Moc prosím o kontrolu logu, viry+nelze nainstalovat SP3 Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
Uživatelský avatar
Body
Level 2
Level 2
Příspěvky: 185
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Moc prosím o kontrolu logu, viry+nelze nainstalovat SP3

Příspěvekod Body » 28 úno 2009 22:19

Dobrý večer,
prosím o preventivní kontrolu logu.
Děkuju mockrát, mějte se :inlove:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:08, on 28.2.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programy\uTorrent\uTorrent.exe
D:\programy\TurboLaunch\TurboLaunch.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
D:\Programy\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\programy\Opera\opera.exe
D:\programy\QIP\qip.exe
D:\programy\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neobux.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP2005] D:\programy\QIP\qip.exe
O4 - HKCU\..\Run: [uTorrent] "D:\programy\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TurboLaunch.lnk = D:\programy\TurboLaunch\TurboLaunch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A80B43A5-542A-4B3A-8F6E-D5D7AC5EF881}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - D:\Programy\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7401 bytes
Naposledy upravil(a) Body dne 07 bře 2009 14:17, celkem upraveno 1 x.
Nahoru
Reklama
Top
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43339
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Moc prosím o kontrolu logu - HiJackThis

Příspěvekod jaro3 » 01 bře 2009 08:02

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
Vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Body
Level 2
Level 2
Příspěvky: 185
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Moc prosím o kontrolu logu - HiJackThis

Příspěvekod Body » 01 bře 2009 11:51

Ok fixnul jsem, děkuju moc :wink: Problémy žádné, rok jsem ale takhle nekontroloval přes HJT, tak jsem chtěl preventivně. Ještě jednou děkuji

EDIT: Vlastně mám problém, ale nevím, jestli mám kvůli tomu založit nové vlákno... Nejde mi naistalovat SP 3 přes automatické aktualizace ani když jsme si ho stáhl odněkad, někde jsem se dočetl, že musí být windowsovská uvitaci obrazovka, tu ale mám. Nevíte někdo co s tím? Nemáte s tím taky někdo problém?
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43339
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Moc prosím o kontrolu logu - HiJackThis

Příspěvekod jaro3 » 01 bře 2009 15:29

Možností je více, poškozený instalátor, aut. aktualizace...
Stáhni si Dial-a-fix
Fix Windows Installer - Opraví problémy při instalaci programů v podobě .msi souborů nebo programů postavených na starších verzích instalátoru.
Fix Windows Update - Opraví problémy se stahováním a instalováním aktualizací Windows Update.
Klikni na kladívko-další možnosti:
Reinstall Automatic Updates service - Pokusí se o reinstalaci služby zajišťující automatické aktualizace (případná potřeba instalačního media Windows).
Klikni (dej zatržítko) a pak na Go.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Body
Level 2
Level 2
Příspěvky: 185
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Moc prosím o kontrolu logu - HiJackThis

Příspěvekod Body » 04 bře 2009 19:06

Zkusil jsem zaškrtnout v tom programu všechno jak jsi psal, ale opět se instalace nezdařila... Zastaví se to asi tak v půlce a píše (pro mě docela zvláštní) hlášku: Přístup byl odepřen. Nevíš co s tím? Moc prosím a děkuju za pomoc
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43339
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Moc prosím o kontrolu logu - HiJackThis

Příspěvekod jaro3 » 04 bře 2009 19:34

Vypni rez. ochranu u ESS.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Body
Level 2
Level 2
Příspěvky: 185
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Moc prosím o kontrolu logu - HiJackThis

Příspěvekod Body » 04 bře 2009 20:23

Zrobil jsem, jak jsi mi řekl, nevím, jestli stojí za zmínku, že na poprvé mi napsal Combo Fix, že nelze spustit, že není kompatibilní s mým OS, podruhé napsal, že u chybí dávkovací soubor. Na potřetí už to vyšlo.

Tady je log:
ComboFix 09-03-03.01 - doma 2009-03-04 19:59:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.767.314 [GMT 1:00]
Spuštěný z: c:\documents and settings\doma\Plocha\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\_004197_.tmp.dll
c:\windows\system32\_004198_.tmp.dll
c:\windows\system32\_004199_.tmp.dll
c:\windows\system32\_004200_.tmp.dll
c:\windows\system32\_004202_.tmp.dll
c:\windows\system32\_004203_.tmp.dll
c:\windows\system32\_004204_.tmp.dll
c:\windows\system32\_004205_.tmp.dll
c:\windows\system32\_004207_.tmp.dll
c:\windows\system32\_004208_.tmp.dll
c:\windows\system32\_004209_.tmp.dll
c:\windows\system32\_004210_.tmp.dll
c:\windows\system32\_004211_.tmp.dll
c:\windows\system32\_004212_.tmp.dll
c:\windows\system32\_004213_.tmp.dll
c:\windows\system32\_004214_.tmp.dll
c:\windows\system32\_004215_.tmp.dll
c:\windows\system32\_004216_.tmp.dll
c:\windows\system32\_004217_.tmp.dll
c:\windows\system32\_004218_.tmp.dll
c:\windows\system32\_004219_.tmp.dll
c:\windows\system32\_004220_.tmp.dll
c:\windows\system32\_004221_.tmp.dll
c:\windows\system32\_004222_.tmp.dll
c:\windows\system32\_004223_.tmp.dll
c:\windows\system32\_004224_.tmp.dll
c:\windows\system32\_004225_.tmp.dll
c:\windows\system32\_004226_.tmp.dll
c:\windows\system32\_004227_.tmp.dll
c:\windows\system32\_004228_.tmp.dll
c:\windows\system32\_004229_.tmp.dll
c:\windows\system32\_004230_.tmp.dll
c:\windows\system32\_004231_.tmp.dll
c:\windows\system32\_004232_.tmp.dll
c:\windows\system32\_004233_.tmp.dll
c:\windows\system32\_004234_.tmp.dll
c:\windows\system32\_004235_.tmp.dll
c:\windows\system32\_004236_.tmp.dll
c:\windows\system32\_004237_.tmp.dll
c:\windows\system32\_004238_.tmp.dll
c:\windows\system32\_004239_.tmp.dll
c:\windows\system32\_004240_.tmp.dll
c:\windows\system32\_004241_.tmp.dll
c:\windows\system32\_004242_.tmp.dll
c:\windows\system32\_004243_.tmp.dll
c:\windows\system32\_004244_.tmp.dll
c:\windows\system32\_004245_.tmp.dll
c:\windows\system32\_004246_.tmp.dll
c:\windows\system32\_004247_.tmp.dll
c:\windows\system32\_004248_.tmp.dll
c:\windows\system32\_004249_.tmp.dll
c:\windows\system32\_004250_.tmp.dll
c:\windows\system32\_004251_.tmp.dll
c:\windows\system32\_004252_.tmp.dll
c:\windows\system32\_004253_.tmp.dll
c:\windows\system32\_004254_.tmp.dll
c:\windows\system32\_004255_.tmp.dll
c:\windows\system32\_004256_.tmp.dll
c:\windows\system32\_004257_.tmp.dll
c:\windows\system32\_004258_.tmp.dll
c:\windows\system32\_004259_.tmp.dll
c:\windows\system32\_004260_.tmp.dll
c:\windows\system32\_004261_.tmp.dll
c:\windows\system32\_004262_.tmp.dll
c:\windows\system32\_004263_.tmp.dll
c:\windows\system32\_004264_.tmp.dll
c:\windows\system32\_004265_.tmp.dll
c:\windows\system32\_004266_.tmp.dll
c:\windows\system32\_004267_.tmp.dll
c:\windows\system32\_004269_.tmp.dll
c:\windows\system32\_004270_.tmp.dll
c:\windows\system32\_004271_.tmp.dll
c:\windows\system32\_004272_.tmp.dll
c:\windows\system32\_004273_.tmp.dll
c:\windows\system32\_004274_.tmp.dll
c:\windows\system32\_004275_.tmp.dll
c:\windows\system32\_004276_.tmp.dll
c:\windows\system32\_004277_.tmp.dll
c:\windows\system32\_004278_.tmp.dll
c:\windows\system32\_004279_.tmp.dll
c:\windows\system32\_004280_.tmp.dll
c:\windows\system32\_004281_.tmp.dll
c:\windows\system32\_004282_.tmp.dll
c:\windows\system32\_004283_.tmp.dll
c:\windows\system32\_004284_.tmp.dll
c:\windows\system32\_004285_.tmp.dll
c:\windows\system32\_004286_.tmp.dll
c:\windows\system32\_004287_.tmp.dll
c:\windows\system32\_004288_.tmp.dll
c:\windows\system32\_004289_.tmp.dll
c:\windows\system32\_004290_.tmp.dll
c:\windows\system32\_004291_.tmp.dll
c:\windows\system32\_004292_.tmp.dll
c:\windows\system32\_004293_.tmp.dll
c:\windows\system32\_004294_.tmp.dll
c:\windows\system32\_004295_.tmp.dll
c:\windows\system32\_004296_.tmp.dll
c:\windows\system32\_004297_.tmp.dll
c:\windows\system32\_004298_.tmp.dll
c:\windows\system32\_004299_.tmp.dll
c:\windows\system32\_004300_.tmp.dll
c:\windows\system32\_004301_.tmp.dll
c:\windows\system32\_004302_.tmp.dll
c:\windows\system32\_004303_.tmp.dll
c:\windows\system32\_004304_.tmp.dll
c:\windows\system32\_004305_.tmp.dll
c:\windows\system32\_004306_.tmp.dll
c:\windows\system32\_004307_.tmp.dll
c:\windows\system32\_004308_.tmp.dll
c:\windows\system32\_004309_.tmp.dll
c:\windows\system32\_004310_.tmp.dll
c:\windows\system32\_004311_.tmp.dll
c:\windows\system32\_004312_.tmp.dll
c:\windows\system32\_004313_.tmp.dll
c:\windows\system32\_004314_.tmp.dll
c:\windows\system32\_004315_.tmp.dll
c:\windows\system32\_004316_.tmp.dll
c:\windows\system32\_004317_.tmp.dll
c:\windows\system32\_004318_.tmp.dll
c:\windows\system32\_004319_.tmp.dll
c:\windows\system32\_004320_.tmp.dll
c:\windows\system32\_004321_.tmp.dll
c:\windows\system32\_004322_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\_004324_.tmp.dll
c:\windows\system32\_004325_.tmp.dll
c:\windows\system32\_004326_.tmp.dll
c:\windows\system32\_004327_.tmp.dll
c:\windows\system32\_004328_.tmp.dll
c:\windows\system32\_004329_.tmp.dll
c:\windows\system32\_004330_.tmp.dll
c:\windows\system32\_004331_.tmp.dll
c:\windows\system32\_004332_.tmp.dll
c:\windows\system32\_004333_.tmp.dll
c:\windows\system32\_004334_.tmp.dll
c:\windows\system32\_004335_.tmp.dll
c:\windows\system32\_004336_.tmp.dll
c:\windows\system32\_004337_.tmp.dll
c:\windows\system32\_004338_.tmp.dll
c:\windows\system32\_004340_.tmp.dll
c:\windows\system32\_004341_.tmp.dll
c:\windows\system32\_004342_.tmp.dll
c:\windows\system32\_004343_.tmp.dll
c:\windows\system32\_004344_.tmp.dll
c:\windows\system32\_004345_.tmp.dll
c:\windows\system32\_004346_.tmp.dll
c:\windows\system32\_004347_.tmp.dll
c:\windows\system32\_004349_.tmp.dll
c:\windows\system32\_004350_.tmp.dll
c:\windows\system32\_004351_.tmp.dll
c:\windows\system32\_004352_.tmp.dll
c:\windows\system32\_004353_.tmp.dll
c:\windows\system32\_004354_.tmp.dll
c:\windows\system32\_004355_.tmp.dll
c:\windows\system32\_004357_.tmp.dll
c:\windows\system32\_004358_.tmp.dll
c:\windows\system32\_004359_.tmp.dll
c:\windows\system32\_004360_.tmp.dll
c:\windows\system32\_004361_.tmp.dll
c:\windows\system32\_004364_.tmp.dll
c:\windows\system32\_004365_.tmp.dll
c:\windows\system32\_004366_.tmp.dll
c:\windows\system32\_004367_.tmp.dll
c:\windows\system32\_004368_.tmp.dll
c:\windows\system32\_004369_.tmp.dll
c:\windows\system32\_004370_.tmp.dll
c:\windows\system32\_004372_.tmp.dll
c:\windows\system32\_004373_.tmp.dll
c:\windows\system32\_004374_.tmp.dll
c:\windows\system32\_004375_.tmp.dll
c:\windows\system32\_004376_.tmp.dll
c:\windows\system32\_004377_.tmp.dll
c:\windows\system32\_004378_.tmp.dll
c:\windows\system32\_004379_.tmp.dll
c:\windows\system32\_004380_.tmp.dll
c:\windows\system32\_004381_.tmp.dll
c:\windows\system32\_004382_.tmp.dll
c:\windows\system32\_004383_.tmp.dll
c:\windows\system32\_004384_.tmp.dll
c:\windows\system32\_004385_.tmp.dll
c:\windows\system32\_004386_.tmp.dll
c:\windows\system32\_004387_.tmp.dll
c:\windows\system32\_004388_.tmp.dll
c:\windows\system32\_004390_.tmp.dll
c:\windows\system32\_004391_.tmp.dll
c:\windows\system32\_004392_.tmp.dll
c:\windows\system32\_004393_.tmp.dll
c:\windows\system32\_004394_.tmp.dll
c:\windows\system32\_004397_.tmp.dll
c:\windows\system32\_004398_.tmp.dll
c:\windows\system32\_004399_.tmp.dll
c:\windows\system32\_004400_.tmp.dll
c:\windows\system32\_004401_.tmp.dll
c:\windows\system32\_004402_.tmp.dll
c:\windows\system32\_004403_.tmp.dll
c:\windows\system32\_004405_.tmp.dll
c:\windows\system32\_004406_.tmp.dll
c:\windows\system32\_004407_.tmp.dll
c:\windows\system32\_004408_.tmp.dll
c:\windows\system32\_004409_.tmp.dll
c:\windows\system32\_004410_.tmp.dll
c:\windows\system32\_004411_.tmp.dll
c:\windows\system32\_004412_.tmp.dll
c:\windows\system32\_004414_.tmp.dll
c:\windows\system32\_004415_.tmp.dll
c:\windows\system32\_004416_.tmp.dll
c:\windows\system32\_004418_.tmp.dll
c:\windows\system32\_004419_.tmp.dll
c:\windows\system32\_004420_.tmp.dll
c:\windows\system32\_004424_.tmp.dll
c:\windows\system32\_004425_.tmp.dll
c:\windows\system32\_004427_.tmp.dll
c:\windows\system32\_004430_.tmp.dll
c:\windows\system32\_004432_.tmp.dll
c:\windows\system32\_004433_.tmp.dll
c:\windows\system32\_004434_.tmp.dll
c:\windows\system32\_004435_.tmp.dll
c:\windows\system32\_004438_.tmp.dll
c:\windows\system32\_004439_.tmp.dll
c:\windows\system32\_004440_.tmp.dll
c:\windows\system32\_004441_.tmp.dll
c:\windows\system32\_004442_.tmp.dll
c:\windows\system32\_004447_.tmp.dll
c:\windows\system32\_004449_.tmp.dll
c:\windows\system32\_004614_.tmp.dll
c:\windows\system32\_004615_.tmp.dll
c:\windows\system32\_004616_.tmp.dll
c:\windows\system32\_004617_.tmp.dll
c:\windows\system32\_004624_.tmp.dll
c:\windows\system32\_004625_.tmp.dll
c:\windows\system32\_004626_.tmp.dll
c:\windows\system32\_004628_.tmp.dll
c:\windows\system32\_004629_.tmp.dll
c:\windows\system32\_004632_.tmp.dll
c:\windows\system32\_004633_.tmp.dll
c:\windows\system32\_004635_.tmp.dll
c:\windows\system32\_004636_.tmp.dll
c:\windows\system32\_004637_.tmp.dll
c:\windows\system32\_004639_.tmp.dll
c:\windows\system32\_004642_.tmp.dll
c:\windows\system32\_004643_.tmp.dll
c:\windows\system32\_004645_.tmp.dll
c:\windows\system32\_004647_.tmp.dll
c:\windows\system32\_004648_.tmp.dll
c:\windows\system32\_004650_.tmp.dll
c:\windows\system32\_004653_.tmp.dll
c:\windows\system32\_004655_.tmp.dll
c:\windows\system32\_004656_.tmp.dll
c:\windows\system32\_004657_.tmp.dll
c:\windows\system32\_004658_.tmp.dll
c:\windows\system32\_004661_.tmp.dll
c:\windows\system32\_004662_.tmp.dll
c:\windows\system32\_004663_.tmp.dll
c:\windows\system32\_004664_.tmp.dll
c:\windows\system32\_004665_.tmp.dll
c:\windows\system32\_004670_.tmp.dll
c:\windows\system32\_004672_.tmp.dll
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Soubory vytvořené od 2009-02-04 do 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-04 16:59 . 2008-04-14 08:51 539,136 --a------ c:\windows\system32\SET17BA.tmp
2009-03-04 16:59 . 2008-04-14 08:48 177,152 --a------ c:\windows\system32\SET17BC.tmp
2009-03-04 16:58 . 2008-04-14 00:06 2,927,616 --a------ c:\windows\system32\SET1794.tmp
2009-03-04 16:58 . 2008-04-14 08:52 354,304 --a------ c:\windows\system32\SET1786.tmp
2009-03-04 16:58 . 2008-04-14 00:05 188,928 --a------ c:\windows\system32\SET1795.tmp
2009-03-04 16:58 . 2008-04-14 08:52 80,896 --a------ c:\windows\system32\SET1781.tmp
2009-03-04 16:58 . 2008-04-14 08:52 6,656 --a------ c:\windows\system32\SET177C.tmp
2009-03-04 16:50 . 2008-04-14 08:51 1,179,648 --a------ c:\windows\system32\SETB58.tmp
2009-03-04 16:49 . 2008-04-14 08:51 2,843,136 --a------ c:\windows\system32\SETA56.tmp
2009-03-04 16:48 . 2008-04-14 08:51 8,465,408 --a------ c:\windows\system32\SET961.tmp
2009-03-04 16:47 . 2008-04-14 08:52 729,600 --a------ c:\windows\system32\SET8EC.tmp
2009-03-04 16:44 . 2006-12-29 00:31 19,569 --a------ c:\windows\002827_.tmp
2009-03-04 16:40 . 2007-04-18 17:15 2,854,400 --a------ c:\windows\system32\dllcache\msi.dll
2009-03-04 16:39 . 2008-07-03 14:03 8,464,896 --a------ c:\windows\system32\dllcache\shell32.dll
2009-03-04 16:19 . 2009-03-04 19:59 <DIR> d-------- c:\windows\system32\CatRoot2
2009-03-01 21:53 . 2009-03-01 22:27 1,355 --a------ c:\windows\imsins.BAK
2009-03-01 21:46 . 2006-03-02 13:00 71,040 --------- c:\windows\system32\drivers\_004252_.tmp.dll
2009-03-01 21:30 . 2008-04-14 04:21 512,000 --a------ c:\windows\system32\SET8A2.tmp
2009-03-01 21:29 . 2008-04-14 04:21 2,843,136 --a------ c:\windows\system32\SET850.tmp
2009-03-01 21:28 . 2008-04-14 04:21 8,465,408 --a------ c:\windows\system32\SET704.tmp
2009-03-01 21:27 . 2008-04-14 04:22 729,600 --a------ c:\windows\system32\SET63E.tmp
2009-03-01 01:43 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-03-01 01:38 . 2009-03-01 01:38 <DIR> d-------- c:\program files\Microsoft Works
2009-03-01 01:37 . 2009-03-01 01:37 <DIR> d-------- c:\program files\MSBuild
2009-03-01 01:34 . 2009-03-01 01:34 <DIR> d-------- c:\program files\Microsoft.NET
2009-03-01 01:29 . 2009-03-01 01:29 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-03-01 01:27 . 2009-03-01 02:41 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-01 01:25 . 2009-03-01 01:25 <DIR> dr-h----- C:\MSOCache
2009-03-01 01:09 . 2009-03-01 01:18 <DIR> d-------- c:\documents and settings\doma\Data aplikací\DAEMON Tools Pro
2009-03-01 01:09 . 2009-03-01 01:09 <DIR> d-------- c:\documents and settings\doma\Data aplikací\DAEMON Tools
2009-03-01 01:07 . 2009-03-01 01:07 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-01 01:07 . 2009-03-01 01:07 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-01 01:07 . 2009-03-01 01:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-03-01 01:04 . 2009-03-01 01:09 <DIR> d-------- c:\documents and settings\doma\Data aplikací\DAEMON Tools Lite
2009-02-28 21:52 . 2009-02-28 22:06 <DIR> d-------- c:\documents and settings\doma\Data aplikací\Mp3tag
2009-02-22 17:26 . 2009-03-04 20:04 25,540 --a------ c:\windows\system32\oodbs.lor

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 19:06 --------- d-----w c:\documents and settings\doma\Data aplikací\uTorrent
2009-03-04 19:03 349,283 ---h--w c:\documents and settings\doma\Data aplikací\TurboLaunch_IconCache.dat
2009-03-01 20:06 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-01 10:57 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2009-03-01 10:40 --------- d-----w c:\documents and settings\doma\Data aplikací\Vso
2009-03-01 00:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-23 19:00 --------- d-----w c:\documents and settings\doma\Data aplikací\Skype
2009-02-23 15:49 --------- d-----w c:\documents and settings\doma\Data aplikací\skypePM
2009-02-21 20:51 81,920 ----a-w c:\documents and settings\doma\Data aplikací\ezpinst.exe
2009-02-21 20:51 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-02-21 20:51 47,360 ----a-w c:\documents and settings\doma\Data aplikací\pcouffin.sys
2009-01-31 00:02 --------- d-----w c:\program files\HDD Regenerator
2009-01-10 19:05 --------- d-----w c:\documents and settings\doma\Data aplikací\VitySoft
2009-01-04 14:42 --------- d-----w c:\documents and settings\doma\Data aplikací\Hamachi
2008-12-19 20:57 193,560 ----a-w c:\documents and settings\doma\Data aplikací\GDIPFONTCACHEV1.DAT
2008-03-25 18:56 241 ----a-w c:\documents and settings\doma\SR.vbs
2007-11-21 10:09 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
2007-10-30 18:53 13,560 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:45 360320 3c966f647bab332093cb0f92692b5cb8 c:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"QIP2005"="d:\programy\QIP\qip.exe" [2008-12-09 3259392]
"uTorrent"="d:\programy\uTorrent\uTorrent.exe" [2009-02-27 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TurboLaunch.lnk - d:\programy\TurboLaunch\TurboLaunch.exe [2007-02-08 2105856]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= d:\programy\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\programy\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"d:\\programy\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"d:\\programy\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"d:\\programy\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"d:\\Hry\\Valve\\hlds.exe"=
"d:\\Hry\\Valve\\hl.exe"=
"d:\\programy\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\programy\\Opera\\Opera.exe"=
"d:\\programy\\Strong DC\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\programy\\QIP\\qip.exe"=
"d:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\programy\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2009-03-04 69120]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-03-02 3584]
S3 CrystalSysInfo;CrystalSysInfo;d:\programy\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2007-12-31 135168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-12-07 10976]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\system32\drivers\SE30bus.sys [2007-03-11 61600]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;c:\windows\system32\drivers\SE30mdfl.sys [2007-03-11 9360]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;c:\windows\system32\drivers\SE30mdm.sys [2007-03-11 97184]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE30mgmt.sys [2007-03-11 88688]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);c:\windows\system32\drivers\se30nd5.sys [2007-03-11 18704]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;c:\windows\system32\drivers\SE30obex.sys [2007-03-11 86560]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);c:\windows\system32\drivers\se30unic.sys [2007-03-11 90800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-02-20 c:\windows\Tasks\1-Click Maintenance.job
- d:\programy\TuneUp Utilities 2008\OneClick.exe [2008-01-20 14:02]

2008-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Notify-dimsntfy - (no file)


.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.neobux.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {A80B43A5-542A-4B3A-8F6E-D5D7AC5EF881} = 62.129.50.20,85.135.32.100
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 20:05:48
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,03,e8,44,15,48,
99,a5,06,c8,28,51,af,b0,29,a3,98,eb,76,cf,f4,79,3c,f1,af,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,b1,73,c5,c9,e6,
a9,0c,b4,71,3b,04,66,8b,46,0d,96,17,b5,7f,d4,26,41,4c,57,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,34,b3,00,04,de,
17,c6,27,25,da,ec,7e,55,20,c9,26,ac,ab,17,98,c2,ac,c1,a2,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,31,ca,77,80,c7,
8e,26,a3,3e,1e,9e,e0,57,5a,93,61,e3,f5,05,b7,f0,d4,6d,b0,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e4,ed,fb,b2,05,
a4,48,e0,cd,44,cd,b9,a6,33,6c,cd,33,c9,6d,1d,62,bd,2d,87,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e0,80,3d,37,1e,
0c,5d,8a,b0,18,ed,a7,3f,8d,37,a4,18,be,59,d6,01,67,28,f4,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,a6,c4,d8,bc,41,
de,06,bc,31,77,e1,ba,b1,f8,68,02,9b,6c,fb,be,ff,10,34,4a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,de,98,58,c7,c3,
a7,3c,c6,83,6c,56,8b,a0,85,96,ab,98,08,f2,c2,35,0e,7c,59,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,dc,de,5b,4a,92,
47,f0,0e,51,fa,6e,91,28,9e,14,cc,22,86,a7,0b,cf,6b,07,34,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,78,15,43,68,fe,
ef,d0,ca,b1,cd,45,5a,a8,c4,f8,b9,2e,ea,80,6f,9b,7d,76,07,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,18,06,b1,94,50,
7b,2a,1e,e3,0e,66,d5,eb,bc,2f,6b,dc,08,b0,1a,6b,1f,6a,77,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,8c,da,e4,1f,71,
94,7b,63,fa,ea,66,7f,d4,3b,6b,70,92,ea,e9,3f,ba,06,4c,f3,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B30702C9C880636A978C237F59420940768169B22FD3FAE009F8573C39F0E0AF0232359FBA6BF4E8E77B7112AFF5A3C80469765248BD3113E3D8A6D36B5D735F63435BB14A90A1BA50E7747E8E4A2A98143801D88D899D14F5A4EBD18A08AB7C67AB432A933BAB3AE1BE8757E3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B555A6171C11EC38DE3DF0274460CE99A02701A4023788FBF5A988B10B525035957118A426EFABEA6450C81CDB617A8BFBC6AF8450E95423B16EAF37F9ADC538F36914A09EAACCC46EF27DFD27D035B4846C2127BC18B5F71A094E66B8B3E729288153676B4D8E3BAD5F23AEA3D8283DDFCB562597EACEAFB47F74B18F2FF864BF2F93E467626FF0D49A423263E32CB2049E45BDC9CEFBDEE0DAA43059ADED289BEC0529853AA2EE69B2D8338AA35485BC1FD952CB75C5004EA9559D04827019F13ACB6747650C23C7B457FB528A618CAB117068ABD3EEF1017DF2D69343DE3D4E197EF746BC49DB9E37A37F88524C014337DBAA0D236BF6D36B5BE0A04949010B90AAD62FDA28CEEFCF94518EF5BF004BDA616625DF64B5F10E61E0D4B37533DC2AD025C0202993131AF92B59B61C8BDFC7BB8E3ECCB4B75C814DA370635E08C876632451AD852732379369F2987387704E1837386D6F6C68E85916C680AF16A787CA3DC76C27E9CD4A158DF6E20F3EC146999C030C56A6BE6834CCBD73CBD828F2E2FCA006AAA036F92ABC97A26ADCE904551A26B5E31B5B2B02FDD1EA4930CB53FC916C6BE47293F26DBD9A27B3F5D6E7D5B3BA3B44E48FDED884925AEF5F68C8DBD0CFCDDA6BDF64F1005985CEFC4650198D71B1D68301B3435FA2F53D8D2875B7B181A5487E6B82BB14C01553CDCC2211738AF13257A6E0413139B863C6087F3CCE50AE1AFD5705C3ADD1728DA252C6A3D1DD1A1D29CE9E46C0A160C879D9120B6A1A6675249BA67626A1FD7C20122BAABBD30A94221AAB38793B700679445CB76754112E0B82A636FAD95BD2C99DBEF4E56CE7C94FFBC8F26A79ACE87FC08FC84D06B45034AA4A574D38F1F888567744A9B79D2025BEBC45C5E3A1F1A49C623BC8CD1E990487D8A3608D6F0BAB754CCE07DE5631F97ECFF162151D58E87990FEA8D9DA7CC3DE1DD51E3EC3D86386BBBD201A844807AC51AF3DBCAF05B1CDD8F8E1703F211ECBE7A114C52363C569C5AF3838DC676B8D12AAF19E30144363FC7F0CE7626025BD8BABF12F04644BD06E363B9BD84229396701C5113959CB57445F622C9EC84BF6600B8D1D25C6D1453E58B53B3542271EAB451F7F2959D89CF8D9C640921E6B8E43CEDE4405A99AA3C30F5A9F73822FFA3B8009E8A1CCDE78E9A1BAB523563F6E91F7046D"
"OODEFRAG11.00.00.01WORKSTATION"="A0420701B413B45DB48BB03D90202A32F4EC8E6BAEB65CCAC41AE62807F94E72E01030BB241F5341A7ADCD85DBD0F2943D5E887ACEA107956F5765B6C1923CCEF7DCBF953C9D54558422BFE7845E43FB9830972DDCC3951A36E391E31C50A7635AF1F867136FB0CF4B8BBFDFBBD49B0F34FD083EC570AA8F1174EE4D62F277186DBEB04F6FDC35E86E3117AAE7234B78AE853AACAC603EB3ED619053139AE8D90CD452ACCD8E035F547D26CBA19C79669BADA2BB67301A452DA8211861CB0B9903E85CA660150D73D800DF87B7F89FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D6794FEBC9E127BECC74C6DD4D582A83B871AB6787BB71B30E40E03BF4135480093B452F0F7A8CC6D16AC5A4B502A558FBB3B26943AABD24A47E4D1764CB8B58F98D94D273E083B74F9A9B46DF25DD116674DB9E2963701507C01121C43D06ABEDC6C868AC0F1D8923D1985BFCB125E37723D48F6F4C4044795D38D7183FB8550B6835A27761B22E720D7D73D0E537A0F24CC32D462547D67852213AA92516A3AE488297E7E4DDCC64995BDD30D3D6A6E2D10D67A0C77D3202208756F19F541A7063CD60698E412B8C1D5CAE5C40439D81FEF1E5546D7B19229F08B5CE02873F61FAF492628540B7877701948516DB309F0A9EF49082F8492399FB07FDB3831BA19CAED3B3920DBF43A904346F654E9E97DCC3A2D6B4D7DAB55A9C1DE9B89EDB83EC63318766054D1C036EB9D98A5329B01BE70CB2F95151AE478A2F1DA14DFEB41358D7FB1C49066A43637004365A47421B80564B6FD04D0B34B39A574E4028336F5F4AD5F0E6A3FE1B7CC9323A81FFBE047F3A80914C8F2F0327158671D946195C1E34C9810021ADBB5D9F18A9942ED2DCABAC2D075A55DAF1439DE576F9A1DBAA25A7E9A35BC6DD681102AED77F33CD3F8DACA5CD5201AE72A82818D245A7E66775C5845FA42DDFBBD22BD69935D0B865958D09F7C036DF50244FAF519DF083D7371E29FF17E4858624B233A54EAB15BC9BFD73144DCCB967EF9FD9F3DF9E8481C251CCF3FA13CDE3B46C3C1344DBD4E7A9CD64C1EFEDDEE5422ABBE15BB09724D0874249D9F7DE3E8537D0742FB70BC6F0239CE8BFE03878D3E1EAB39FB030EB5AB510E58B182215D38A2329F2DBC698383DDBC24394BC888566061D556244DD72A0A21D1D277B3E23E791283E0CC7AE13C17BB14497C0576F3F1002BAA71CA0B1E6D977FC33B1D1330BB9838567C7A0C4AAC981A9311ED5C2748CC0D9A1E80F826BCCC6A87E2C35E6097DC1A925BD856CED9BF89BBB59A16814AAD650E18D122E7AAC32F67B46F08A22F169DDFAE65E96ECC46C8AECB88CF1A542F2E307B015709E2200070ADCDA9CF"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\HDDSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
d:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\Cyberlink\Shared Files\RichVideo.exe
d:\programy\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ICQ6\ICQ.exe
.
**************************************************************************
.
Celkový čas: 2009-03-04 20:14:14 - počítač byl restartován [doma]
ComboFix-quarantined-files.txt 2009-03-04 19:13:28

Před spuštěním: 4,892,139,520
Po spuštění: 5,059,710,976

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
538 --- E O F --- 2009-03-02 21:01:06
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43339
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Moc prosím o kontrolu logu - HiJackThis

Příspěvekod jaro3 » 04 bře 2009 20:42

No toto vypadá..
Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\windows\system32\SET*.tmp
c:\windows\002827_.tmp
c:\windows\imsins.BAK
c:\windows\system32\drivers\_004252_.tmp.dll
c:\windows\system32\KGyGaAvL.sys

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď
******************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu .
Poté si odinstaluj ten cracklý NOD32, sám vidíš , že je Ti houby platný a pořiď si něco free- Avast ,Aviru nebo AVG.
Pak sem dej i log z HJT....
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Body
Level 2
Level 2
Příspěvky: 185
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Moc prosím o kontrolu logu - HiJackThis

Příspěvekod Body » 04 bře 2009 22:31

Ty myslíš, že ten cracknutý NOD nefunguje jak má?? Odinstaloval jsem ho a mám Avast!, ale mám pocit, že se mi tím zpomalil počíatč (možná jenom pocit).

Log z OTMoveIt3:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\windows\system32\SET10AF.tmp moved successfully.
c:\windows\system32\SET10B2.tmp moved successfully.
c:\windows\system32\SET10B7.tmp moved successfully.
c:\windows\system32\SET10C5.tmp moved successfully.
c:\windows\system32\SET10ED.tmp moved successfully.
c:\windows\system32\SET127E.tmp moved successfully.
c:\windows\system32\SET1282.tmp moved successfully.
c:\windows\system32\SET1283.tmp moved successfully.
c:\windows\system32\SET1285.tmp moved successfully.
c:\windows\system32\SET1287.tmp moved successfully.
c:\windows\system32\SET1289.tmp moved successfully.
c:\windows\system32\SET1290.tmp moved successfully.
c:\windows\system32\SET1291.tmp moved successfully.
c:\windows\system32\SET1294.tmp moved successfully.
c:\windows\system32\SET129D.tmp moved successfully.
c:\windows\system32\SET129E.tmp moved successfully.
c:\windows\system32\SET129F.tmp moved successfully.
c:\windows\system32\SET12A1.tmp moved successfully.
c:\windows\system32\SET12A2.tmp moved successfully.
c:\windows\system32\SET12A3.tmp moved successfully.
c:\windows\system32\SET12A4.tmp moved successfully.
c:\windows\system32\SET12A5.tmp moved successfully.
c:\windows\system32\SET12A7.tmp moved successfully.
c:\windows\system32\SET12A8.tmp moved successfully.
c:\windows\system32\SET12A9.tmp moved successfully.
c:\windows\system32\SET12AC.tmp moved successfully.
c:\windows\system32\SET12B3.tmp moved successfully.
c:\windows\system32\SET12B4.tmp moved successfully.
c:\windows\system32\SET12B5.tmp moved successfully.
c:\windows\system32\SET12B8.tmp moved successfully.
c:\windows\system32\SET12BA.tmp moved successfully.
c:\windows\system32\SET12BB.tmp moved successfully.
c:\windows\system32\SET12C2.tmp moved successfully.
c:\windows\system32\SET12C5.tmp moved successfully.
c:\windows\system32\SET12C6.tmp moved successfully.
c:\windows\system32\SET12C8.tmp moved successfully.
c:\windows\system32\SET12CE.tmp moved successfully.
c:\windows\system32\SET12CF.tmp moved successfully.
c:\windows\system32\SET12D0.tmp moved successfully.
c:\windows\system32\SET12D1.tmp moved successfully.
c:\windows\system32\SET12D7.tmp moved successfully.
c:\windows\system32\SET12D8.tmp moved successfully.
c:\windows\system32\SET12DA.tmp moved successfully.
c:\windows\system32\SET12DE.tmp moved successfully.
c:\windows\system32\SET12DF.tmp moved successfully.
c:\windows\system32\SET12E0.tmp moved successfully.
c:\windows\system32\SET12E3.tmp moved successfully.
c:\windows\system32\SET12E6.tmp moved successfully.
c:\windows\system32\SET12E7.tmp moved successfully.
c:\windows\system32\SET12ED.tmp moved successfully.
c:\windows\system32\SET12EF.tmp moved successfully.
c:\windows\system32\SET12F0.tmp moved successfully.
c:\windows\system32\SET12F3.tmp moved successfully.
c:\windows\system32\SET12F6.tmp moved successfully.
c:\windows\system32\SET12F7.tmp moved successfully.
c:\windows\system32\SET1304.tmp moved successfully.
c:\windows\system32\SET1306.tmp moved successfully.
c:\windows\system32\SET1307.tmp moved successfully.
c:\windows\system32\SET1308.tmp moved successfully.
c:\windows\system32\SET1309.tmp moved successfully.
c:\windows\system32\SET130A.tmp moved successfully.
c:\windows\system32\SET1315.tmp moved successfully.
c:\windows\system32\SET131B.tmp moved successfully.
c:\windows\system32\SET1320.tmp moved successfully.
c:\windows\system32\SET1321.tmp moved successfully.
c:\windows\system32\SET1322.tmp moved successfully.
c:\windows\system32\SET1325.tmp moved successfully.
c:\windows\system32\SET1326.tmp moved successfully.
c:\windows\system32\SET1327.tmp moved successfully.
c:\windows\system32\SET1329.tmp moved successfully.
c:\windows\system32\SET132A.tmp moved successfully.
c:\windows\system32\SET132F.tmp moved successfully.
c:\windows\system32\SET1332.tmp moved successfully.
c:\windows\system32\SET1333.tmp moved successfully.
c:\windows\system32\SET1334.tmp moved successfully.
c:\windows\system32\SET133A.tmp moved successfully.
c:\windows\system32\SET133B.tmp moved successfully.
c:\windows\system32\SET133C.tmp moved successfully.
c:\windows\system32\SET1344.tmp moved successfully.
c:\windows\system32\SET134A.tmp moved successfully.
c:\windows\system32\SET134B.tmp moved successfully.
c:\windows\system32\SET134C.tmp moved successfully.
c:\windows\system32\SET134D.tmp moved successfully.
c:\windows\system32\SET134F.tmp moved successfully.
c:\windows\system32\SET1355.tmp moved successfully.
c:\windows\system32\SET1361.tmp moved successfully.
c:\windows\system32\SET1363.tmp moved successfully.
c:\windows\system32\SET1365.tmp moved successfully.
c:\windows\system32\SET1366.tmp moved successfully.
c:\windows\system32\SET1367.tmp moved successfully.
c:\windows\system32\SET1370.tmp moved successfully.
c:\windows\system32\SET1373.tmp moved successfully.
c:\windows\system32\SET1374.tmp moved successfully.
c:\windows\system32\SET1376.tmp moved successfully.
c:\windows\system32\SET1377.tmp moved successfully.
c:\windows\system32\SET1378.tmp moved successfully.
c:\windows\system32\SET137B.tmp moved successfully.
c:\windows\system32\SET137D.tmp moved successfully.
c:\windows\system32\SET1380.tmp moved successfully.
c:\windows\system32\SET1386.tmp moved successfully.
c:\windows\system32\SET1393.tmp moved successfully.
c:\windows\system32\SET1394.tmp moved successfully.
c:\windows\system32\SET139B.tmp moved successfully.
c:\windows\system32\SET139C.tmp moved successfully.
c:\windows\system32\SET139F.tmp moved successfully.
c:\windows\system32\SET13A0.tmp moved successfully.
c:\windows\system32\SET13A1.tmp moved successfully.
c:\windows\system32\SET13A2.tmp moved successfully.
c:\windows\system32\SET13A3.tmp moved successfully.
c:\windows\system32\SET13A5.tmp moved successfully.
c:\windows\system32\SET13A6.tmp moved successfully.
c:\windows\system32\SET13A7.tmp moved successfully.
c:\windows\system32\SET13A9.tmp moved successfully.
c:\windows\system32\SET13AA.tmp moved successfully.
c:\windows\system32\SET13AB.tmp moved successfully.
c:\windows\system32\SET13AD.tmp moved successfully.
c:\windows\system32\SET13AE.tmp moved successfully.
c:\windows\system32\SET13B1.tmp moved successfully.
c:\windows\system32\SET13B6.tmp moved successfully.
c:\windows\system32\SET13B7.tmp moved successfully.
c:\windows\system32\SET13B8.tmp moved successfully.
c:\windows\system32\SET13BD.tmp moved successfully.
c:\windows\system32\SET13BE.tmp moved successfully.
c:\windows\system32\SET13BF.tmp moved successfully.
c:\windows\system32\SET13C1.tmp moved successfully.
c:\windows\system32\SET13C4.tmp moved successfully.
c:\windows\system32\SET13C6.tmp moved successfully.
c:\windows\system32\SET13C7.tmp moved successfully.
c:\windows\system32\SET13CA.tmp moved successfully.
c:\windows\system32\SET13CB.tmp moved successfully.
c:\windows\system32\SET13CE.tmp moved successfully.
c:\windows\system32\SET13D1.tmp moved successfully.
c:\windows\system32\SET13D2.tmp moved successfully.
c:\windows\system32\SET13D4.tmp moved successfully.
c:\windows\system32\SET13D9.tmp moved successfully.
c:\windows\system32\SET13DB.tmp moved successfully.
c:\windows\system32\SET13DE.tmp moved successfully.
c:\windows\system32\SET13E4.tmp moved successfully.
c:\windows\system32\SET13E5.tmp moved successfully.
c:\windows\system32\SET13E8.tmp moved successfully.
c:\windows\system32\SET13E9.tmp moved successfully.
c:\windows\system32\SET13EF.tmp moved successfully.
c:\windows\system32\SET13F0.tmp moved successfully.
c:\windows\system32\SET13F2.tmp moved successfully.
c:\windows\system32\SET13F3.tmp moved successfully.
c:\windows\system32\SET13F8.tmp moved successfully.
c:\windows\system32\SET13FA.tmp moved successfully.
c:\windows\system32\SET13FB.tmp moved successfully.
c:\windows\system32\SET13FC.tmp moved successfully.
c:\windows\system32\SET13FD.tmp moved successfully.
c:\windows\system32\SET13FF.tmp moved successfully.
c:\windows\system32\SET1401.tmp moved successfully.
c:\windows\system32\SET1404.tmp moved successfully.
c:\windows\system32\SET140C.tmp moved successfully.
c:\windows\system32\SET140E.tmp moved successfully.
c:\windows\system32\SET1410.tmp moved successfully.
c:\windows\system32\SET1411.tmp moved successfully.
c:\windows\system32\SET1412.tmp moved successfully.
c:\windows\system32\SET1414.tmp moved successfully.
c:\windows\system32\SET1416.tmp moved successfully.
c:\windows\system32\SET141B.tmp moved successfully.
c:\windows\system32\SET141D.tmp moved successfully.
c:\windows\system32\SET141E.tmp moved successfully.
c:\windows\system32\SET1424.tmp moved successfully.
c:\windows\system32\SET1426.tmp moved successfully.
c:\windows\system32\SET1429.tmp moved successfully.
c:\windows\system32\SET142E.tmp moved successfully.
c:\windows\system32\SET1432.tmp moved successfully.
c:\windows\system32\SET1435.tmp moved successfully.
c:\windows\system32\SET1436.tmp moved successfully.
c:\windows\system32\SET143A.tmp moved successfully.
c:\windows\system32\SET143C.tmp moved successfully.
c:\windows\system32\SET1443.tmp moved successfully.
c:\windows\system32\SET144A.tmp moved successfully.
c:\windows\system32\SET144C.tmp moved successfully.
c:\windows\system32\SET1452.tmp moved successfully.
c:\windows\system32\SET1454.tmp moved successfully.
c:\windows\system32\SET1464.tmp moved successfully.
c:\windows\system32\SET1467.tmp moved successfully.
c:\windows\system32\SET146B.tmp moved successfully.
c:\windows\system32\SET146D.tmp moved successfully.
c:\windows\system32\SET146F.tmp moved successfully.
c:\windows\system32\SET1475.tmp moved successfully.
c:\windows\system32\SET1479.tmp moved successfully.
c:\windows\system32\SET1487.tmp moved successfully.
c:\windows\system32\SET148D.tmp moved successfully.
c:\windows\system32\SET148F.tmp moved successfully.
c:\windows\system32\SET1490.tmp moved successfully.
c:\windows\system32\SET1496.tmp moved successfully.
c:\windows\system32\SET149A.tmp moved successfully.
c:\windows\system32\SET14A8.tmp moved successfully.
c:\windows\system32\SET14AA.tmp moved successfully.
c:\windows\system32\SET14AB.tmp moved successfully.
c:\windows\system32\SET14AC.tmp moved successfully.
c:\windows\system32\SET14B4.tmp moved successfully.
c:\windows\system32\SET14B8.tmp moved successfully.
c:\windows\system32\SET14C3.tmp moved successfully.
c:\windows\system32\SET14D5.tmp moved successfully.
c:\windows\system32\SET14D6.tmp moved successfully.
c:\windows\system32\SET14FE.tmp moved successfully.
c:\windows\system32\SET1500.tmp moved successfully.
c:\windows\system32\SET1502.tmp moved successfully.
c:\windows\system32\SET1509.tmp moved successfully.
c:\windows\system32\SET150A.tmp moved successfully.
c:\windows\system32\SET150B.tmp moved successfully.
c:\windows\system32\SET150D.tmp moved successfully.
c:\windows\system32\SET150E.tmp moved successfully.
c:\windows\system32\SET150F.tmp moved successfully.
c:\windows\system32\SET1512.tmp moved successfully.
c:\windows\system32\SET1514.tmp moved successfully.
c:\windows\system32\SET1515.tmp moved successfully.
c:\windows\system32\SET1517.tmp moved successfully.
c:\windows\system32\SET151A.tmp moved successfully.
c:\windows\system32\SET151C.tmp moved successfully.
c:\windows\system32\SET1521.tmp moved successfully.
c:\windows\system32\SET1522.tmp moved successfully.
c:\windows\system32\SET152A.tmp moved successfully.
c:\windows\system32\SET1530.tmp moved successfully.
c:\windows\system32\SET1535.tmp moved successfully.
c:\windows\system32\SET1538.tmp moved successfully.
c:\windows\system32\SET153B.tmp moved successfully.
c:\windows\system32\SET153D.tmp moved successfully.
c:\windows\system32\SET1541.tmp moved successfully.
c:\windows\system32\SET1543.tmp moved successfully.
c:\windows\system32\SET1544.tmp moved successfully.
c:\windows\system32\SET1545.tmp moved successfully.
c:\windows\system32\SET1548.tmp moved successfully.
c:\windows\system32\SET1549.tmp moved successfully.
c:\windows\system32\SET154D.tmp moved successfully.
c:\windows\system32\SET154E.tmp moved successfully.
c:\windows\system32\SET1551.tmp moved successfully.
c:\windows\system32\SET1553.tmp moved successfully.
c:\windows\system32\SET1558.tmp moved successfully.
c:\windows\system32\SET155B.tmp moved successfully.
c:\windows\system32\SET155F.tmp moved successfully.
c:\windows\system32\SET1561.tmp moved successfully.
c:\windows\system32\SET1563.tmp moved successfully.
c:\windows\system32\SET1665.tmp moved successfully.
c:\windows\system32\SET1666.tmp moved successfully.
c:\windows\system32\SET1667.tmp moved successfully.
c:\windows\system32\SET166A.tmp moved successfully.
c:\windows\system32\SET166D.tmp moved successfully.
c:\windows\system32\SET1672.tmp moved successfully.
c:\windows\system32\SET1682.tmp moved successfully.
c:\windows\system32\SET16A8.tmp moved successfully.
c:\windows\system32\SET16AA.tmp moved successfully.
c:\windows\system32\SET177C.tmp moved successfully.
c:\windows\system32\SET1781.tmp moved successfully.
c:\windows\system32\SET1786.tmp moved successfully.
c:\windows\system32\SET1794.tmp moved successfully.
c:\windows\system32\SET1795.tmp moved successfully.
c:\windows\system32\SET17BA.tmp moved successfully.
c:\windows\system32\SET17BC.tmp moved successfully.
c:\windows\system32\SET181.tmp moved successfully.
c:\windows\system32\SET182.tmp moved successfully.
c:\windows\system32\SET184.tmp moved successfully.
c:\windows\system32\SET186.tmp moved successfully.
c:\windows\system32\SET188.tmp moved successfully.
c:\windows\system32\SET18F.tmp moved successfully.
c:\windows\system32\SET190.tmp moved successfully.
c:\windows\system32\SET193.tmp moved successfully.
c:\windows\system32\SET197.tmp moved successfully.
c:\windows\system32\SET19B.tmp moved successfully.
c:\windows\system32\SET19E.tmp moved successfully.
c:\windows\system32\SET19F.tmp moved successfully.
c:\windows\system32\SET1A0.tmp moved successfully.
c:\windows\system32\SET1A2.tmp moved successfully.
c:\windows\system32\SET1A3.tmp moved successfully.
c:\windows\system32\SET1A4.tmp moved successfully.
c:\windows\system32\SET1A5.tmp moved successfully.
c:\windows\system32\SET1A6.tmp moved successfully.
c:\windows\system32\SET1A7.tmp moved successfully.
c:\windows\system32\SET1A9.tmp moved successfully.
c:\windows\system32\SET1AA.tmp moved successfully.
c:\windows\system32\SET1AB.tmp moved successfully.
c:\windows\system32\SET1AE.tmp moved successfully.
c:\windows\system32\SET1B5.tmp moved successfully.
c:\windows\system32\SET1B6.tmp moved successfully.
c:\windows\system32\SET1B7.tmp moved successfully.
c:\windows\system32\SET1BA.tmp moved successfully.
c:\windows\system32\SET1BC.tmp moved successfully.
c:\windows\system32\SET1BD.tmp moved successfully.
c:\windows\system32\SET1C4.tmp moved successfully.
c:\windows\system32\SET1C7.tmp moved successfully.
c:\windows\system32\SET1C8.tmp moved successfully.
c:\windows\system32\SET1CA.tmp moved successfully.
c:\windows\system32\SET1D0.tmp moved successfully.
c:\windows\system32\SET1D1.tmp moved successfully.
c:\windows\system32\SET1D2.tmp moved successfully.
c:\windows\system32\SET1D3.tmp moved successfully.
c:\windows\system32\SET1D86.tmp moved successfully.
c:\windows\system32\SET1D87.tmp moved successfully.
c:\windows\system32\SET1D8A.tmp moved successfully.
c:\windows\system32\SET1D8F.tmp moved successfully.
c:\windows\system32\SET1D9.tmp moved successfully.
c:\windows\system32\SET1D9D.tmp moved successfully.
c:\windows\system32\SET1DC5.tmp moved successfully.
c:\windows\system32\SET1DE.tmp moved successfully.
c:\windows\system32\SET1DF.tmp moved successfully.
c:\windows\system32\SET1E2.tmp moved successfully.
c:\windows\system32\SET1E5.tmp moved successfully.
c:\windows\system32\SET1E6.tmp moved successfully.
c:\windows\system32\SET1ED.tmp moved successfully.
c:\windows\system32\SET1EE.tmp moved successfully.
c:\windows\system32\SET1F1.tmp moved successfully.
c:\windows\system32\SET1F5.tmp moved successfully.
c:\windows\system32\SET202.tmp moved successfully.
c:\windows\system32\SET204.tmp moved successfully.
c:\windows\system32\SET205.tmp moved successfully.
c:\windows\system32\SET206.tmp moved successfully.
c:\windows\system32\SET207.tmp moved successfully.
c:\windows\system32\SET208.tmp moved successfully.
c:\windows\system32\SET213A.tmp moved successfully.
c:\windows\system32\SET213D.tmp moved successfully.
c:\windows\system32\SET2142.tmp moved successfully.
c:\windows\system32\SET2150.tmp moved successfully.
c:\windows\system32\SET2178.tmp moved successfully.
c:\windows\system32\SET218.tmp moved successfully.
c:\windows\system32\SET219.tmp moved successfully.
c:\windows\system32\SET21C.tmp moved successfully.
c:\windows\system32\SET21F.tmp moved successfully.
c:\windows\system32\SET221.tmp moved successfully.
c:\windows\system32\SET224.tmp moved successfully.
c:\windows\system32\SET225.tmp moved successfully.
c:\windows\system32\SET226.tmp moved successfully.
c:\windows\system32\SET229.tmp moved successfully.
c:\windows\system32\SET22A.tmp moved successfully.
c:\windows\system32\SET22F.tmp moved successfully.
c:\windows\system32\SET232.tmp moved successfully.
c:\windows\system32\SET233.tmp moved successfully.
c:\windows\system32\SET234.tmp moved successfully.
c:\windows\system32\SET23A.tmp moved successfully.
c:\windows\system32\SET23B.tmp moved successfully.
c:\windows\system32\SET23C.tmp moved successfully.
c:\windows\system32\SET244.tmp moved successfully.
c:\windows\system32\SET24A.tmp moved successfully.
c:\windows\system32\SET24B.tmp moved successfully.
c:\windows\system32\SET24C.tmp moved successfully.
c:\windows\system32\SET24D.tmp moved successfully.
c:\windows\system32\SET24F.tmp moved successfully.
c:\windows\system32\SET255.tmp moved successfully.
c:\windows\system32\SET261.tmp moved successfully.
c:\windows\system32\SET263.tmp moved successfully.
c:\windows\system32\SET265.tmp moved successfully.
c:\windows\system32\SET266.tmp moved successfully.
c:\windows\system32\SET267.tmp moved successfully.
c:\windows\system32\SET272.tmp moved successfully.
c:\windows\system32\SET274.tmp moved successfully.
c:\windows\system32\SET275.tmp moved successfully.
c:\windows\system32\SET278.tmp moved successfully.
c:\windows\system32\SET27A.tmp moved successfully.
c:\windows\system32\SET27D.tmp moved successfully.
c:\windows\system32\SET28C.tmp moved successfully.
c:\windows\system32\SET28F.tmp moved successfully.
c:\windows\system32\SET290.tmp moved successfully.
c:\windows\system32\SET297.tmp moved successfully.
c:\windows\system32\SET298.tmp moved successfully.
c:\windows\system32\SET29B.tmp moved successfully.
c:\windows\system32\SET29C.tmp moved successfully.
c:\windows\system32\SET29D.tmp moved successfully.
c:\windows\system32\SET29E.tmp moved successfully.
c:\windows\system32\SET29F.tmp moved successfully.
c:\windows\system32\SET2A1.tmp moved successfully.
c:\windows\system32\SET2A2.tmp moved successfully.
c:\windows\system32\SET2A3.tmp moved successfully.
c:\windows\system32\SET2A5.tmp moved successfully.
c:\windows\system32\SET2A6.tmp moved successfully.
c:\windows\system32\SET2A7.tmp moved successfully.
c:\windows\system32\SET2A9.tmp moved successfully.
c:\windows\system32\SET2AC.tmp moved successfully.
c:\windows\system32\SET2B1.tmp moved successfully.
c:\windows\system32\SET2B2.tmp moved successfully.
c:\windows\system32\SET2B3.tmp moved successfully.
c:\windows\system32\SET2B5.tmp moved successfully.
c:\windows\system32\SET2B6.tmp moved successfully.
c:\windows\system32\SET2B8.tmp moved successfully.
c:\windows\system32\SET2B9.tmp moved successfully.
c:\windows\system32\SET2BA.tmp moved successfully.
c:\windows\system32\SET2BB.tmp moved successfully.
c:\windows\system32\SET2BC.tmp moved successfully.
c:\windows\system32\SET2BE.tmp moved successfully.
c:\windows\system32\SET2C0.tmp moved successfully.
c:\windows\system32\SET2C7.tmp moved successfully.
c:\windows\system32\SET2C8.tmp moved successfully.
c:\windows\system32\SET2CB.tmp moved successfully.
c:\windows\system32\SET2D4.tmp moved successfully.
c:\windows\system32\SET2D5.tmp moved successfully.
c:\windows\system32\SET2D6.tmp moved successfully.
c:\windows\system32\SET2D8.tmp moved successfully.
c:\windows\system32\SET2D9.tmp moved successfully.
c:\windows\system32\SET2DA.tmp moved successfully.
c:\windows\system32\SET2DB.tmp moved successfully.
c:\windows\system32\SET2DC.tmp moved successfully.
c:\windows\system32\SET2DE.tmp moved successfully.
c:\windows\system32\SET2DF.tmp moved successfully.
c:\windows\system32\SET2E0.tmp moved successfully.
c:\windows\system32\SET2E1.tmp moved successfully.
c:\windows\system32\SET2E2.tmp moved successfully.
c:\windows\system32\SET2E3.tmp moved successfully.
c:\windows\system32\SET2E6.tmp moved successfully.
c:\windows\system32\SET2E7.tmp moved successfully.
c:\windows\system32\SET2E8.tmp moved successfully.
c:\windows\system32\SET2EA.tmp moved successfully.
c:\windows\system32\SET2ED.tmp moved successfully.
c:\windows\system32\SET2EE.tmp moved successfully.
c:\windows\system32\SET2F0.tmp moved successfully.
c:\windows\system32\SET2F3.tmp moved successfully.
c:\windows\system32\SET2F4.tmp moved successfully.
c:\windows\system32\SET2F5.tmp moved successfully.
c:\windows\system32\SET2F6.tmp moved successfully.
c:\windows\system32\SET2F7.tmp moved successfully.
c:\windows\system32\SET2F8.tmp moved successfully.
c:\windows\system32\SET2F9.tmp moved successfully.
c:\windows\system32\SET2FA.tmp moved successfully.
c:\windows\system32\SET2FB.tmp moved successfully.
c:\windows\system32\SET2FD.tmp moved successfully.
c:\windows\system32\SET2FF.tmp moved successfully.
c:\windows\system32\SET300.tmp moved successfully.
c:\windows\system32\SET301.tmp moved successfully.
c:\windows\system32\SET302.tmp moved successfully.
c:\windows\system32\SET304.tmp moved successfully.
c:\windows\system32\SET305.tmp moved successfully.
c:\windows\system32\SET306.tmp moved successfully.
c:\windows\system32\SET307.tmp moved successfully.
c:\windows\system32\SET30A.tmp moved successfully.
c:\windows\system32\SET30B.tmp moved successfully.
c:\windows\system32\SET30C.tmp moved successfully.
c:\windows\system32\SET30D.tmp moved successfully.
c:\windows\system32\SET30E.tmp moved successfully.
c:\windows\system32\SET30F.tmp moved successfully.
c:\windows\system32\SET312.tmp moved successfully.
c:\windows\system32\SET314.tmp moved successfully.
c:\windows\system32\SET316.tmp moved successfully.
c:\windows\system32\SET317.tmp moved successfully.
c:\windows\system32\SET318.tmp moved successfully.
c:\windows\system32\SET319.tmp moved successfully.
c:\windows\system32\SET31A.tmp moved successfully.
c:\windows\system32\SET31B.tmp moved successfully.
c:\windows\system32\SET31D.tmp moved successfully.
c:\windows\system32\SET31E.tmp moved successfully.
c:\windows\system32\SET31F.tmp moved successfully.
c:\windows\system32\SET320.tmp moved successfully.
c:\windows\system32\SET321.tmp moved successfully.
c:\windows\system32\SET323.tmp moved successfully.
c:\windows\system32\SET324.tmp moved successfully.
c:\windows\system32\SET325.tmp moved successfully.
c:\windows\system32\SET326.tmp moved successfully.
c:\windows\system32\SET327.tmp moved successfully.
c:\windows\system32\SET328.tmp moved successfully.
c:\windows\system32\SET329.tmp moved successfully.
c:\windows\system32\SET32A.tmp moved successfully.
c:\windows\system32\SET32B.tmp moved successfully.
c:\windows\system32\SET32C.tmp moved successfully.
c:\windows\system32\SET32D.tmp moved successfully.
c:\windows\system32\SET32E.tmp moved successfully.
c:\windows\system32\SET32F.tmp moved successfully.
c:\windows\system32\SET330.tmp moved successfully.
c:\windows\system32\SET332.tmp moved successfully.
c:\windows\system32\SET333.tmp moved successfully.
c:\windows\system32\SET334.tmp moved successfully.
c:\windows\system32\SET335.tmp moved successfully.
c:\windows\system32\SET337.tmp moved successfully.
c:\windows\system32\SET339.tmp moved successfully.
c:\windows\system32\SET33A.tmp moved successfully.
c:\windows\system32\SET33B.tmp moved successfully.
c:\windows\system32\SET33E.tmp moved successfully.
c:\windows\system32\SET33F.tmp moved successfully.
c:\windows\system32\SET340.tmp moved successfully.
c:\windows\system32\SET341.tmp moved successfully.
c:\windows\system32\SET342.tmp moved successfully.
c:\windows\system32\SET343.tmp moved successfully.
c:\windows\system32\SET344.tmp moved successfully.
c:\windows\system32\SET345.tmp moved successfully.
c:\windows\system32\SET348.tmp moved successfully.
c:\windows\system32\SET34A.tmp moved successfully.
c:\windows\system32\SET34B.tmp moved successfully.
c:\windows\system32\SET34C.tmp moved successfully.
c:\windows\system32\SET34E.tmp moved successfully.
c:\windows\system32\SET34F.tmp moved successfully.
c:\windows\system32\SET351.tmp moved successfully.
c:\windows\system32\SET353.tmp moved successfully.
c:\windows\system32\SET356.tmp moved successfully.
c:\windows\system32\SET358.tmp moved successfully.
c:\windows\system32\SET359.tmp moved successfully.
c:\windows\system32\SET35A.tmp moved successfully.
c:\windows\system32\SET35B.tmp moved successfully.
c:\windows\system32\SET35C.tmp moved successfully.
c:\windows\system32\SET35D.tmp moved successfully.
c:\windows\system32\SET360.tmp moved successfully.
c:\windows\system32\SET362.tmp moved successfully.
c:\windows\system32\SET364.tmp moved successfully.
c:\windows\system32\SET365.tmp moved successfully.
c:\windows\system32\SET366.tmp moved successfully.
c:\windows\system32\SET367.tmp moved successfully.
c:\windows\system32\SET368.tmp moved successfully.
c:\windows\system32\SET369.tmp moved successfully.
c:\windows\system32\SET36A.tmp moved successfully.
c:\windows\system32\SET36B.tmp moved successfully.
c:\windows\system32\SET36C.tmp moved successfully.
c:\windows\system32\SET36D.tmp moved successfully.
c:\windows\system32\SET371.tmp moved successfully.
c:\windows\system32\SET375.tmp moved successfully.
c:\windows\system32\SET376.tmp moved successfully.
c:\windows\system32\SET377.tmp moved successfully.
c:\windows\system32\SET378.tmp moved successfully.
c:\windows\system32\SET37A.tmp moved successfully.
c:\windows\system32\SET37C.tmp moved successfully.
c:\windows\system32\SET37D.tmp moved successfully.
c:\windows\system32\SET37E.tmp moved successfully.
c:\windows\system32\SET37F.tmp moved successfully.
c:\windows\system32\SET382.tmp moved successfully.
c:\windows\system32\SET384.tmp moved successfully.
c:\windows\system32\SET385.tmp moved successfully.
c:\windows\system32\SET386.tmp moved successfully.
c:\windows\system32\SET389.tmp moved successfully.
c:\windows\system32\SET38A.tmp moved successfully.
c:\windows\system32\SET38C.tmp moved successfully.
c:\windows\system32\SET38E.tmp moved successfully.
c:\windows\system32\SET390.tmp moved successfully.
c:\windows\system32\SET392.tmp moved successfully.
c:\windows\system32\SET399.tmp moved successfully.
c:\windows\system32\SET39B.tmp moved successfully.
c:\windows\system32\SET39C.tmp moved successfully.
c:\windows\system32\SET39D.tmp moved successfully.
c:\windows\system32\SET39E.tmp moved successfully.
c:\windows\system32\SET39F.tmp moved successfully.
c:\windows\system32\SET3A0.tmp moved successfully.
c:\windows\system32\SET3A1.tmp moved successfully.
c:\windows\system32\SET3A4.tmp moved successfully.
c:\windows\system32\SET3A5.tmp moved successfully.
c:\windows\system32\SET3A6.tmp moved successfully.
c:\windows\system32\SET3A7.tmp moved successfully.
c:\windows\system32\SET3A8.tmp moved successfully.
c:\windows\system32\SET3A9.tmp moved successfully.
c:\windows\system32\SET3AA.tmp moved successfully.
c:\windows\system32\SET3AD.tmp moved successfully.
c:\windows\system32\SET3B1.tmp moved successfully.
c:\windows\system32\SET3BA.tmp moved successfully.
c:\windows\system32\SET3BC.tmp moved successfully.
c:\windows\system32\SET3BF.tmp moved successfully.
c:\windows\system32\SET3C1.tmp moved successfully.
c:\windows\system32\SET3C2.tmp moved successfully.
c:\windows\system32\SET3C3.tmp moved successfully.
c:\windows\system32\SET3C4.tmp moved successfully.
c:\windows\system32\SET3C5.tmp moved successfully.
c:\windows\system32\SET3C7.tmp moved successfully.
c:\windows\system32\SET3C8.tmp moved successfully.
c:\windows\system32\SET3C9.tmp moved successfully.
c:\windows\system32\SET3CA.tmp moved successfully.
c:\windows\system32\SET3CB.tmp moved successfully.
c:\windows\system32\SET3CC.tmp moved successfully.
c:\windows\system32\SET3CE.tmp moved successfully.
c:\windows\system32\SET3CF.tmp moved successfully.
c:\windows\system32\SET3D0.tmp moved successfully.
c:\windows\system32\SET3D2.tmp moved successfully.
c:\windows\system32\SET3D3.tmp moved successfully.
c:\windows\system32\SET3D4.tmp moved successfully.
c:\windows\system32\SET3D6.tmp moved successfully.
c:\windows\system32\SET3D8.tmp moved successfully.
c:\windows\system32\SET3D9.tmp moved successfully.
c:\windows\system32\SET3DA.tmp moved successfully.
c:\windows\system32\SET3DB.tmp moved successfully.
c:\windows\system32\SET3DC.tmp moved successfully.
c:\windows\system32\SET3DD.tmp moved successfully.
c:\windows\system32\SET3E1.tmp moved successfully.
c:\windows\system32\SET3E2.tmp moved successfully.
c:\windows\system32\SET3E3.tmp moved successfully.
c:\windows\system32\SET3E4.tmp moved successfully.
c:\windows\system32\SET3E5.tmp moved successfully.
c:\windows\system32\SET3E8.tmp moved successfully.
c:\windows\system32\SET3E9.tmp moved successfully.
c:\windows\system32\SET3EA.tmp moved successfully.
c:\windows\system32\SET3EC.tmp moved successfully.
c:\windows\system32\SET3ED.tmp moved successfully.
c:\windows\system32\SET3EE.tmp moved successfully.
c:\windows\system32\SET3F3.tmp moved successfully.
c:\windows\system32\SET3F4.tmp moved successfully.
c:\windows\system32\SET3F5.tmp moved successfully.
c:\windows\system32\SET3F6.tmp moved successfully.
c:\windows\system32\SET3F7.tmp moved successfully.
c:\windows\system32\SET3F8.tmp moved successfully.
c:\windows\system32\SET3F9.tmp moved successfully.
c:\windows\system32\SET3FA.tmp moved successfully.
c:\windows\system32\SET3FF.tmp moved successfully.
c:\windows\system32\SET403.tmp moved successfully.
c:\windows\system32\SET409.tmp moved successfully.
c:\windows\system32\SET40A.tmp moved successfully.
c:\windows\system32\SET40B.tmp moved successfully.
c:\windows\system32\SET40C.tmp moved successfully.
c:\windows\system32\SET40D.tmp moved successfully.
c:\windows\system32\SET40E.tmp moved successfully.
c:\windows\system32\SET40F.tmp moved successfully.
c:\windows\system32\SET410.tmp moved successfully.
c:\windows\system32\SET411.tmp moved successfully.
c:\windows\system32\SET413.tmp moved successfully.
c:\windows\system32\SET415.tmp moved successfully.
c:\windows\system32\SET417.tmp moved successfully.
c:\windows\system32\SET419.tmp moved successfully.
c:\windows\system32\SET41C.tmp moved successfully.
c:\windows\system32\SET41E.tmp moved successfully.
c:\windows\system32\SET41F.tmp moved successfully.
c:\windows\system32\SET420.tmp moved successfully.
c:\windows\system32\SET421.tmp moved successfully.
c:\windows\system32\SET422.tmp moved successfully.
c:\windows\system32\SET424.tmp moved successfully.
c:\windows\system32\SET425.tmp moved successfully.
c:\windows\system32\SET426.tmp moved successfully.
c:\windows\system32\SET427.tmp moved successfully.
c:\windows\system32\SET429.tmp moved successfully.
c:\windows\system32\SET42A.tmp moved successfully.
c:\windows\system32\SET42B.tmp moved successfully.
c:\windows\system32\SET42C.tmp moved successfully.
c:\windows\system32\SET42D.tmp moved successfully.
c:\windows\system32\SET42E.tmp moved successfully.
c:\windows\system32\SET431.tmp moved successfully.
c:\windows\system32\SET432.tmp moved successfully.
c:\windows\system32\SET433.tmp moved successfully.
c:\windows\system32\SET435.tmp moved successfully.
c:\windows\system32\SET438.tmp moved successfully.
c:\windows\system32\SET439.tmp moved successfully.
c:\windows\system32\SET43A.tmp moved successfully.
c:\windows\system32\SET43E.tmp moved successfully.
c:\windows\system32\SET440.tmp moved successfully.
c:\windows\system32\SET441.tmp moved successfully.
c:\windows\system32\SET443.tmp moved successfully.
c:\windows\system32\SET444.tmp moved successfully.
c:\windows\system32\SET445.tmp moved successfully.
c:\windows\system32\SET447.tmp moved successfully.
c:\windows\system32\SET449.tmp moved successfully.
c:\windows\system32\SET44C.tmp moved successfully.
c:\windows\system32\SET44E.tmp moved successfully.
c:\windows\system32\SET44F.tmp moved successfully.
c:\windows\system32\SET450.tmp moved successfully.
c:\windows\system32\SET451.tmp moved successfully.
c:\windows\system32\SET452.tmp moved successfully.
c:\windows\system32\SET454.tmp moved successfully.
c:\windows\system32\SET458.tmp moved successfully.
c:\windows\system32\SET459.tmp moved successfully.
c:\windows\system32\SET45A.tmp moved successfully.
c:\windows\system32\SET45B.tmp moved successfully.
c:\windows\system32\SET45D.tmp moved successfully.
c:\windows\system32\SET45E.tmp moved successfully.
c:\windows\system32\SET45F.tmp moved successfully.
c:\windows\system32\SET460.tmp moved successfully.
c:\windows\system32\SET461.tmp moved successfully.
c:\windows\system32\SET462.tmp moved successfully.
c:\windows\system32\SET463.tmp moved successfully.
c:\windows\system32\SET464.tmp moved successfully.
c:\windows\system32\SET465.tmp moved successfully.
c:\windows\system32\SET466.tmp moved successfully.
c:\windows\system32\SET467.tmp moved successfully.
c:\windows\system32\SET468.tmp moved successfully.
c:\windows\system32\SET469.tmp moved successfully.
c:\windows\system32\SET46A.tmp moved successfully.
c:\windows\system32\SET46B.tmp moved successfully.
c:\windows\system32\SET46D.tmp moved successfully.
c:\windows\system32\SET46E.tmp moved successfully.
c:\windows\system32\SET46F.tmp moved successfully.
c:\windows\system32\SET470.tmp moved successfully.
c:\windows\system32\SET472.tmp moved successfully.
c:\windows\system32\SET473.tmp moved successfully.
c:\windows\system32\SET474.tmp moved successfully.
c:\windows\system32\SET475.tmp moved successfully.
c:\windows\system32\SET476.tmp moved successfully.
c:\windows\system32\SET477.tmp moved successfully.
c:\windows\system32\SET478.tmp moved successfully.
c:\windows\system32\SET479.tmp moved successfully.
c:\windows\system32\SET47A.tmp moved successfully.
c:\windows\system32\SET47C.tmp moved successfully.
c:\windows\system32\SET47D.tmp moved successfully.
c:\windows\system32\SET47E.tmp moved successfully.
c:\windows\system32\SET481.tmp moved successfully.
c:\windows\system32\SET482.tmp moved successfully.
c:\windows\system32\SET483.tmp moved successfully.
c:\windows\system32\SET484.tmp moved successfully.
c:\windows\system32\SET486.tmp moved successfully.
c:\windows\system32\SET489.tmp moved successfully.
c:\windows\system32\SET48A.tmp moved successfully.
c:\windows\system32\SET48B.tmp moved successfully.
c:\windows\system32\SET48D.tmp moved successfully.
c:\windows\system32\SET498.tmp moved successfully.
c:\windows\system32\SET49A.tmp moved successfully.
c:\windows\system32\SET49B.tmp moved successfully.
c:\windows\system32\SET49C.tmp moved successfully.
c:\windows\system32\SET4A3.tmp moved successfully.
c:\windows\system32\SET4A4.tmp moved successfully.
c:\windows\system32\SET4A7.tmp moved successfully.
c:\windows\system32\SET4A8.tmp moved successfully.
c:\windows\system32\SET4A9.tmp moved successfully.
c:\windows\system32\SET4AA.tmp moved successfully.
c:\windows\system32\SET4AB.tmp moved successfully.
c:\windows\system32\SET4AD.tmp moved successfully.
c:\windows\system32\SET4AE.tmp moved successfully.
c:\windows\system32\SET4AF.tmp moved successfully.
c:\windows\system32\SET4B1.tmp moved successfully.
c:\windows\system32\SET4B2.tmp moved successfully.
c:\windows\system32\SET4B3.tmp moved successfully.
c:\windows\system32\SET4B4.tmp moved successfully.
c:\windows\system32\SET4B5.tmp moved successfully.
c:\windows\system32\SET4B6.tmp moved successfully.
c:\windows\system32\SET4B7.tmp moved successfully.
c:\windows\system32\SET4B8.tmp moved successfully.
c:\windows\system32\SET4B9.tmp moved successfully.
c:\windows\system32\SET4BB.tmp moved successfully.
c:\windows\system32\SET4BC.tmp moved successfully.
c:\windows\system32\SET4BE.tmp moved successfully.
c:\windows\system32\SET4BF.tmp moved successfully.
c:\windows\system32\SET4C1.tmp moved successfully.
c:\windows\system32\SET4C2.tmp moved successfully.
c:\windows\system32\SET4C6.tmp moved successfully.
c:\windows\system32\SET4C8.tmp moved successfully.
c:\windows\system32\SET4C9.tmp moved successfully.
c:\windows\system32\SET4CA.tmp moved successfully.
c:\windows\system32\SET4CB.tmp moved successfully.
c:\windows\system32\SET4CC.tmp moved successfully.
c:\windows\system32\SET4CD.tmp moved successfully.
c:\windows\system32\SET4CE.tmp moved successfully.
c:\windows\system32\SET4CF.tmp moved successfully.
c:\windows\system32\SET4D0.tmp moved successfully.
c:\windows\system32\SET4D1.tmp moved successfully.
c:\windows\system32\SET4D6.tmp moved successfully.
c:\windows\system32\SET4D7.tmp moved successfully.
c:\windows\system32\SET4D8.tmp moved successfully.
c:\windows\system32\SET4D9.tmp moved successfully.
c:\windows\system32\SET4DA.tmp moved successfully.
c:\windows\system32\SET4DB.tmp moved successfully.
c:\windows\system32\SET4DC.tmp moved successfully.
c:\windows\system32\SET4DD.tmp moved successfully.
c:\windows\system32\SET4DE.tmp moved successfully.
c:\windows\system32\SET4DF.tmp moved successfully.
c:\windows\system32\SET4E1.tmp moved successfully.
c:\windows\system32\SET4E4.tmp moved successfully.
c:\windows\system32\SET4E5.tmp moved successfully.
c:\windows\system32\SET4E6.tmp moved successfully.
c:\windows\system32\SET4E7.tmp moved successfully.
c:\windows\system32\SET4E8.tmp moved successfully.
c:\windows\system32\SET4E9.tmp moved successfully.
c:\windows\system32\SET4EA.tmp moved successfully.
c:\windows\system32\SET4EB.tmp moved successfully.
c:\windows\system32\SET4EC.tmp moved successfully.
c:\windows\system32\SET4ED.tmp moved successfully.
c:\windows\system32\SET4EE.tmp moved successfully.
c:\windows\system32\SET4EF.tmp moved successfully.
c:\windows\system32\SET4F0.tmp moved successfully.
c:\windows\system32\SET4F2.tmp moved successfully.
c:\windows\system32\SET4F3.tmp moved successfully.
c:\windows\system32\SET4F4.tmp moved successfully.
c:\windows\system32\SET4F5.tmp moved successfully.
c:\windows\system32\SET4F9.tmp moved successfully.
c:\windows\system32\SET4FA.tmp moved successfully.
c:\windows\system32\SET4FB.tmp moved successfully.
c:\windows\system32\SET4FC.tmp moved successfully.
c:\windows\system32\SET4FE.tmp moved successfully.
c:\windows\system32\SET4FF.tmp moved successfully.
c:\windows\system32\SET500.tmp moved successfully.
c:\windows\system32\SET501.tmp moved successfully.
c:\windows\system32\SET502.tmp moved successfully.
c:\windows\system32\SET503.tmp moved successfully.
c:\windows\system32\SET504.tmp moved successfully.
c:\windows\system32\SET505.tmp moved successfully.
c:\windows\system32\SET506.tmp moved successfully.
c:\windows\system32\SET508.tmp moved successfully.
c:\windows\system32\SET509.tmp moved successfully.
c:\windows\system32\SET50A.tmp moved successfully.
c:\windows\system32\SET50B.tmp moved successfully.
c:\windows\system32\SET50C.tmp moved successfully.
c:\windows\system32\SET50D.tmp moved successfully.
c:\windows\system32\SET50E.tmp moved successfully.
c:\windows\system32\SET50F.tmp moved successfully.
c:\windows\system32\SET510.tmp moved successfully.
c:\windows\system32\SET513.tmp moved successfully.
c:\windows\system32\SET514.tmp moved successfully.
c:\windows\system32\SET515.tmp moved successfully.
c:\windows\system32\SET516.tmp moved successfully.
c:\windows\system32\SET517.tmp moved successfully.
c:\windows\system32\SET518.tmp moved successfully.
c:\windows\system32\SET51B.tmp moved successfully.
c:\windows\system32\SET51E.tmp moved successfully.
c:\windows\system32\SET51F.tmp moved successfully.
c:\windows\system32\SET520.tmp moved successfully.
c:\windows\system32\SET521.tmp moved successfully.
c:\windows\system32\SET522.tmp moved successfully.
c:\windows\system32\SET523.tmp moved successfully.
c:\windows\system32\SET524.tmp moved successfully.
c:\windows\system32\SET525.tmp moved successfully.
c:\windows\system32\SET526.tmp moved successfully.
c:\windows\system32\SET527.tmp moved successfully.
c:\windows\system32\SET528.tmp moved successfully.
c:\windows\system32\SET52A.tmp moved successfully.
c:\windows\system32\SET52B.tmp moved successfully.
c:\windows\system32\SET52C.tmp moved successfully.
c:\windows\system32\SET52D.tmp moved successfully.
c:\windows\system32\SET531.tmp moved successfully.
c:\windows\system32\SET532.tmp moved successfully.
c:\windows\system32\SET533.tmp moved successfully.
c:\windows\system32\SET535.tmp moved successfully.
c:\windows\system32\SET536.tmp moved successfully.
c:\windows\system32\SET537.tmp moved successfully.
c:\windows\system32\SET538.tmp moved successfully.
c:\windows\system32\SET53A.tmp moved successfully.
c:\windows\system32\SET53B.tmp moved successfully.
c:\windows\system32\SET53E.tmp moved successfully.
c:\windows\system32\SET53F.tmp moved successfully.
c:\windows\system32\SET543.tmp moved successfully.
c:\windows\system32\SET545.tmp moved successfully.
c:\windows\system32\SET546.tmp moved successfully.
c:\windows\system32\SET547.tmp moved successfully.
c:\windows\system32\SET549.tmp moved successfully.
c:\windows\system32\SET54A.tmp moved successfully.
c:\windows\system32\SET54B.tmp moved successfully.
c:\windows\system32\SET54C.tmp moved successfully.
c:\windows\system32\SET54D.tmp moved successfully.
c:\windows\system32\SET54F.tmp moved successfully.
c:\windows\system32\SET550.tmp moved successfully.
c:\windows\system32\SET551.tmp moved successfully.
c:\windows\system32\SET552.tmp moved successfully.
c:\windows\system32\SET553.tmp moved successfully.
c:\windows\system32\SET557.tmp moved successfully.
c:\windows\system32\SET55A.tmp moved successfully.
c:\windows\system32\SET55B.tmp moved successfully.
c:\windows\system32\SET55D.tmp moved successfully.
c:\windows\system32\SET55E.tmp moved successfully.
c:\windows\system32\SET55F.tmp moved successfully.
c:\windows\system32\SET560.tmp moved successfully.
c:\windows\system32\SET561.tmp moved successfully.
c:\windows\system32\SET562.tmp moved successfully.
c:\windows\system32\SET564.tmp moved successfully.
c:\windows\system32\SET567.tmp moved successfully.
c:\windows\system32\SET568.tmp moved successfully.
c:\windows\system32\SET56A.tmp moved successfully.
c:\windows\system32\SET56B.tmp moved successfully.
c:\windows\system32\SET56C.tmp moved successfully.
c:\windows\system32\SET56E.tmp moved successfully.
c:\windows\system32\SET56F.tmp moved successfully.
c:\windows\system32\SET570.tmp moved successfully.
c:\windows\system32\SET571.tmp moved successfully.
c:\windows\system32\SET572.tmp moved successfully.
c:\windows\system32\SET573.tmp moved successfully.
c:\windows\system32\SET574.tmp moved successfully.
c:\windows\system32\SET575.tmp moved successfully.
c:\windows\system32\SET576.tmp moved successfully.
c:\windows\system32\SET577.tmp moved successfully.
c:\windows\system32\SET578.tmp moved successfully.
c:\windows\system32\SET57A.tmp moved successfully.
c:\windows\system32\SET57B.tmp moved successfully.
c:\windows\system32\SET57C.tmp moved successfully.
c:\windows\system32\SET57D.tmp moved successfully.
c:\windows\system32\SET57E.tmp moved successfully.
c:\windows\system32\SET580.tmp moved successfully.
c:\windows\system32\SET581.tmp moved successfully.
c:\windows\system32\SET584.tmp moved successfully.
c:\windows\system32\SET586.tmp moved successfully.
c:\windows\system32\SET587.tmp moved successfully.
c:\windows\system32\SET58C.tmp moved successfully.
c:\windows\system32\SET58D.tmp moved successfully.
c:\windows\system32\SET58E.tmp moved successfully.
c:\windows\system32\SET58F.tmp moved successfully.
c:\windows\system32\SET591.tmp moved successfully.
c:\windows\system32\SET592.tmp moved successfully.
c:\windows\system32\SET594.tmp moved successfully.
c:\windows\system32\SET596.tmp moved successfully.
c:\windows\system32\SET597.tmp moved successfully.
c:\windows\system32\SET598.tmp moved successfully.
c:\windows\system32\SET599.tmp moved successfully.
c:\windows\system32\SET59A.tmp moved successfully.
c:\windows\system32\SET59C.tmp moved successfully.
c:\windows\system32\SET59D.tmp moved successfully.
c:\windows\system32\SET59E.tmp moved successfully.
c:\windows\system32\SET59F.tmp moved successfully.
c:\windows\system32\SET5A0.tmp moved successfully.
c:\windows\system32\SET5A1.tmp moved successfully.
c:\windows\system32\SET5A2.tmp moved successfully.
c:\windows\system32\SET5A3.tmp moved successfully.
c:\windows\system32\SET5A5.tmp moved successfully.
c:\windows\system32\SET5A6.tmp moved successfully.
c:\windows\system32\SET5A7.tmp moved successfully.
c:\windows\system32\SET5A8.tmp moved successfully.
c:\windows\system32\SET5A9.tmp moved successfully.
c:\windows\system32\SET5AA.tmp moved successfully.
c:\windows\system32\SET5AC.tmp moved successfully.
c:\windows\system32\SET5AD.tmp moved successfully.
c:\windows\system32\SET5AE.tmp moved successfully.
c:\windows\system32\SET5AF.tmp moved successfully.
c:\windows\system32\SET5B0.tmp moved successfully.
c:\windows\system32\SET5B1.tmp moved successfully.
c:\windows\system32\SET5B2.tmp moved successfully.
c:\windows\system32\SET5B3.tmp moved successfully.
c:\windows\system32\SET5B4.tmp moved successfully.
c:\windows\system32\SET5B6.tmp moved successfully.
c:\windows\system32\SET5B7.tmp moved successfully.
c:\windows\system32\SET5B8.tmp moved successfully.
c:\windows\system32\SET5BA.tmp moved successfully.
c:\windows\system32\SET5BC.tmp moved successfully.
c:\windows\system32\SET5BE.tmp moved successfully.
c:\windows\system32\SET5BF.tmp moved successfully.
c:\windows\system32\SET5C3.tmp moved successfully.
c:\windows\system32\SET5C4.tmp moved successfully.
c:\windows\system32\SET5C5.tmp moved successfully.
c:\windows\system32\SET5C9.tmp moved successfully.
c:\windows\system32\SET5CB.tmp moved successfully.
c:\windows\system32\SET5CC.tmp moved successfully.
c:\windows\system32\SET5CD.tmp moved successfully.
c:\windows\system32\SET5CE.tmp moved successfully.
c:\windows\system32\SET5CF.tmp moved successfully.
c:\windows\system32\SET5D0.tmp moved successfully.
c:\windows\system32\SET5D1.tmp moved successfully.
c:\windows\system32\SET5D2.tmp moved successfully.
c:\windows\system32\SET5D4.tmp moved successfully.
c:\windows\system32\SET5D6.tmp moved successfully.
c:\windows\system32\SET5D7.tmp moved successfully.
c:\windows\system32\SET5D8.tmp moved successfully.
c:\windows\system32\SET5D9.tmp moved successfully.
c:\windows\system32\SET5DA.tmp moved successfully.
c:\windows\system32\SET5DD.tmp moved successfully.
c:\windows\system32\SET5DE.tmp moved successfully.
c:\windows\system32\SET5E0.tmp moved successfully.
c:\windows\system32\SET5E1.tmp moved successfully.
c:\windows\system32\SET5E2.tmp moved successfully.
c:\windows\system32\SET5E3.tmp moved successfully.
c:\windows\system32\SET5E4.tmp moved successfully.
c:\windows\system32\SET5E5.tmp moved successfully.
c:\windows\system32\SET5E6.tmp moved successfully.
c:\windows\system32\SET5E7.tmp moved successfully.
c:\windows\system32\SET5E9.tmp moved successfully.
c:\windows\system32\SET5EA.tmp moved successfully.
c:\windows\system32\SET5EB.tmp moved successfully.
c:\windows\system32\SET5ED.tmp moved successfully.
c:\windows\system32\SET5EE.tmp moved successfully.
c:\windows\system32\SET5F0.tmp moved successfully.
c:\windows\system32\SET5F1.tmp moved successfully.
c:\windows\system32\SET5F2.tmp moved successfully.
c:\windows\system32\SET5F4.tmp moved successfully.
c:\windows\system32\SET5F5.tmp moved successfully.
c:\windows\system32\SET5F6.tmp moved successfully.
c:\windows\system32\SET5F7.tmp moved successfully.
c:\windows\system32\SET5F8.tmp moved successfully.
c:\windows\system32\SET5F9.tmp moved successfully.
c:\windows\system32\SET5FA.tmp moved successfully.
c:\windows\system32\SET5FB.tmp moved successfully.
c:\windows\system32\SET5FC.tmp moved successfully.
c:\windows\system32\SET5FD.tmp moved successfully.
c:\windows\system32\SET5FE.tmp moved successfully.
c:\windows\system32\SET5FF.tmp moved successfully.
c:\windows\system32\SET600.tmp moved successfully.
c:\windows\system32\SET601.tmp moved successfully.
c:\windows\system32\SET602.tmp moved successfully.
c:\windows\system32\SET603.tmp moved successfully.
c:\windows\system32\SET604.tmp moved successfully.
c:\windows\system32\SET606.tmp moved successfully.
c:\windows\system32\SET607.tmp moved successfully.
c:\windows\system32\SET608.tmp moved successfully.
c:\windows\system32\SET609.tmp moved successfully.
c:\windows\system32\SET60A.tmp moved successfully.
c:\windows\system32\SET60C.tmp moved successfully.
c:\windows\system32\SET60D.tmp moved successfully.
c:\windows\system32\SET60F.tmp moved successfully.
c:\windows\system32\SET610.tmp moved successfully.
c:\windows\system32\SET611.tmp moved successfully.
c:\windows\system32\SET612.tmp moved successfully.
c:\windows\system32\SET615.tmp moved successfully.
c:\windows\system32\SET61A.tmp moved successfully.
c:\windows\system32\SET61B.tmp moved successfully.
c:\windows\system32\SET61C.tmp moved successfully.
c:\windows\system32\SET61D.tmp moved successfully.
c:\windows\system32\SET620.tmp moved successfully.
c:\windows\system32\SET622.tmp moved successfully.
c:\windows\system32\SET623.tmp moved successfully.
c:\windows\system32\SET625.tmp moved successfully.
c:\windows\system32\SET626.tmp moved successfully.
c:\windows\system32\SET627.tmp moved successfully.
c:\windows\system32\SET628.tmp moved successfully.
c:\windows\system32\SET62A.tmp moved successfully.
c:\windows\system32\SET62B.tmp moved successfully.
c:\windows\system32\SET62C.tmp moved successfully.
c:\windows\system32\SET62E.tmp moved successfully.
c:\windows\system32\SET62F.tmp moved successfully.
c:\windows\system32\SET631.tmp moved successfully.
c:\windows\system32\SET632.tmp moved successfully.
c:\windows\system32\SET633.tmp moved successfully.
c:\windows\system32\SET635.tmp moved successfully.
c:\windows\system32\SET636.tmp moved successfully.
c:\windows\system32\SET637.tmp moved successfully.
c:\windows\system32\SET638.tmp moved successfully.
c:\windows\system32\SET639.tmp moved successfully.
c:\windows\system32\SET63A.tmp moved successfully.
c:\windows\system32\SET63C.tmp moved successfully.
c:\windows\system32\SET63D.tmp moved successfully.
c:\windows\system32\SET63E.tmp moved successfully.
c:\windows\system32\SET63F.tmp moved successfully.
c:\windows\system32\SET640.tmp moved successfully.
Nahoru
Uživatelský avatar
Body
Level 2
Level 2
Příspěvky: 185
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Moc prosím o kontrolu logu - HiJackThis

Příspěvekod Body » 04 bře 2009 22:33

c:\windows\system32\SET641.tmp moved successfully.
c:\windows\system32\SET643.tmp moved successfully.
c:\windows\system32\SET644.tmp moved successfully.
c:\windows\system32\SET645.tmp moved successfully.
c:\windows\system32\SET646.tmp moved successfully.
c:\windows\system32\SET648.tmp moved successfully.
c:\windows\system32\SET649.tmp moved successfully.
c:\windows\system32\SET64A.tmp moved successfully.
c:\windows\system32\SET64F.tmp moved successfully.
c:\windows\system32\SET650.tmp moved successfully.
c:\windows\system32\SET651.tmp moved successfully.
c:\windows\system32\SET652.tmp moved successfully.
c:\windows\system32\SET653.tmp moved successfully.
c:\windows\system32\SET654.tmp moved successfully.
c:\windows\system32\SET655.tmp moved successfully.
c:\windows\system32\SET656.tmp moved successfully.
c:\windows\system32\SET659.tmp moved successfully.
c:\windows\system32\SET65A.tmp moved successfully.
c:\windows\system32\SET65B.tmp moved successfully.
c:\windows\system32\SET65C.tmp moved successfully.
c:\windows\system32\SET65D.tmp moved successfully.
c:\windows\system32\SET65E.tmp moved successfully.
c:\windows\system32\SET660.tmp moved successfully.
c:\windows\system32\SET662.tmp moved successfully.
c:\windows\system32\SET664.tmp moved successfully.
c:\windows\system32\SET665.tmp moved successfully.
c:\windows\system32\SET666.tmp moved successfully.
c:\windows\system32\SET667.tmp moved successfully.
c:\windows\system32\SET66C.tmp moved successfully.
c:\windows\system32\SET66D.tmp moved successfully.
c:\windows\system32\SET66E.tmp moved successfully.
c:\windows\system32\SET66F.tmp moved successfully.
c:\windows\system32\SET670.tmp moved successfully.
c:\windows\system32\SET671.tmp moved successfully.
c:\windows\system32\SET672.tmp moved successfully.
c:\windows\system32\SET673.tmp moved successfully.
c:\windows\system32\SET674.tmp moved successfully.
c:\windows\system32\SET675.tmp moved successfully.
c:\windows\system32\SET676.tmp moved successfully.
c:\windows\system32\SET678.tmp moved successfully.
c:\windows\system32\SET67A.tmp moved successfully.
c:\windows\system32\SET67B.tmp moved successfully.
c:\windows\system32\SET67C.tmp moved successfully.
c:\windows\system32\SET67E.tmp moved successfully.
c:\windows\system32\SET67F.tmp moved successfully.
c:\windows\system32\SET680.tmp moved successfully.
c:\windows\system32\SET681.tmp moved successfully.
c:\windows\system32\SET682.tmp moved successfully.
c:\windows\system32\SET683.tmp moved successfully.
c:\windows\system32\SET684.tmp moved successfully.
c:\windows\system32\SET685.tmp moved successfully.
c:\windows\system32\SET686.tmp moved successfully.
c:\windows\system32\SET687.tmp moved successfully.
c:\windows\system32\SET689.tmp moved successfully.
c:\windows\system32\SET68B.tmp moved successfully.
c:\windows\system32\SET68C.tmp moved successfully.
c:\windows\system32\SET68D.tmp moved successfully.
c:\windows\system32\SET68F.tmp moved successfully.
c:\windows\system32\SET690.tmp moved successfully.
c:\windows\system32\SET691.tmp moved successfully.
c:\windows\system32\SET694.tmp moved successfully.
c:\windows\system32\SET695.tmp moved successfully.
c:\windows\system32\SET697.tmp moved successfully.
c:\windows\system32\SET698.tmp moved successfully.
c:\windows\system32\SET699.tmp moved successfully.
c:\windows\system32\SET69A.tmp moved successfully.
c:\windows\system32\SET69B.tmp moved successfully.
c:\windows\system32\SET69C.tmp moved successfully.
c:\windows\system32\SET69D.tmp moved successfully.
c:\windows\system32\SET69E.tmp moved successfully.
c:\windows\system32\SET69F.tmp moved successfully.
c:\windows\system32\SET6A1.tmp moved successfully.
c:\windows\system32\SET6A2.tmp moved successfully.
c:\windows\system32\SET6A3.tmp moved successfully.
c:\windows\system32\SET6A4.tmp moved successfully.
c:\windows\system32\SET6A7.tmp moved successfully.
c:\windows\system32\SET6A8.tmp moved successfully.
c:\windows\system32\SET6A9.tmp moved successfully.
c:\windows\system32\SET6AA.tmp moved successfully.
c:\windows\system32\SET6AB.tmp moved successfully.
c:\windows\system32\SET6AC.tmp moved successfully.
c:\windows\system32\SET6AD.tmp moved successfully.
c:\windows\system32\SET6AE.tmp moved successfully.
c:\windows\system32\SET6AF.tmp moved successfully.
c:\windows\system32\SET6B0.tmp moved successfully.
c:\windows\system32\SET6B1.tmp moved successfully.
c:\windows\system32\SET6B2.tmp moved successfully.
c:\windows\system32\SET6B3.tmp moved successfully.
c:\windows\system32\SET6B5.tmp moved successfully.
c:\windows\system32\SET6B8.tmp moved successfully.
c:\windows\system32\SET6B9.tmp moved successfully.
c:\windows\system32\SET6BF.tmp moved successfully.
c:\windows\system32\SET6C3.tmp moved successfully.
c:\windows\system32\SET6C4.tmp moved successfully.
c:\windows\system32\SET6C6.tmp moved successfully.
c:\windows\system32\SET6C7.tmp moved successfully.
c:\windows\system32\SET6C8.tmp moved successfully.
c:\windows\system32\SET6CB.tmp moved successfully.
c:\windows\system32\SET6CC.tmp moved successfully.
c:\windows\system32\SET6CD.tmp moved successfully.
c:\windows\system32\SET6CE.tmp moved successfully.
c:\windows\system32\SET6CF.tmp moved successfully.
c:\windows\system32\SET6D0.tmp moved successfully.
c:\windows\system32\SET6D1.tmp moved successfully.
c:\windows\system32\SET6D2.tmp moved successfully.
c:\windows\system32\SET6D4.tmp moved successfully.
c:\windows\system32\SET6D5.tmp moved successfully.
c:\windows\system32\SET6D6.tmp moved successfully.
c:\windows\system32\SET6D7.tmp moved successfully.
c:\windows\system32\SET6D8.tmp moved successfully.
c:\windows\system32\SET6D9.tmp moved successfully.
c:\windows\system32\SET6DC.tmp moved successfully.
c:\windows\system32\SET6DD.tmp moved successfully.
c:\windows\system32\SET6E1.tmp moved successfully.
c:\windows\system32\SET6E2.tmp moved successfully.
c:\windows\system32\SET6E3.tmp moved successfully.
c:\windows\system32\SET6E6.tmp moved successfully.
c:\windows\system32\SET6E8.tmp moved successfully.
c:\windows\system32\SET6ED.tmp moved successfully.
c:\windows\system32\SET6F0.tmp moved successfully.
c:\windows\system32\SET6F1.tmp moved successfully.
c:\windows\system32\SET6F2.tmp moved successfully.
c:\windows\system32\SET6F5.tmp moved successfully.
c:\windows\system32\SET6F6.tmp moved successfully.
c:\windows\system32\SET6F7.tmp moved successfully.
c:\windows\system32\SET6F8.tmp moved successfully.
c:\windows\system32\SET6F9.tmp moved successfully.
c:\windows\system32\SET6FC.tmp moved successfully.
c:\windows\system32\SET6FD.tmp moved successfully.
c:\windows\system32\SET6FE.tmp moved successfully.
c:\windows\system32\SET6FF.tmp moved successfully.
c:\windows\system32\SET700.tmp moved successfully.
c:\windows\system32\SET701.tmp moved successfully.
c:\windows\system32\SET703.tmp moved successfully.
c:\windows\system32\SET704.tmp moved successfully.
c:\windows\system32\SET705.tmp moved successfully.
c:\windows\system32\SET708.tmp moved successfully.
c:\windows\system32\SET709.tmp moved successfully.
c:\windows\system32\SET70A.tmp moved successfully.
c:\windows\system32\SET70C.tmp moved successfully.
c:\windows\system32\SET70F.tmp moved successfully.
c:\windows\system32\SET710.tmp moved successfully.
c:\windows\system32\SET712.tmp moved successfully.
c:\windows\system32\SET714.tmp moved successfully.
c:\windows\system32\SET715.tmp moved successfully.
c:\windows\system32\SET716.tmp moved successfully.
c:\windows\system32\SET71B.tmp moved successfully.
c:\windows\system32\SET71D.tmp moved successfully.
c:\windows\system32\SET71E.tmp moved successfully.
c:\windows\system32\SET71F.tmp moved successfully.
c:\windows\system32\SET720.tmp moved successfully.
c:\windows\system32\SET721.tmp moved successfully.
c:\windows\system32\SET722.tmp moved successfully.
c:\windows\system32\SET723.tmp moved successfully.
c:\windows\system32\SET724.tmp moved successfully.
c:\windows\system32\SET727.tmp moved successfully.
c:\windows\system32\SET72A.tmp moved successfully.
c:\windows\system32\SET72C.tmp moved successfully.
c:\windows\system32\SET72D.tmp moved successfully.
c:\windows\system32\SET72F.tmp moved successfully.
c:\windows\system32\SET731.tmp moved successfully.
c:\windows\system32\SET733.tmp moved successfully.
c:\windows\system32\SET736.tmp moved successfully.
c:\windows\system32\SET737.tmp moved successfully.
c:\windows\system32\SET738.tmp moved successfully.
c:\windows\system32\SET73A.tmp moved successfully.
c:\windows\system32\SET73B.tmp moved successfully.
c:\windows\system32\SET73C.tmp moved successfully.
c:\windows\system32\SET73E.tmp moved successfully.
c:\windows\system32\SET73F.tmp moved successfully.
c:\windows\system32\SET740.tmp moved successfully.
c:\windows\system32\SET741.tmp moved successfully.
c:\windows\system32\SET742.tmp moved successfully.
c:\windows\system32\SET743.tmp moved successfully.
c:\windows\system32\SET744.tmp moved successfully.
c:\windows\system32\SET747.tmp moved successfully.
c:\windows\system32\SET748.tmp moved successfully.
c:\windows\system32\SET749.tmp moved successfully.
c:\windows\system32\SET74E.tmp moved successfully.
c:\windows\system32\SET74F.tmp moved successfully.
c:\windows\system32\SET751.tmp moved successfully.
c:\windows\system32\SET757.tmp moved successfully.
c:\windows\system32\SET75A.tmp moved successfully.
c:\windows\system32\SET75E.tmp moved successfully.
c:\windows\system32\SET760.tmp moved successfully.
c:\windows\system32\SET762.tmp moved successfully.
c:\windows\system32\SET763.tmp moved successfully.
c:\windows\system32\SET765.tmp moved successfully.
c:\windows\system32\SET766.tmp moved successfully.
c:\windows\system32\SET767.tmp moved successfully.
c:\windows\system32\SET768.tmp moved successfully.
c:\windows\system32\SET769.tmp moved successfully.
c:\windows\system32\SET76B.tmp moved successfully.
c:\windows\system32\SET76C.tmp moved successfully.
c:\windows\system32\SET76D.tmp moved successfully.
c:\windows\system32\SET770.tmp moved successfully.
c:\windows\system32\SET772.tmp moved successfully.
c:\windows\system32\SET773.tmp moved successfully.
c:\windows\system32\SET777.tmp moved successfully.
c:\windows\system32\SET778.tmp moved successfully.
c:\windows\system32\SET77B.tmp moved successfully.
c:\windows\system32\SET77C.tmp moved successfully.
c:\windows\system32\SET77D.tmp moved successfully.
c:\windows\system32\SET77F.tmp moved successfully.
c:\windows\system32\SET780.tmp moved successfully.
c:\windows\system32\SET781.tmp moved successfully.
c:\windows\system32\SET782.tmp moved successfully.
c:\windows\system32\SET783.tmp moved successfully.
c:\windows\system32\SET784.tmp moved successfully.
c:\windows\system32\SET787.tmp moved successfully.
c:\windows\system32\SET789.tmp moved successfully.
c:\windows\system32\SET78A.tmp moved successfully.
c:\windows\system32\SET78C.tmp moved successfully.
c:\windows\system32\SET78E.tmp moved successfully.
c:\windows\system32\SET790.tmp moved successfully.
c:\windows\system32\SET792.tmp moved successfully.
c:\windows\system32\SET794.tmp moved successfully.
c:\windows\system32\SET795.tmp moved successfully.
c:\windows\system32\SET796.tmp moved successfully.
c:\windows\system32\SET797.tmp moved successfully.
c:\windows\system32\SET798.tmp moved successfully.
c:\windows\system32\SET79A.tmp moved successfully.
c:\windows\system32\SET79B.tmp moved successfully.
c:\windows\system32\SET7A0.tmp moved successfully.
c:\windows\system32\SET7A2.tmp moved successfully.
c:\windows\system32\SET7A3.tmp moved successfully.
c:\windows\system32\SET7A5.tmp moved successfully.
c:\windows\system32\SET7A6.tmp moved successfully.
c:\windows\system32\SET7A7.tmp moved successfully.
c:\windows\system32\SET7A8.tmp moved successfully.
c:\windows\system32\SET7A9.tmp moved successfully.
c:\windows\system32\SET7AB.tmp moved successfully.
c:\windows\system32\SET7AD.tmp moved successfully.
c:\windows\system32\SET7B2.tmp moved successfully.
c:\windows\system32\SET7B3.tmp moved successfully.
c:\windows\system32\SET7B4.tmp moved successfully.
c:\windows\system32\SET7B5.tmp moved successfully.
c:\windows\system32\SET7B6.tmp moved successfully.
c:\windows\system32\SET7B7.tmp moved successfully.
c:\windows\system32\SET7B8.tmp moved successfully.
c:\windows\system32\SET7B9.tmp moved successfully.
c:\windows\system32\SET7BA.tmp moved successfully.
c:\windows\system32\SET7BB.tmp moved successfully.
c:\windows\system32\SET7BD.tmp moved successfully.
c:\windows\system32\SET7BF.tmp moved successfully.
c:\windows\system32\SET7C0.tmp moved successfully.
c:\windows\system32\SET7C1.tmp moved successfully.
c:\windows\system32\SET7C2.tmp moved successfully.
c:\windows\system32\SET7C3.tmp moved successfully.
c:\windows\system32\SET7C4.tmp moved successfully.
c:\windows\system32\SET7C5.tmp moved successfully.
c:\windows\system32\SET7C6.tmp moved successfully.
c:\windows\system32\SET7C7.tmp moved successfully.
c:\windows\system32\SET7C8.tmp moved successfully.
c:\windows\system32\SET7CA.tmp moved successfully.
c:\windows\system32\SET7CB.tmp moved successfully.
c:\windows\system32\SET7CC.tmp moved successfully.
c:\windows\system32\SET7CD.tmp moved successfully.
c:\windows\system32\SET7CE.tmp moved successfully.
c:\windows\system32\SET7D0.tmp moved successfully.
c:\windows\system32\SET7D1.tmp moved successfully.
c:\windows\system32\SET7D2.tmp moved successfully.
c:\windows\system32\SET7D4.tmp moved successfully.
c:\windows\system32\SET7D5.tmp moved successfully.
c:\windows\system32\SET7D8.tmp moved successfully.
c:\windows\system32\SET7DB.tmp moved successfully.
c:\windows\system32\SET7DE.tmp moved successfully.
c:\windows\system32\SET7DF.tmp moved successfully.
c:\windows\system32\SET7E0.tmp moved successfully.
c:\windows\system32\SET7E1.tmp moved successfully.
c:\windows\system32\SET7E3.tmp moved successfully.
c:\windows\system32\SET7E6.tmp moved successfully.
c:\windows\system32\SET7E8.tmp moved successfully.
c:\windows\system32\SET7E9.tmp moved successfully.
c:\windows\system32\SET7EA.tmp moved successfully.
c:\windows\system32\SET7EB.tmp moved successfully.
c:\windows\system32\SET7EC.tmp moved successfully.
c:\windows\system32\SET7EE.tmp moved successfully.
c:\windows\system32\SET7EF.tmp moved successfully.
c:\windows\system32\SET7F0.tmp moved successfully.
c:\windows\system32\SET7F3.tmp moved successfully.
c:\windows\system32\SET7F4.tmp moved successfully.
c:\windows\system32\SET7F5.tmp moved successfully.
c:\windows\system32\SET7F8.tmp moved successfully.
c:\windows\system32\SET7F9.tmp moved successfully.
c:\windows\system32\SET7FC.tmp moved successfully.
c:\windows\system32\SET7FE.tmp moved successfully.
c:\windows\system32\SET803.tmp moved successfully.
c:\windows\system32\SET806.tmp moved successfully.
c:\windows\system32\SET80A.tmp moved successfully.
c:\windows\system32\SET80C.tmp moved successfully.
c:\windows\system32\SET80E.tmp moved successfully.
c:\windows\system32\SET814.tmp moved successfully.
c:\windows\system32\SET816.tmp moved successfully.
c:\windows\system32\SET817.tmp moved successfully.
c:\windows\system32\SET81A.tmp moved successfully.
c:\windows\system32\SET81B.tmp moved successfully.
c:\windows\system32\SET81E.tmp moved successfully.
c:\windows\system32\SET821.tmp moved successfully.
c:\windows\system32\SET822.tmp moved successfully.
c:\windows\system32\SET824.tmp moved successfully.
c:\windows\system32\SET829.tmp moved successfully.
c:\windows\system32\SET82D.tmp moved successfully.
c:\windows\system32\SET831.tmp moved successfully.
c:\windows\system32\SET833.tmp moved successfully.
c:\windows\system32\SET834.tmp moved successfully.
c:\windows\system32\SET837.tmp moved successfully.
c:\windows\system32\SET838.tmp moved successfully.
c:\windows\system32\SET83E.tmp moved successfully.
c:\windows\system32\SET83F.tmp moved successfully.
c:\windows\system32\SET841.tmp moved successfully.
c:\windows\system32\SET842.tmp moved successfully.
c:\windows\system32\SET847.tmp moved successfully.
c:\windows\system32\SET848.tmp moved successfully.
c:\windows\system32\SET849.tmp moved successfully.
c:\windows\system32\SET84A.tmp moved successfully.
c:\windows\system32\SET84B.tmp moved successfully.
c:\windows\system32\SET84C.tmp moved successfully.
c:\windows\system32\SET84E.tmp moved successfully.
c:\windows\system32\SET850.tmp moved successfully.
c:\windows\system32\SET853.tmp moved successfully.
c:\windows\system32\SET856.tmp moved successfully.
c:\windows\system32\SET858.tmp moved successfully.
c:\windows\system32\SET85D.tmp moved successfully.
c:\windows\system32\SET85F.tmp moved successfully.
c:\windows\system32\SET860.tmp moved successfully.
c:\windows\system32\SET861.tmp moved successfully.
c:\windows\system32\SET863.tmp moved successfully.
c:\windows\system32\SET865.tmp moved successfully.
c:\windows\system32\SET86A.tmp moved successfully.
c:\windows\system32\SET86C.tmp moved successfully.
c:\windows\system32\SET86D.tmp moved successfully.
c:\windows\system32\SET873.tmp moved successfully.
c:\windows\system32\SET87E.tmp moved successfully.
c:\windows\system32\SET881.tmp moved successfully.
c:\windows\system32\SET882.tmp moved successfully.
c:\windows\system32\SET886.tmp moved successfully.
c:\windows\system32\SET88E.tmp moved successfully.
c:\windows\system32\SET88F.tmp moved successfully.
c:\windows\system32\SET893.tmp moved successfully.
c:\windows\system32\SET894.tmp moved successfully.
c:\windows\system32\SET895.tmp moved successfully.
c:\windows\system32\SET897.tmp moved successfully.
c:\windows\system32\SET898.tmp moved successfully.
c:\windows\system32\SET89A.tmp moved successfully.
c:\windows\system32\SET89B.tmp moved successfully.
c:\windows\system32\SET89D.tmp moved successfully.
c:\windows\system32\SET89E.tmp moved successfully.
c:\windows\system32\SET89F.tmp moved successfully.
c:\windows\system32\SET8A2.tmp moved successfully.
c:\windows\system32\SET8A7.tmp moved successfully.
c:\windows\system32\SET8A8.tmp moved successfully.
c:\windows\system32\SET8AB.tmp moved successfully.
c:\windows\system32\SET8B1.tmp moved successfully.
c:\windows\system32\SET8B5.tmp moved successfully.
c:\windows\system32\SET8B7.tmp moved successfully.
c:\windows\system32\SET8B8.tmp moved successfully.
c:\windows\system32\SET8B9.tmp moved successfully.
c:\windows\system32\SET8BA.tmp moved successfully.
c:\windows\system32\SET8BC.tmp moved successfully.
c:\windows\system32\SET8BE.tmp moved successfully.
c:\windows\system32\SET8BF.tmp moved successfully.
c:\windows\system32\SET8C0.tmp moved successfully.
c:\windows\system32\SET8C1.tmp moved successfully.
c:\windows\system32\SET8C2.tmp moved successfully.
c:\windows\system32\SET8C3.tmp moved successfully.
c:\windows\system32\SET8C4.tmp moved successfully.
c:\windows\system32\SET8C6.tmp moved successfully.
c:\windows\system32\SET8C7.tmp moved successfully.
c:\windows\system32\SET8C8.tmp moved successfully.
c:\windows\system32\SET8CB.tmp moved successfully.
c:\windows\system32\SET8D1.tmp moved successfully.
c:\windows\system32\SET8D4.tmp moved successfully.
c:\windows\system32\SET8D5.tmp moved successfully.
c:\windows\system32\SET8D6.tmp moved successfully.
c:\windows\system32\SET8D7.tmp moved successfully.
c:\windows\system32\SET8D9.tmp moved successfully.
c:\windows\system32\SET8DA.tmp moved successfully.
c:\windows\system32\SET8DC.tmp moved successfully.
c:\windows\system32\SET8DE.tmp moved successfully.
c:\windows\system32\SET8DF.tmp moved successfully.
c:\windows\system32\SET8E0.tmp moved successfully.
c:\windows\system32\SET8E4.tmp moved successfully.
c:\windows\system32\SET8E9.tmp moved successfully.
c:\windows\system32\SET8EB.tmp moved successfully.
c:\windows\system32\SET8EC.tmp moved successfully.
c:\windows\system32\SET8ED.tmp moved successfully.
c:\windows\system32\SET8EF.tmp moved successfully.
c:\windows\system32\SET8F2.tmp moved successfully.
c:\windows\system32\SET8F4.tmp moved successfully.
c:\windows\system32\SET8F5.tmp moved successfully.
c:\windows\system32\SET8F6.tmp moved successfully.
c:\windows\system32\SET8F9.tmp moved successfully.
c:\windows\system32\SET8FA.tmp moved successfully.
c:\windows\system32\SET8FB.tmp moved successfully.
c:\windows\system32\SET8FC.tmp moved successfully.
c:\windows\system32\SET8FE.tmp moved successfully.
c:\windows\system32\SET902.tmp moved successfully.
c:\windows\system32\SET904.tmp moved successfully.
c:\windows\system32\SET907.tmp moved successfully.
c:\windows\system32\SET90A.tmp moved successfully.
c:\windows\system32\SET90B.tmp moved successfully.
c:\windows\system32\SET90D.tmp moved successfully.
c:\windows\system32\SET90F.tmp moved successfully.
c:\windows\system32\SET912.tmp moved successfully.
c:\windows\system32\SET913.tmp moved successfully.
c:\windows\system32\SET91A.tmp moved successfully.
c:\windows\system32\SET91B.tmp moved successfully.
c:\windows\system32\SET91D.tmp moved successfully.
c:\windows\system32\SET91F.tmp moved successfully.
c:\windows\system32\SET920.tmp moved successfully.
c:\windows\system32\SET922.tmp moved successfully.
c:\windows\system32\SET923.tmp moved successfully.
c:\windows\system32\SET930.tmp moved successfully.
c:\windows\system32\SET933.tmp moved successfully.
c:\windows\system32\SET934.tmp moved successfully.
c:\windows\system32\SET935.tmp moved successfully.
c:\windows\system32\SET937.tmp moved successfully.
c:\windows\system32\SET93B.tmp moved successfully.
c:\windows\system32\SET941.tmp moved successfully.
c:\windows\system32\SET942.tmp moved successfully.
c:\windows\system32\SET945.tmp moved successfully.
c:\windows\system32\SET948.tmp moved successfully.
c:\windows\system32\SET94A.tmp moved successfully.
c:\windows\system32\SET94C.tmp moved successfully.
c:\windows\system32\SET94D.tmp moved successfully.
c:\windows\system32\SET951.tmp moved successfully.
c:\windows\system32\SET953.tmp moved successfully.
c:\windows\system32\SET954.tmp moved successfully.
c:\windows\system32\SET955.tmp moved successfully.
c:\windows\system32\SET956.tmp moved successfully.
c:\windows\system32\SET957.tmp moved successfully.
c:\windows\system32\SET958.tmp moved successfully.
c:\windows\system32\SET959.tmp moved successfully.
c:\windows\system32\SET95B.tmp moved successfully.
c:\windows\system32\SET95C.tmp moved successfully.
c:\windows\system32\SET95D.tmp moved successfully.
c:\windows\system32\SET95E.tmp moved successfully.
c:\windows\system32\SET95F.tmp moved successfully.
c:\windows\system32\SET960.tmp moved successfully.
c:\windows\system32\SET961.tmp moved successfully.
c:\windows\system32\SET962.tmp moved successfully.
c:\windows\system32\SET963.tmp moved successfully.
c:\windows\system32\SET964.tmp moved successfully.
c:\windows\system32\SET965.tmp moved successfully.
c:\windows\system32\SET966.tmp moved successfully.
c:\windows\system32\SET967.tmp moved successfully.
c:\windows\system32\SET968.tmp moved successfully.
c:\windows\system32\SET96A.tmp moved successfully.
c:\windows\system32\SET96B.tmp moved successfully.
c:\windows\system32\SET96C.tmp moved successfully.
c:\windows\system32\SET96F.tmp moved successfully.
c:\windows\system32\SET970.tmp moved successfully.
c:\windows\system32\SET972.tmp moved successfully.
c:\windows\system32\SET973.tmp moved successfully.
c:\windows\system32\SET976.tmp moved successfully.
c:\windows\system32\SET977.tmp moved successfully.
c:\windows\system32\SET978.tmp moved successfully.
c:\windows\system32\SET979.tmp moved successfully.
c:\windows\system32\SET97E.tmp moved successfully.
c:\windows\system32\SET980.tmp moved successfully.
c:\windows\system32\SET981.tmp moved successfully.
c:\windows\system32\SET982.tmp moved successfully.
c:\windows\system32\SET983.tmp moved successfully.
c:\windows\system32\SET986.tmp moved successfully.
c:\windows\system32\SET98C.tmp moved successfully.
c:\windows\system32\SET98F.tmp moved successfully.
c:\windows\system32\SET991.tmp moved successfully.
c:\windows\system32\SET992.tmp moved successfully.
c:\windows\system32\SET993.tmp moved successfully.
c:\windows\system32\SET996.tmp moved successfully.
c:\windows\system32\SET997.tmp moved successfully.
c:\windows\system32\SET998.tmp moved successfully.
c:\windows\system32\SET999.tmp moved successfully.
c:\windows\system32\SET99A.tmp moved successfully.
c:\windows\system32\SET99B.tmp moved successfully.
c:\windows\system32\SET99C.tmp moved successfully.
c:\windows\system32\SET99F.tmp moved successfully.
c:\windows\system32\SET9A0.tmp moved successfully.
c:\windows\system32\SET9A1.tmp moved successfully.
c:\windows\system32\SET9A6.tmp moved successfully.
c:\windows\system32\SET9A8.tmp moved successfully.
c:\windows\system32\SET9A9.tmp moved successfully.
c:\windows\system32\SET9AD.tmp moved successfully.
c:\windows\system32\SET9AF.tmp moved successfully.
c:\windows\system32\SET9B1.tmp moved successfully.
c:\windows\system32\SET9B8.tmp moved successfully.
c:\windows\system32\SET9BA.tmp moved successfully.
c:\windows\system32\SET9BC.tmp moved successfully.
c:\windows\system32\SET9BD.tmp moved successfully.
c:\windows\system32\SET9BE.tmp moved successfully.
c:\windows\system32\SET9C0.tmp moved successfully.
c:\windows\system32\SET9C9.tmp moved successfully.
c:\windows\system32\SET9CB.tmp moved successfully.
c:\windows\system32\SET9CC.tmp moved successfully.
c:\windows\system32\SET9CF.tmp moved successfully.
c:\windows\system32\SET9D1.tmp moved successfully.
c:\windows\system32\SET9D5.tmp moved successfully.
c:\windows\system32\SET9D9.tmp moved successfully.
c:\windows\system32\SET9DA.tmp moved successfully.
c:\windows\system32\SET9DB.tmp moved successfully.
c:\windows\system32\SET9DD.tmp moved successfully.
c:\windows\system32\SET9DE.tmp moved successfully.
c:\windows\system32\SET9E4.tmp moved successfully.
c:\windows\system32\SET9E7.tmp moved successfully.
c:\windows\system32\SET9E8.tmp moved successfully.
c:\windows\system32\SET9EF.tmp moved successfully.
c:\windows\system32\SET9F0.tmp moved successfully.
c:\windows\system32\SET9F3.tmp moved successfully.
c:\windows\system32\SET9F4.tmp moved successfully.
c:\windows\system32\SET9F5.tmp moved successfully.
c:\windows\system32\SET9F6.tmp moved successfully.
c:\windows\system32\SET9F7.tmp moved successfully.
c:\windows\system32\SET9F9.tmp moved successfully.
c:\windows\system32\SET9FA.tmp moved successfully.
c:\windows\system32\SET9FB.tmp moved successfully.
c:\windows\system32\SET9FD.tmp moved successfully.
c:\windows\system32\SET9FE.tmp moved successfully.
c:\windows\system32\SET9FF.tmp moved successfully.
c:\windows\system32\SETA01.tmp moved successfully.
c:\windows\system32\SETA04.tmp moved successfully.
c:\windows\system32\SETA09.tmp moved successfully.
c:\windows\system32\SETA0A.tmp moved successfully.
c:\windows\system32\SETA0B.tmp moved successfully.
c:\windows\system32\SETA10.tmp moved successfully.
c:\windows\system32\SETA11.tmp moved successfully.
c:\windows\system32\SETA12.tmp moved successfully.
c:\windows\system32\SETA14.tmp moved successfully.
c:\windows\system32\SETA17.tmp moved successfully.
c:\windows\system32\SETA19.tmp moved successfully.
c:\windows\system32\SETA1A.tmp moved successfully.
c:\windows\system32\SETA1D.tmp moved successfully.
c:\windows\system32\SETA1E.tmp moved successfully.
c:\windows\system32\SETA21.tmp moved successfully.
c:\windows\system32\SETA24.tmp moved successfully.
c:\windows\system32\SETA25.tmp moved successfully.
c:\windows\system32\SETA27.tmp moved successfully.
c:\windows\system32\SETA2C.tmp moved successfully.
c:\windows\system32\SETA30.tmp moved successfully.
c:\windows\system32\SETA36.tmp moved successfully.
c:\windows\system32\SETA38.tmp moved successfully.
c:\windows\system32\SETA3D.tmp moved successfully.
c:\windows\system32\SETA3E.tmp moved successfully.
c:\windows\system32\SETA44.tmp moved successfully.
c:\windows\system32\SETA45.tmp moved successfully.
c:\windows\system32\SETA47.tmp moved successfully.
c:\windows\system32\SETA48.tmp moved successfully.
c:\windows\system32\SETA4D.tmp moved successfully.
c:\windows\system32\SETA4F.tmp moved successfully.
c:\windows\system32\SETA50.tmp moved successfully.
c:\windows\system32\SETA51.tmp moved successfully.
c:\windows\system32\SETA52.tmp moved successfully.
c:\windows\system32\SETA54.tmp moved successfully.
c:\windows\system32\SETA56.tmp moved successfully.
c:\windows\system32\SETA59.tmp moved successfully.
c:\windows\system32\SETA5C.tmp moved successfully.
c:\windows\system32\SETA5E.tmp moved successfully.
c:\windows\system32\SETA63.tmp moved successfully.
c:\windows\system32\SETA65.tmp moved successfully.
c:\windows\system32\SETA66.tmp moved successfully.
c:\windows\system32\SETA67.tmp moved successfully.
c:\windows\system32\SETA69.tmp moved successfully.
c:\windows\system32\SETA6B.tmp moved successfully.
c:\windows\system32\SETA70.tmp moved successfully.
c:\windows\system32\SETA72.tmp moved successfully.
c:\windows\system32\SETA73.tmp moved successfully.
c:\windows\system32\SETA79.tmp moved successfully.
c:\windows\system32\SETA84.tmp moved successfully.
c:\windows\system32\SETA87.tmp moved successfully.
c:\windows\system32\SETA88.tmp moved successfully.
c:\windows\system32\SETA8C.tmp moved successfully.
c:\windows\system32\SETA94.tmp moved successfully.
c:\windows\system32\SETA9B.tmp moved successfully.
c:\windows\system32\SETA9D.tmp moved successfully.
c:\windows\system32\SETAA0.tmp moved successfully.
c:\windows\system32\SETAA1.tmp moved successfully.
c:\windows\system32\SETAA3.tmp moved successfully.
c:\windows\system32\SETAA5.tmp moved successfully.
c:\windows\system32\SETAB7.tmp moved successfully.
c:\windows\system32\SETABB.tmp moved successfully.
c:\windows\system32\SETABD.tmp moved successfully.
c:\windows\system32\SETABF.tmp moved successfully.
c:\windows\system32\SETAC5.tmp moved successfully.
c:\windows\system32\SETAC6.tmp moved successfully.
c:\windows\system32\SETAC9.tmp moved successfully.
c:\windows\system32\SETAD7.tmp moved successfully.
c:\windows\system32\SETADD.tmp moved successfully.
c:\windows\system32\SETADF.tmp moved successfully.
c:\windows\system32\SETAE0.tmp moved successfully.
c:\windows\system32\SETAE6.tmp moved successfully.
c:\windows\system32\SETAEA.tmp moved successfully.
c:\windows\system32\SETAF3.tmp moved successfully.
c:\windows\system32\SETAF8.tmp moved successfully.
c:\windows\system32\SETAFA.tmp moved successfully.
c:\windows\system32\SETAFB.tmp moved successfully.
c:\windows\system32\SETAFC.tmp moved successfully.
c:\windows\system32\SETB04.tmp moved successfully.
c:\windows\system32\SETB08.tmp moved successfully.
c:\windows\system32\SETB0D.tmp moved successfully.
c:\windows\system32\SETB13.tmp moved successfully.
c:\windows\system32\SETB25.tmp moved successfully.
c:\windows\system32\SETB26.tmp moved successfully.
c:\windows\system32\SETB4E.tmp moved successfully.
c:\windows\system32\SETB50.tmp moved successfully.
c:\windows\system32\SETB52.tmp moved successfully.
c:\windows\system32\SETB57.tmp moved successfully.
c:\windows\system32\SETB58.tmp moved successfully.
c:\windows\system32\SETB59.tmp moved successfully.
c:\windows\system32\SETB5A.tmp moved successfully.
c:\windows\system32\SETB5B.tmp moved successfully.
c:\windows\system32\SETB5D.tmp moved successfully.
c:\windows\system32\SETB5E.tmp moved successfully.
c:\windows\system32\SETB5F.tmp moved successfully.
c:\windows\system32\SETB60.tmp moved successfully.
c:\windows\system32\SETB67.tmp moved successfully.
c:\windows\system32\SETB69.tmp moved successfully.
c:\windows\system32\SETB6A.tmp moved successfully.
c:\windows\system32\SETB6C.tmp moved successfully.
c:\windows\system32\SETB6F.tmp moved successfully.
c:\windows\system32\SETB71.tmp moved successfully.
c:\windows\system32\SETB76.tmp moved successfully.
c:\windows\system32\SETB77.tmp moved successfully.
c:\windows\system32\SETB7F.tmp moved successfully.
c:\windows\system32\SETB85.tmp moved successfully.
c:\windows\system32\SETB8A.tmp moved successfully.
c:\windows\system32\SETB8D.tmp moved successfully.
c:\windows\system32\SETB90.tmp moved successfully.
c:\windows\system32\SETB92.tmp moved successfully.
c:\windows\system32\SETB96.tmp moved successfully.
c:\windows\system32\SETB98.tmp moved successfully.
c:\windows\system32\SETB99.tmp moved successfully.
c:\windows\system32\SETB9A.tmp moved successfully.
c:\windows\system32\SETB9D.tmp moved successfully.
c:\windows\system32\SETB9E.tmp moved successfully.
c:\windows\system32\SETBA2.tmp moved successfully.
c:\windows\system32\SETBA3.tmp moved successfully.
c:\windows\system32\SETBA6.tmp moved successfully.
c:\windows\system32\SETBA8.tmp moved successfully.
c:\windows\system32\SETBAD.tmp moved successfully.
c:\windows\system32\SETBB0.tmp moved successfully.
c:\windows\system32\SETBB4.tmp moved successfully.
c:\windows\system32\SETBB6.tmp moved successfully.
c:\windows\system32\SETBB8.tmp moved successfully.
c:\windows\system32\SETC0E.tmp moved successfully.
c:\windows\system32\SETC0F.tmp moved successfully.
c:\windows\system32\SETC11.tmp moved successfully.
c:\windows\system32\SETC13.tmp moved successfully.
c:\windows\system32\SETC15.tmp moved successfully.
c:\windows\system32\SETC1C.tmp moved successfully.
c:\windows\system32\SETC1D.tmp moved successfully.
c:\windows\system32\SETC20.tmp moved successfully.
c:\windows\system32\SETC29.tmp moved successfully.
c:\windows\system32\SETC2A.tmp moved successfully.
c:\windows\system32\SETC2B.tmp moved successfully.
c:\windows\system32\SETC2D.tmp moved successfully.
c:\windows\system32\SETC2E.tmp moved successfully.
c:\windows\system32\SETC2F.tmp moved successfully.
c:\windows\system32\SETC30.tmp moved successfully.
c:\windows\system32\SETC31.tmp moved successfully.
c:\windows\system32\SETC33.tmp moved successfully.
c:\windows\system32\SETC34.tmp moved successfully.
c:\windows\system32\SETC43.tmp moved successfully.
c:\windows\system32\SETC47.tmp moved successfully.
c:\windows\system32\SETC4E.tmp moved successfully.
c:\windows\system32\SETC4F.tmp moved successfully.
c:\windows\system32\SETC50.tmp moved successfully.
c:\windows\system32\SETC53.tmp moved successfully.
c:\windows\system32\SETC55.tmp moved successfully.
c:\windows\system32\SETC56.tmp moved successfully.
c:\windows\system32\SETC5D.tmp moved successfully.
c:\windows\system32\SETC5F.tmp moved successfully.
c:\windows\system32\SETC61.tmp moved successfully.
c:\windows\system32\SETC62.tmp moved successfully.
c:\windows\system32\SETC65.tmp moved successfully.
c:\windows\system32\SETC6B.tmp moved successfully.
c:\windows\system32\SETC6C.tmp moved successfully.
c:\windows\system32\SETC6D.tmp moved successfully.
c:\windows\system32\SETC6E.tmp moved successfully.
c:\windows\system32\SETC74.tmp moved successfully.
c:\windows\system32\SETC79.tmp moved successfully.
c:\windows\system32\SETC7A.tmp moved successfully.
c:\windows\system32\SETC7D.tmp moved successfully.
c:\windows\system32\SETC80.tmp moved successfully.
c:\windows\system32\SETC81.tmp moved successfully.
c:\windows\system32\SETC88.tmp moved successfully.
c:\windows\system32\SETC8F.tmp moved successfully.
c:\windows\system32\SETC9C.tmp moved successfully.
c:\windows\system32\SETCAD.tmp moved successfully.
c:\windows\system32\SETCAF.tmp moved successfully.
c:\windows\system32\SETCB0.tmp moved successfully.
c:\windows\system32\SETCB1.tmp moved successfully.
c:\windows\system32\SETCBA.tmp moved successfully.
c:\windows\system32\SETCCB.tmp moved successfully.
c:\windows\system32\SETCE6.tmp moved successfully.
c:\windows\system32\SETCEC.tmp moved successfully.
c:\windows\system32\SETCEE.tmp moved successfully.
c:\windows\system32\SETCF3.tmp moved successfully.
c:\windows\system32\SETCF5.tmp moved successfully.
c:\windows\system32\SETCF9.tmp moved successfully.
c:\windows\system32\SETCFC.tmp moved successfully.
c:\windows\system32\SETCFD.tmp moved successfully.
c:\windows\system32\SETD02.tmp moved successfully.
c:\windows\system32\SETD05.tmp moved successfully.
c:\windows\system32\SETD06.tmp moved successfully.
c:\windows\system32\SETD07.tmp moved successfully.
c:\windows\system32\SETD0D.tmp moved successfully.
c:\windows\system32\SETD0E.tmp moved successfully.
c:\windows\system32\SETD0F.tmp moved successfully.
c:\windows\system32\SETD17.tmp moved successfully.
c:\windows\system32\SETD1D.tmp moved successfully.
c:\windows\system32\SETD1E.tmp moved successfully.
c:\windows\system32\SETD1F.tmp moved successfully.
c:\windows\system32\SETD20.tmp moved successfully.
c:\windows\system32\SETD22.tmp moved successfully.
c:\windows\system32\SETD2A.tmp moved successfully.
c:\windows\system32\SETD45.tmp moved successfully.
c:\windows\system32\SETD47.tmp moved successfully.
c:\windows\system32\SETD49.tmp moved successfully.
c:\windows\system32\SETD4A.tmp moved successfully.
c:\windows\system32\SETD4B.tmp moved successfully.
c:\windows\system32\SETD56.tmp moved successfully.
c:\windows\system32\SETD5A.tmp moved successfully.
c:\windows\system32\SETD5C.tmp moved successfully.
c:\windows\system32\SETD63.tmp moved successfully.
c:\windows\system32\SETD65.tmp moved successfully.
c:\windows\system32\SETD68.tmp moved successfully.
c:\windows\system32\SETD7C.tmp moved successfully.
c:\windows\system32\SETD7D.tmp moved successfully.
c:\windows\system32\SETD84.tmp moved successfully.
c:\windows\system32\SETD85.tmp moved successfully.
c:\windows\system32\SETD88.tmp moved successfully.
c:\windows\system32\SETD89.tmp moved successfully.
c:\windows\system32\SETD8A.tmp moved successfully.
c:\windows\system32\SETD8B.tmp moved successfully.
c:\windows\system32\SETD8C.tmp moved successfully.
c:\windows\system32\SETD8F.tmp moved successfully.
c:\windows\system32\SETD90.tmp moved successfully.
c:\windows\system32\SETD91.tmp moved successfully.
c:\windows\system32\SETD93.tmp moved successfully.
c:\windows\system32\SETD96.tmp moved successfully.
c:\windows\system32\SETD97.tmp moved successfully.
c:\windows\system32\SETD99.tmp moved successfully.
c:\windows\system32\SETD9C.tmp moved successfully.
c:\windows\system32\SETDA1.tmp moved successfully.
c:\windows\system32\SETDA2.tmp moved successfully.
c:\windows\system32\SETDA3.tmp moved successfully.
c:\windows\system32\SETDA8.tmp moved successfully.
c:\windows\system32\SETDA9.tmp moved successfully.
c:\windows\system32\SETDAA.tmp moved successfully.
c:\windows\system32\SETDAC.tmp moved successfully.
c:\windows\system32\SETDDE.tmp moved successfully.
c:\windows\system32\SETDE0.tmp moved successfully.
c:\windows\system32\SETDE2.tmp moved successfully.
c:\windows\system32\SETDE5.tmp moved successfully.
c:\windows\system32\SETDE6.tmp moved successfully.
c:\windows\system32\SETDE9.tmp moved successfully.
c:\windows\system32\SETDEC.tmp moved successfully.
c:\windows\system32\SETDED.tmp moved successfully.
c:\windows\system32\SETDEF.tmp moved successfully.
c:\windows\system32\SETDF4.tmp moved successfully.
c:\windows\system32\SETDF6.tmp moved successfully.
c:\windows\system32\SETDF9.tmp moved successfully.
c:\windows\system32\SETDFE.tmp moved successfully.
c:\windows\system32\SETDFF.tmp moved successfully.
c:\windows\system32\SETE00.tmp moved successfully.
c:\windows\system32\SETE10.tmp moved successfully.
c:\windows\system32\SETE11.tmp moved successfully.
c:\windows\system32\SETE18.tmp moved successfully.
c:\windows\system32\SETE19.tmp moved successfully.
c:\windows\system32\SETE1B.tmp moved successfully.
c:\windows\system32\SETE1C.tmp moved successfully.
c:\windows\system32\SETE21.tmp moved successfully.
c:\windows\system32\SETE23.tmp moved successfully.
c:\windows\system32\SETE24.tmp moved successfully.
c:\windows\system32\SETE25.tmp moved successfully.
c:\windows\system32\SETE26.tmp moved successfully.
c:\windows\system32\SETE28.tmp moved successfully.
c:\windows\system32\SETE2A.tmp moved successfully.
c:\windows\system32\SETE2D.tmp moved successfully.
c:\windows\system32\SETE39.tmp moved successfully.
c:\windows\system32\SETE3B.tmp moved successfully.
c:\windows\system32\SETE3C.tmp moved successfully.
c:\windows\system32\SETE3D.tmp moved successfully.
c:\windows\system32\SETE3F.tmp moved successfully.
c:\windows\system32\SETE41.tmp moved successfully.
c:\windows\system32\SETE42.tmp moved successfully.
c:\windows\system32\SETE46.tmp moved successfully.
c:\windows\system32\SETE48.tmp moved successfully.
c:\windows\system32\SETE49.tmp moved successfully.
c:\windows\system32\SETE4F.tmp moved successfully.
c:\windows\system32\SETE6B.tmp moved successfully.
c:\windows\system32\SETE6E.tmp moved successfully.
c:\windows\system32\SETE6F.tmp moved successfully.
c:\windows\system32\SETE73.tmp moved successfully.
c:\windows\system32\SETE7B.tmp moved successfully.
c:\windows\system32\SETE82.tmp moved successfully.
c:\windows\system32\SETE86.tmp moved successfully.
c:\windows\system32\SETE8C.tmp moved successfully.
c:\windows\system32\SETE8E.tmp moved successfully.
c:\windows\system32\SETEA0.tmp moved successfully.
c:\windows\system32\SETEA4.tmp moved successfully.
c:\windows\system32\SETEA6.tmp moved successfully.
c:\windows\system32\SETEA8.tmp moved successfully.
c:\windows\system32\SETEAE.tmp moved successfully.
c:\windows\system32\SETEB2.tmp moved successfully.
c:\windows\system32\SETEC0.tmp moved successfully.
c:\windows\system32\SETEC6.tmp moved successfully.
c:\windows\system32\SETEC8.tmp moved successfully.
c:\windows\system32\SETEC9.tmp moved successfully.
c:\windows\system32\SETECF.tmp moved successfully.
c:\windows\system32\SETED3.tmp moved successfully.
c:\windows\system32\SETEE2.tmp moved successfully.
c:\windows\system32\SETEE4.tmp moved successfully.
c:\windows\system32\SETEE5.tmp moved successfully.
c:\windows\system32\SETEE6.tmp moved successfully.
c:\windows\system32\SETEF4.tmp moved successfully.
c:\windows\system32\SETEF8.tmp moved successfully.
c:\windows\system32\SETF03.tmp moved successfully.
c:\windows\system32\SETF23.tmp moved successfully.
c:\windows\system32\SETF24.tmp moved successfully.
c:\windows\system32\SETF51.tmp moved successfully.
c:\windows\system32\SETF53.tmp moved successfully.
c:\windows\system32\SETF55.tmp moved successfully.
c:\windows\system32\SETF5C.tmp moved successfully.
c:\windows\system32\SETF5D.tmp moved successfully.
c:\windows\system32\SETF5E.tmp moved successfully.
c:\windows\system32\SETF60.tmp moved successfully.
c:\windows\system32\SETF61.tmp moved successfully.
c:\windows\system32\SETF62.tmp moved successfully.
c:\windows\system32\SETF65.tmp moved successfully.
c:\windows\system32\SETF67.tmp moved successfully.
c:\windows\system32\SETF68.tmp moved successfully.
c:\windows\system32\SETF6C.tmp moved successfully.
c:\windows\system32\SETF6F.tmp moved successfully.
c:\windows\system32\SETF71.tmp moved successfully.
c:\windows\system32\SETF76.tmp moved successfully.
c:\windows\system32\SETF77.tmp moved successfully.
c:\windows\system32\SETF8D.tmp moved successfully.
c:\windows\system32\SETF95.tmp moved successfully.
c:\windows\system32\SETF9A.tmp moved successfully.
c:\windows\system32\SETF9D.tmp moved successfully.
c:\windows\system32\SETFA0.tmp moved successfully.
c:\windows\system32\SETFA2.tmp moved successfully.
c:\windows\system32\SETFA6.tmp moved successfully.
c:\windows\system32\SETFA8.tmp moved successfully.
c:\windows\system32\SETFA9.tmp moved successfully.
c:\windows\system32\SETFAA.tmp moved successfully.
c:\windows\system32\SETFAD.tmp moved successfully.
c:\windows\system32\SETFAE.tmp moved successfully.
c:\windows\system32\SETFB3.tmp moved successfully.
c:\windows\system32\SETFB4.tmp moved successfully.
c:\windows\system32\SETFB8.tmp moved successfully.
c:\windows\system32\SETFBA.tmp moved successfully.
c:\windows\system32\SETFBF.tmp moved successfully.
c:\windows\system32\SETFC2.tmp moved successfully.
c:\windows\system32\SETFC6.tmp moved successfully.
c:\windows\system32\SETFC8.tmp moved successfully.
c:\windows\system32\SETFD8.tmp moved successfully.
c:\windows\002827_.tmp moved successfully.
c:\windows\imsins.BAK moved successfully.
DllUnregisterServer procedure not found in c:\windows\system32\drivers\_004252_.tmp.dll
c:\windows\system32\drivers\_004252_.tmp.dll NOT unregistered.
c:\windows\system32\drivers\_004252_.tmp.dll moved successfully.
c:\windows\system32\KGyGaAvL.sys moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_240.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7f4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0005\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0005\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0005\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0005\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0005\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\wb.vx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03042009_205951

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_240.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_7f4.dat not found!
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0005\adoc.bx moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0005\md.dat moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0005\url.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0005\w.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0005\wb.vx moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\adoc.bx moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\md.dat moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\url.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\w.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0004\wb.vx moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\adoc.bx moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\md.dat moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\url.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\w.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0003\wb.vx moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\adoc.bx moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\md.dat moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\url.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\w.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0002\wb.vx moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\adoc.bx moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\md.dat moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\url.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\w.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0001\wb.vx moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
C:\Documents and Settings\doma\Local Settings\Data aplikací\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.

***************************************************************************************************************************************
Log z Combofixu:

ComboFix 09-03-03.01 - doma 2009-03-04 21:34:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1029.18.767.360 [GMT 1:00]
Spuštěný z: c:\documents and settings\doma\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\doma\Plocha\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET personal firewall *disabled*
* Vytvořen nový Bod Obnovení

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-02-04 do 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-04 21:32 . 2009-03-04 21:32 389,632 --a------ c:\windows\system32\cmd.execf
2009-03-04 20:59 . 2009-03-04 20:59 <DIR> d-------- C:\_OTMoveIt
2009-03-04 16:53 . 2008-04-14 08:52 1,034,240 --a------ c:\windows\SETBD9.tmp
2009-03-04 16:40 . 2007-04-18 17:15 2,854,400 --a------ c:\windows\system32\dllcache\msi.dll
2009-03-04 16:39 . 2008-07-03 14:03 8,464,896 --a------ c:\windows\system32\dllcache\shell32.dll
2009-03-04 16:19 . 2009-03-04 21:34 <DIR> d-------- c:\windows\system32\CatRoot2
2009-03-01 21:31 . 2008-04-14 04:22 1,034,240 --a------ c:\windows\SET9D4.tmp
2009-03-01 21:30 . 2006-12-28 20:01 19,569 --a------ c:\windows\002821_.tmp
2009-03-01 01:43 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-03-01 01:38 . 2009-03-01 01:38 <DIR> d-------- c:\program files\Microsoft Works
2009-03-01 01:37 . 2009-03-01 01:37 <DIR> d-------- c:\program files\MSBuild
2009-03-01 01:34 . 2009-03-01 01:34 <DIR> d-------- c:\program files\Microsoft.NET
2009-03-01 01:29 . 2009-03-01 01:29 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-03-01 01:27 . 2009-03-01 02:41 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-03-01 01:25 . 2009-03-01 01:25 <DIR> dr-h----- C:\MSOCache
2009-03-01 01:09 . 2009-03-01 01:18 <DIR> d-------- c:\documents and settings\doma\Data aplikací\DAEMON Tools Pro
2009-03-01 01:09 . 2009-03-01 01:09 <DIR> d-------- c:\documents and settings\doma\Data aplikací\DAEMON Tools
2009-03-01 01:07 . 2009-03-01 01:07 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2009-03-01 01:07 . 2009-03-01 01:07 <DIR> d-------- c:\program files\DAEMON Tools Lite
2009-03-01 01:07 . 2009-03-01 01:07 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Lite
2009-03-01 01:04 . 2009-03-01 01:09 <DIR> d-------- c:\documents and settings\doma\Data aplikací\DAEMON Tools Lite
2009-02-28 21:52 . 2009-02-28 22:06 <DIR> d-------- c:\documents and settings\doma\Data aplikací\Mp3tag
2009-02-22 17:26 . 2009-03-04 21:16 26,817 --a------ c:\windows\system32\oodbs.lor

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 20:37 --------- d-----w c:\documents and settings\doma\Data aplikací\uTorrent
2009-03-04 20:15 349,283 ---h--w c:\documents and settings\doma\Data aplikací\TurboLaunch_IconCache.dat
2009-03-01 20:06 --------- d---a-w c:\documents and settings\All Users\Data aplikací\TEMP
2009-03-01 10:57 --------- d-----w c:\documents and settings\All Users\Data aplikací\DVD Shrink
2009-03-01 10:40 --------- d-----w c:\documents and settings\doma\Data aplikací\Vso
2009-03-01 00:04 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-23 19:00 --------- d-----w c:\documents and settings\doma\Data aplikací\Skype
2009-02-23 15:49 --------- d-----w c:\documents and settings\doma\Data aplikací\skypePM
2009-02-21 20:51 81,920 ----a-w c:\documents and settings\doma\Data aplikací\ezpinst.exe
2009-02-21 20:51 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-02-21 20:51 47,360 ----a-w c:\documents and settings\doma\Data aplikací\pcouffin.sys
2009-01-31 00:02 --------- d-----w c:\program files\HDD Regenerator
2009-01-24 23:12 43,698 ----a-w c:\windows\system32\xvid-uninstall.exe
2009-01-10 19:05 --------- d-----w c:\documents and settings\doma\Data aplikací\VitySoft
2009-01-04 14:42 --------- d-----w c:\documents and settings\doma\Data aplikací\Hamachi
2009-01-03 00:50 28,672 ----a-w c:\windows\system32\eEmpty.exe
2008-12-30 23:20 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-19 20:57 193,560 ----a-w c:\documents and settings\doma\Data aplikací\GDIPFONTCACHEV1.DAT
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
2008-12-07 15:37 1,107,296 ----a-w c:\windows\system32\WdfCoInstaller01007.dll
2008-03-25 18:56 241 ----a-w c:\documents and settings\doma\SR.vbs
2007-11-21 10:09 32 ----a-w c:\documents and settings\All Users\Data aplikací\ezsid.dat
.

------- Sigcheck -------

2006-04-20 13:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-03-02 13:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 12:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\ab04a73630759d84a46114bfca20f64c\tcpip.sys
2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:45 360320 3c966f647bab332093cb0f92692b5cb8 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-03-04_20.11.31.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-04 20:17:11 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_11c.dat
+ 2009-03-04 20:17:07 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c4.dat
.
Nahoru
Uživatelský avatar
Body
Level 2
Level 2
Příspěvky: 185
Registrován: září 06
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Moc prosím o kontrolu logu - HiJackThis

Příspěvekod Body » 04 bře 2009 22:35

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"QIP2005"="d:\programy\QIP\qip.exe" [2008-12-09 3259392]
"uTorrent"="d:\programy\uTorrent\uTorrent.exe" [2009-02-27 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 c:\windows\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\doma\Nabˇdka Start\Programy\Po spuçtŘnˇ\
TurboLaunch.lnk - d:\programy\TurboLaunch\TurboLaunch.exe [2007-02-08 2105856]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 101784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"GreyMSIAds"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= d:\programy\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\programy\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"d:\\programy\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"d:\\programy\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"d:\\programy\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"d:\\Hry\\Valve\\hlds.exe"=
"d:\\Hry\\Valve\\hl.exe"=
"d:\\programy\\Hamachi\\hamachi.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\programy\\Opera\\Opera.exe"=
"d:\\programy\\Strong DC\\StrongDC.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\programy\\QIP\\qip.exe"=
"d:\\Hry\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\programy\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2009-03-04 69120]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-03-02 3584]
S3 CrystalSysInfo;CrystalSysInfo;d:\programy\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2007-12-31 135168]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-12-07 10976]
S3 SE30bus;Sony Ericsson Device 048 Driver driver (WDM);c:\windows\system32\drivers\SE30bus.sys [2007-03-11 61600]
S3 SE30mdfl;Sony Ericsson Device 048 USB WMC Modem Filter;c:\windows\system32\drivers\SE30mdfl.sys [2007-03-11 9360]
S3 SE30mdm;Sony Ericsson Device 048 USB WMC Modem Driver;c:\windows\system32\drivers\SE30mdm.sys [2007-03-11 97184]
S3 SE30mgmt;Sony Ericsson Device 048 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE30mgmt.sys [2007-03-11 88688]
S3 se30nd5;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (NDIS);c:\windows\system32\drivers\se30nd5.sys [2007-03-11 18704]
S3 SE30obex;Sony Ericsson Device 048 USB WMC OBEX Interface;c:\windows\system32\drivers\SE30obex.sys [2007-03-11 86560]
S3 se30unic;Sony Ericsson Device 048 USB Ethernet Emulation SEMC48 (WDM);c:\windows\system32\drivers\se30unic.sys [2007-03-11 90800]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Obsah adresáře 'Naplánované úlohy'

2009-02-20 c:\windows\Tasks\1-Click Maintenance.job
- d:\programy\TuneUp Utilities 2008\OneClick.exe [2008-01-20 14:02]

2008-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.neobux.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: {A80B43A5-542A-4B3A-8F6E-D5D7AC5EF881} = 62.129.50.20,85.135.32.100
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 21:37:02
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\DefaultPreset]
@DACL=(02 0000)
@="d:\\Programy\\Adobe\\Premiere Pro 1.5\\Settings\\DV - NTSC\\Standard 48kHz.prpreset"

[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\1.5\Help]
@DACL=(02 0000)
"AdobeMediaEncoder"="d:\\Programy\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html"
"Contents"="d:\\Programy\\Adobe\\Premiere Pro 1.5\\Help\\1_0_0_0.html"
"ExportToDVD"="d:\\Programy\\Adobe\\Premiere Pro 1.5\\Help\\1_19_2_0.html"
"HowToUse"="d:\\Programy\\Adobe\\Premiere Pro 1.5\\Help\\0_0_0_0.html"
"Keyboard"="d:\\Programy\\Adobe\\Premiere Pro 1.5\\Help\\1_21_0_0.html"
"Search"="d:\\Programy\\Adobe\\Premiere Pro 1.5\\Help\\search.html"
"Support"="http://www.adobe.com/support/products/premiere.html"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,03,e8,44,15,48,
99,a5,06,c8,28,51,af,b0,29,a3,98,eb,76,cf,f4,79,3c,f1,af,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,b1,73,c5,c9,e6,
a9,0c,b4,71,3b,04,66,8b,46,0d,96,17,b5,7f,d4,26,41,4c,57,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,34,b3,00,04,de,
17,c6,27,25,da,ec,7e,55,20,c9,26,ac,ab,17,98,c2,ac,c1,a2,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,31,ca,77,80,c7,
8e,26,a3,3e,1e,9e,e0,57,5a,93,61,e3,f5,05,b7,f0,d4,6d,b0,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,e4,ed,fb,b2,05,
a4,48,e0,cd,44,cd,b9,a6,33,6c,cd,33,c9,6d,1d,62,bd,2d,87,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e0,80,3d,37,1e,
0c,5d,8a,b0,18,ed,a7,3f,8d,37,a4,18,be,59,d6,01,67,28,f4,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,a6,c4,d8,bc,41,
de,06,bc,31,77,e1,ba,b1,f8,68,02,9b,6c,fb,be,ff,10,34,4a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,de,98,58,c7,c3,
a7,3c,c6,83,6c,56,8b,a0,85,96,ab,98,08,f2,c2,35,0e,7c,59,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,dc,de,5b,4a,92,
47,f0,0e,51,fa,6e,91,28,9e,14,cc,22,86,a7,0b,cf,6b,07,34,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,78,15,43,68,fe,
ef,d0,ca,b1,cd,45,5a,a8,c4,f8,b9,2e,ea,80,6f,9b,7d,76,07,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,18,06,b1,94,50,
7b,2a,1e,e3,0e,66,d5,eb,bc,2f,6b,dc,08,b0,1a,6b,1f,6a,77,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,8c,da,e4,1f,71,
94,7b,63,fa,ea,66,7f,d4,3b,6b,70,92,ea,e9,3f,ba,06,4c,f3,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="B30702C9C880636A978C237F59420940768169B22FD3FAE009F8573C39F0E0AF0232359FBA6BF4E8E77B7112AFF5A3C80469765248BD3113E3D8A6D36B5D735F63435BB14A90A1BA50E7747E8E4A2A98143801D88D899D14F5A4EBD18A08AB7C67AB432A933BAB3AE1BE8757E3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74CA2D97226D213B555A6171C11EC38DE3DF0274460CE99A02701A4023788FBF5A988B10B525035957118A426EFABEA6450C81CDB617A8BFBC6AF8450E95423B16EAF37F9ADC538F36914A09EAACCC46EF27DFD27D035B4846C2127BC18B5F71A094E66B8B3E729288153676B4D8E3BAD5F23AEA3D8283DDFCB562597EACEAFB47F74B18F2FF864BF2F93E467626FF0D49A423263E32CB2049E45BDC9CEFBDEE0DAA43059ADED289BEC0529853AA2EE69B2D8338AA35485BC1FD952CB75C5004EA9559D04827019F13ACB6747650C23C7B457FB528A618CAB117068ABD3EEF1017DF2D69343DE3D4E197EF746BC49DB9E37A37F88524C014337DBAA0D236BF6D36B5BE0A04949010B90AAD62FDA28CEEFCF94518EF5BF004BDA616625DF64B5F10E61E0D4B37533DC2AD025C0202993131AF92B59B61C8BDFC7BB8E3ECCB4B75C814DA370635E08C876632451AD852732379369F2987387704E1837386D6F6C68E85916C680AF16A787CA3DC76C27E9CD4A158DF6E20F3EC146999C030C56A6BE6834CCBD73CBD828F2E2FCA006AAA036F92ABC97A26ADCE904551A26B5E31B5B2B02FDD1EA4930CB53FC916C6BE47293F26DBD9A27B3F5D6E7D5B3BA3B44E48FDED884925AEF5F68C8DBD0CFCDDA6BDF64F1005985CEFC4650198D71B1D68301B3435FA2F53D8D2875B7B181A5487E6B82BB14C01553CDCC2211738AF13257A6E0413139B863C6087F3CCE50AE1AFD5705C3ADD1728DA252C6A3D1DD1A1D29CE9E46C0A160C879D9120B6A1A6675249BA67626A1FD7C20122BAABBD30A94221AAB38793B700679445CB76754112E0B82A636FAD95BD2C99DBEF4E56CE7C94FFBC8F26A79ACE87FC08FC84D06B45034AA4A574D38F1F888567744A9B79D2025BEBC45C5E3A1F1A49C623BC8CD1E990487D8A3608D6F0BAB754CCE07DE5631F97ECFF162151D58E87990FEA8D9DA7CC3DE1DD51E3EC3D86386BBBD201A844807AC51AF3DBCAF05B1CDD8F8E1703F211ECBE7A114C52363C569C5AF3838DC676B8D12AAF19E30144363FC7F0CE7626025BD8BABF12F04644BD06E363B9BD84229396701C5113959CB57445F622C9EC84BF6600B8D1D25C6D1453E58B53B3542271EAB451F7F2959D89CF8D9C640921E6B8E43CEDE4405A99AA3C30F5A9F73822FFA3B8009E8A1CCDE78E9A1BAB523563F6E91F7046D"
"OODEFRAG11.00.00.01WORKSTATION"="A0420701B413B45DB48BB03D90202A32F4EC8E6BAEB65CCAC41AE62807F94E72E01030BB241F5341A7ADCD85DBD0F2943D5E887ACEA107956F5765B6C1923CCEF7DCBF953C9D54558422BFE7845E43FB9830972DDCC3951A36E391E31C50A7635AF1F867136FB0CF4B8BBFDFBBD49B0F34FD083EC570AA8F1174EE4D62F277186DBEB04F6FDC35E86E3117AAE7234B78AE853AACAC603EB3ED619053139AE8D90CD452ACCD8E035F547D26CBA19C79669BADA2BB67301A452DA8211861CB0B9903E85CA660150D73D800DF87B7F89FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D6794FEBC9E127BECC74C6DD4D582A83B871AB6787BB71B30E40E03BF4135480093B452F0F7A8CC6D16AC5A4B502A558FBB3B26943AABD24A47E4D1764CB8B58F98D94D273E083B74F9A9B46DF25DD116674DB9E2963701507C01121C43D06ABEDC6C868AC0F1D8923D1985BFCB125E37723D48F6F4C4044795D38D7183FB8550B6835A27761B22E720D7D73D0E537A0F24CC32D462547D67852213AA92516A3AE488297E7E4DDCC64995BDD30D3D6A6E2D10D67A0C77D3202208756F19F541A7063CD60698E412B8C1D5CAE5C40439D81FEF1E5546D7B19229F08B5CE02873F61FAF492628540B7877701948516DB309F0A9EF49082F8492399FB07FDB3831BA19CAED3B3920DBF43A904346F654E9E97DCC3A2D6B4D7DAB55A9C1DE9B89EDB83EC63318766054D1C036EB9D98A5329B01BE70CB2F95151AE478A2F1DA14DFEB41358D7FB1C49066A43637004365A47421B80564B6FD04D0B34B39A574E4028336F5F4AD5F0E6A3FE1B7CC9323A81FFBE047F3A80914C8F2F0327158671D946195C1E34C9810021ADBB5D9F18A9942ED2DCABAC2D075A55DAF1439DE576F9A1DBAA25A7E9A35BC6DD681102AED77F33CD3F8DACA5CD5201AE72A82818D245A7E66775C5845FA42DDFBBD22BD69935D0B865958D09F7C036DF50244FAF519DF083D7371E29FF17E4858624B233A54EAB15BC9BFD73144DCCB967EF9FD9F3DF9E8481C251CCF3FA13CDE3B46C3C1344DBD4E7A9CD64C1EFEDDEE5422ABBE15BB09724D0874249D9F7DE3E8537D0742FB70BC6F0239CE8BFE03878D3E1EAB39FB030EB5AB510E58B182215D38A2329F2DBC698383DDBC24394BC888566061D556244DD72A0A21D1D277B3E23E791283E0CC7AE13C17BB14497C0576F3F1002BAA71CA0B1E6D977FC33B1D1330BB9838567C7A0C4AAC981A9311ED5C2748CC0D9A1E80F826BCCC6A87E2C35E6097DC1A925BD856CED9BF89BBB59A16814AAD650E18D122E7AAC32F67B46F08A22F169DDFAE65E96ECC46C8AECB88CF1A542F2E307B015709E2200070ADCDA9CF"
.
Celkový čas: 2009-03-04 21:40:10
ComboFix-quarantined-files.txt 2009-03-04 20:39:33
ComboFix2.txt 2009-03-04 19:14:17

Před spuštěním: 4 954 746 880
Po spuštění: 4,939,563,008

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
266 --- E O F --- 2009-03-02 21:01:06

**************************************************************************************************************************************

Log z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:47, on 4.3.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
D:\programy\QIP\qip.exe
D:\programy\uTorrent\uTorrent.exe
D:\programy\TurboLaunch\TurboLaunch.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
D:\Programy\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashAvast.exe
D:\programy\HiJackThis.exe
D:\programy\Opera\Opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neobux.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP2005] D:\programy\QIP\qip.exe
O4 - HKCU\..\Run: [uTorrent] "D:\programy\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TurboLaunch.lnk = D:\programy\TurboLaunch\TurboLaunch.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5937714859
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A80B43A5-542A-4B3A-8F6E-D5D7AC5EF881}: NameServer = 62.129.50.20,85.135.32.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - D:\Programy\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8845 bytes

***************************************************************************************************************************************

Děkuju fakt nesmírně moc! :wink: :wink: :inlove:

Ufff, to byla dlouhá zpráva. Chci se zeptat, ten Avast! má v sobě zabudovaný firewall? Nebo je třeba doinstalovat např. Kerio? A myslíš, že teď půjde nainstalovat SP3? Jsi fakt zlatý člověk...
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43339
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Moc prosím o kontrolu logu - HiJackThis

Příspěvekod jaro3 » 05 bře 2009 08:13

Takže ještě jednou OTMoveIt3 (by OldTimer) script:

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\windows\system32\cmd.execf
c:\windows\SET*.tmp
c:\windows\002821_.tmp

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Potom zase log z OTMoveIt3.
***************************************************************************************************************************************
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.cz/OnlineScanner.cab


ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Avast je jen antivir, firewall nemá (pokud budeš mít systém s Avast pomalejší i přesto , můžeš přejít na Aviru).Můžeš si stáhnout free firewall Kerio, Zone Alarm nebo Comodo.SP3 bych instaloval pouze na novou čistou instalaci win.Někdo má problémy s touto instalací na zaběhlý systém.
Radím opatrnost při serfování na netu. Pokud nejsou problémy , je to vše.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů