287.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ája a mamča a taťka\Desktop\RSIT.exe
C:\Program Files\trend micro\Ája a mamča a taťka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: D'Accord Music Software Toolbar - {c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: D'Accord Music Software Toolbar - {c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULi5287\ULi5287.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/JAAMAM~1/LOCALS~1/Temp/msoclip1/01/clip_image001.jpg
--
End of file - 6763 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P1.dll [2009-11-13 2166296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]
D'Accord Music Software Toolbar - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll [2009-10-27 2325528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-05-20 1258808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar - C:\Program Files\P2P_Energy\tbP2P1.dll [2009-11-13 2166296]
{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f} - D'Accord Music Software Toolbar - C:\Program Files\D'Accord_Music_Software\tbD'Ac.dll [2009-10-27 2325528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-12 49152]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-06-29 344064]
"ULiRaid"=C:\Program Files\ULi5287\ULi5287.exe [2005-08-24 409600]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-08-26 111928]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-29 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-08-11 241704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\Ája a mamča a taťka\Desktop\bulanci.exe"="C:\Documents and Settings\Ája a mamča a taťka\Desktop\bulanci.exe:*:Enabled:bulanci"
"C:\Program Files\QIP Infium\infium.exe"="C:\Program Files\QIP Infium\infium.exe:*:Enabled:QIP Infium"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Documents and Settings\Ája a mamča a taťka\Desktop\ComboFix.exe"="C:\Documents and Settings\Ája a mamča a taťka\Desktop\ComboFix.exe:*:Enabled:ComboFix"
"C:\Documents and Settings\ddddd\Desktop\Wowko 2\Launcher.exe"="C:\Documents and Settings\ddddd\Desktop\Wowko 2\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\ddddd\Desktop\hry dan\wowko\World of Wacraft\Database\bin\mysqld-nt.exe"="C:\Documents and Settings\ddddd\Desktop\hry dan\wowko\World of Wacraft\Database\bin\mysqld-nt.exe:*:Disabled:mysqld-nt"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2010-02-05 22:00:52 ----D---- C:\rsit
2010-02-05 18:11:30 ----SHD---- C:\RECYCLER
2010-02-04 14:53:20 ----A---- C:\WINDOWS\NCLogConfig.ini
2010-02-02 17:43:26 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-02-01 08:16:02 ----A---- C:\WINDOWS\_MSRSTRT.EXE
2010-01-24 16:55:19 ----D---- C:\Program Files\Free MP3 Sound Recorder
2010-01-24 16:55:19 ----A---- C:\WINDOWS\system32\NCTAudioVisualization2.dll
2010-01-24 16:55:19 ----A---- C:\WINDOWS\system32\NCTAudioRecord2.dll
2010-01-24 16:55:19 ----A---- C:\WINDOWS\system32\NCTAudioFile2.dll
2010-01-13 19:52:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-13 19:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
======List of files/folders modified in the last 1 months======
2010-02-05 22:00:59 ----D---- C:\Program Files\trend micro
2010-02-05 21:59:05 ----D---- C:\Program Files\Mozilla Firefox
2010-02-05 21:58:07 ----D---- C:\WINDOWS\Prefetch
2010-02-05 21:58:05 ----D---- C:\WINDOWS
2010-02-05 21:51:33 ----D---- C:\WINDOWS\Temp
2010-02-05 21:51:16 ----D---- C:\WINDOWS\Registration
2010-02-05 21:50:54 ----SHD---- C:\System Volume Information
2010-02-05 21:50:54 ----D---- C:\WINDOWS\system32\Restore
2010-02-05 21:49:18 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-05 21:49:00 ----D---- C:\Documents and Settings\Ája a mamča a taťka\Application Data\Skype
2010-02-05 21:43:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-05 16:24:17 ----A---- C:\WINDOWS\system.ini
2010-02-05 16:23:07 ----D---- C:\WINDOWS\system32
2010-02-05 16:23:07 ----D---- C:\Program Files\ICQ6.5
2010-02-05 16:21:46 ----D---- C:\WINDOWS\system32\drivers
2010-02-05 16:21:46 ----D---- C:\WINDOWS\AppPatch
2010-02-05 16:21:41 ----D---- C:\Program Files\Common Files
2010-02-05 16:00:23 ----D---- C:\Documents and Settings\Ája a mamča a taťka\Application Data\skypePM
2010-02-05 15:39:40 ----SHD---- C:\WINDOWS\Installer
2010-02-05 15:39:40 ----D---- C:\Config.Msi
2010-02-01 08:25:01 ----RD---- C:\Program Files
2010-02-01 08:12:48 ----D---- C:\WINDOWS\system
2010-01-29 21:21:06 ----HD---- C:\WINDOWS\inf
2010-01-22 06:57:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 06:57:56 ----D---- C:\WINDOWS\system32\en-US
2010-01-22 06:57:56 ----D---- C:\Program Files\Internet Explorer
2010-01-22 06:57:45 ----D---- C:\WINDOWS\ie7updates
2010-01-22 06:07:09 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 18:56:20 ----RD---- C:\Program Files\Skype
2010-01-19 07:01:48 ----D---- C:\Documents and Settings
2010-01-19 07:01:32 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile USB Modem.txt
2010-01-14 06:13:43 ----D---- C:\WINDOWS\Debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2009-10-12 2996]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-05-13 79488]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2005-09-15 141312]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-29 1241088]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-08 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-08-11 393088]
R3 TotRec7;Total Recorder WDM audio driver; C:\WINDOWS\system32\drivers\TotRec7.sys [2009-03-02 127496]
R3 ULI5261XP;ULi M526X Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-23 28672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-20 25280]
S3 hcwAVD2;Hauppauge PVR USB2 AVS Video Capture; C:\WINDOWS\system32\drivers\HCWUSB2AV.sys [2008-06-26 150784]
S3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2007-02-06 185728]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-10-27 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-29 376832]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 ehRecvr;Služba přijímače aplikace Media Center; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Služba plánování aplikace Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript
-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript
Kód: Vybrat vše
:processes
explorer.exe
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Program Files\SweetIM
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"=-
"{FE063DB9-4EC0-403e-8DD8-394C54984B2C}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
:commands
[emptytemp]
[Reboot]-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
andrea.benackova
- Návštěvník
- Příspěvky: 9
- Registrován: 14 lis 2009 20:34
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
Log z OTM:
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\003274_.tmp moved successfully.
C:\WINDOWS\SET1E.tmp moved successfully.
C:\WINDOWS\SET21.tmp moved successfully.
C:\WINDOWS\SET2D.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1A1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP283.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9F.tmp folder moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\tmp7B.tmp moved successfully.
C:\WINDOWS\system32\tmp7C.tmp moved successfully.
C:\WINDOWS\system32\tmpDB.tmp moved successfully.
C:\WINDOWS\system32\tmpDC.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\SweetIM\Toolbars folder moved successfully.
C:\Program Files\SweetIM\Messenger\resources\images folder moved successfully.
C:\Program Files\SweetIM\Messenger\resources folder moved successfully.
C:\Program Files\SweetIM\Messenger folder moved successfully.
C:\Program Files\SweetIM folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2bae58c2-79f9-45d1-a286-81f911301c3a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: All Users
User: ddddd
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 156837166 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Ája a mamča a taťka
->Temp folder emptied: 145298 bytes
->Temporary Internet Files folder emptied: 1008129 bytes
->FireFox cache emptied: 276442501 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 1485 bytes
Total Files Cleaned = 415,00 mb
OTM by OldTimer - Version 3.1.8.0 log created on 02052010_233257
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5e0.dat moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\003274_.tmp moved successfully.
C:\WINDOWS\SET1E.tmp moved successfully.
C:\WINDOWS\SET21.tmp moved successfully.
C:\WINDOWS\SET2D.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP16F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1A1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP283.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9F.tmp folder moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\tmp7B.tmp moved successfully.
C:\WINDOWS\system32\tmp7C.tmp moved successfully.
C:\WINDOWS\system32\tmpDB.tmp moved successfully.
C:\WINDOWS\system32\tmpDC.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\SweetIM\Toolbars folder moved successfully.
C:\Program Files\SweetIM\Messenger\resources\images folder moved successfully.
C:\Program Files\SweetIM\Messenger\resources folder moved successfully.
C:\Program Files\SweetIM\Messenger folder moved successfully.
C:\Program Files\SweetIM folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4225628-e1f3-4fd1-ab0b-b24c84bcf12f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2bae58c2-79f9-45d1-a286-81f911301c3a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bae58c2-79f9-45d1-a286-81f911301c3a}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{FE063DB9-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
User: All Users
User: ddddd
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 156837166 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Ája a mamča a taťka
->Temp folder emptied: 145298 bytes
->Temporary Internet Files folder emptied: 1008129 bytes
->FireFox cache emptied: 276442501 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 1485 bytes
Total Files Cleaned = 415,00 mb
OTM by OldTimer - Version 3.1.8.0 log created on 02052010_233257
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5e0.dat moved successfully.
Registry entries deleted on Reboot...
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
:arrow:Otevřete znovu Otm a klikněte na tlačítko CleanUp,potvrďte ok
Nemáte firewall,k čemu je užitečný se dozvíte zde http://www.viry.cz/forum/viewtopic.php?f=41&t=20980
Pokud je pc v pořádku, je to vše. Kdyby byli problémy, ozvěte se 
.
Nemáte firewall,k čemu je užitečný se dozvíte zde http://www.viry.cz/forum/viewtopic.php?f=41&t=20980 Pokud je pc v pořádku, je to vše. Kdyby byli problémy, ozvěte se .Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
andrea.benackova
- Návštěvník
- Příspěvky: 9
- Registrován: 14 lis 2009 20:34
Re: avast! nalezl Win32:Patched-LF (Trj), Win32:Malware-gen, ...
Ja mela za to, ze mame firewall (viz obrazek) nebo se mylim? Nestaci?
Jinak velmi dekuji za pomoc, jeste ze Vas tady mame
Jinak velmi dekuji za pomoc, jeste ze Vas tady mame
- Přílohy
-
- firewall.JPG
- (128.68 KiB) Staženo 267 x
Přispějete na provoz fóra?