Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:53, on 16.7.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbappHelper.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\McAfee\MSC\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.0.0.610\HPIEAddOn.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.1.0.3900\NPIEAddOn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbapp.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ano
O17 - HKLM\Software\..\Telephony: DomainName = ano
O17 - HKLM\System\CCS\Services\Tcpip\..\{6274A93D-AFAC-4744-B54D-A49AB25312A4}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ano
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ano
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0297931247771837) (0297931247771837mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\029793~1.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12910 bytes
PROSIM O KONTROLU LOGU Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: PROSIM O KONTROLU LOGU
Odinstaluj:
Nice Prosper\CashBackAssistant
Internet Saving Optimizer
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nice Prosper\CashBackAssistant
Internet Saving Optimizer
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Kód: Vybrat vše
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O13 - Gopher Prefix:
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: PROSIM O KONTROLU LOGU
Malwarebytes' Anti-Malware 1.39
Verze databáze: 2421
Windows 6.0.6001 Service Pack 1
21.7.2009 21:54:30
mbam-log-2009-07-21 (21-53-44).txt
Typ skenu: Rychlý sken
Objektu skenováno: 85911
Uplynulý cas: 4 minute(s), 6 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
Verze databáze: 2421
Windows 6.0.6001 Service Pack 1
21.7.2009 21:54:30
mbam-log-2009-07-21 (21-53-44).txt
Typ skenu: Rychlý sken
Objektu skenováno: 85911
Uplynulý cas: 4 minute(s), 6 second(s)
Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 1
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)
Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)
Infikované klíce registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)
Infikované složky:
(Žádné zákerné položky nebyly zjišteny)
Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: PROSIM O KONTROLU LOGU
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochrany+ firewall u mcafee
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.
Vypni rez. ochrany+ firewall u mcafee
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: PROSIM O KONTROLU LOGU
ComboFix 09-07-23.04 - Nguyet 22.07.2009 18:39.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2938.1602 [GMT 2:00]
Spuštěný z: c:\users\Nguyet\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-801232012-123408828-3674571984-500
c:\$recycle.bin\S-1-5-21-871698264-3678613051-3317876014-500
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\2.2.0.2880\adwpx.exe
c:\program files\Internet Saving Optimizer\2.2.0.2880\Data\config.md
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\install.rdf
c:\program files\Internet Saving Optimizer\2.2.0.2880\NPCommon.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.dat
c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.exe
c:\program files\Internet Saving Optimizer\3.1.0.3900\adwpx.exe
c:\program files\Internet Saving Optimizer\3.1.0.3900\Data\config.md
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.1.0.3900\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.1.0.3900\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.1.0.3900\unins000.dat
c:\program files\Internet Saving Optimizer\3.1.0.3900\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.0.0.610\Data\config.md
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.0.0.610\FF\chrome.manifest
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.0.0.610\FF\install.rdf
c:\program files\Media Access Startup\1.0.0.610\HPCommon.dll
c:\program files\Media Access Startup\1.0.0.610\HPIEAddOn.dll
c:\program files\Media Access Startup\1.0.0.610\hppx.exe
c:\program files\Media Access Startup\1.0.0.610\unins000.dat
c:\program files\Media Access Startup\1.0.0.610\unins000.exe
c:\program files\Nice Prosper
c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-22 do 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-21 14:15 . 2009-07-21 14:15 -------- d-----w- c:\users\Nguyet\AppData\Roaming\Malwarebytes
2009-07-21 14:14 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 14:14 . 2009-07-21 14:14 -------- d-----w- c:\programdata\Malwarebytes
2009-07-21 14:14 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 14:14 . 2009-07-21 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 19:26 . 2009-07-16 19:26 -------- d-----w- c:\program files\Trend Micro
2009-07-16 12:16 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 12:16 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 12:16 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 12:16 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 19:32 . 2008-12-12 20:01 -------- d-----w- c:\program files\McAfee
2009-07-17 19:39 . 2008-12-08 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 19:38 . 2009-03-04 20:29 1844883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-07-17 18:34 . 2008-12-08 17:53 645540 ----a-w- c:\windows\system32\perfh005.dat
2009-07-17 18:34 . 2008-12-08 17:53 132514 ----a-w- c:\windows\system32\perfc005.dat
2009-07-16 20:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-25 17:47 . 2009-06-18 06:21 -------- d-----w- c:\program files\GameSpy Arcade
2009-06-05 17:31 . 2009-06-05 17:26 -------- d-----w- c:\users\Nguyet\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-06-02 17:46 . 2009-06-02 17:46 -------- d-----w- c:\program files\Electronic Arts
2009-05-13 19:25 . 2009-05-13 19:25 564083 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-05-13 19:25 . 2009-05-13 19:25 2412275 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\CFCSetup.exe
2009-05-13 19:25 . 2009-05-13 19:25 583337 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-05-13 06:03 . 2009-05-13 19:24 2981419 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\Setup.exe
2009-05-13 06:01 . 2009-05-13 19:24 209176 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\CC8FDF08\3E688669\OEActiveXDLL.dll
2009-05-13 06:01 . 2009-05-13 19:24 127256 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\36F1A852\3E688669\MyDll.dll
2009-05-13 06:01 . 2009-05-13 19:24 102680 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
2009-05-13 06:01 . 2009-05-13 19:24 151832 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
2009-05-13 06:01 . 2009-05-13 19:24 250136 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll
2009-05-13 06:01 . 2009-05-13 19:24 296264 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbterm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295656 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbrunwlm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295328 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbrewlm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295896 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbreaim.exe
2009-05-08 09:40 . 2009-02-01 20:31 2708 ----a-w- c:\users\Nguyet\AppData\Local\d3d9caps.dat
2009-04-30 12:37 . 2009-06-11 20:36 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-11 20:36 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-24 16:05 . 2009-06-10 11:37 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 11:37 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 11:37 26624 ----a-w- c:\windows\system32\ieUnatt.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-12 39408]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-05 270336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-22 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-08 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-12-12 24576]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-12 641208]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-10-17 6295552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-11-06 02:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{295C1DDF-6614-428C-9ADD-56B514912159}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{24726054-410A-4CF8-903D-DE27ED0576AE}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{422D9217-6272-47A0-A91A-E320718B79FA}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{B5A971EE-5A9F-4957-BA38-5AF7276C5FCA}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{252F6353-27D0-4FD3-94E1-27A440443EAA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{44BE83E6-925B-4B2E-997A-25C3F1FE3710}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3EFFAA12-B9F2-4458-8E2C-148181C3FE31}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4DF46B87-F62F-4AD8-8F21-A517C359C156}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{3C249B11-FFBE-4174-8CB7-70150E25D113}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [12.1.2008 3:50 30312]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12.12.2008 22:04 203280]
R2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [12.12.2008 22:26 303104]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18.4.2007 6:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [8.12.2008 23:25 104992]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [12.12.2008 22:01 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\VAIO Power Management\SPMService.exe [9.12.2008 1:31 415584]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [12.9.2008 5:28 446464]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [12.12.2008 22:14 337184]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [12.12.2008 22:01 17920]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [8.12.2008 19:46 9344]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9.12.2008 1:30 30192]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.2.2007 15:29 29178224]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\VAIO Media plus\SOHCImp.exe [12.12.2008 22:18 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\VAIO Media plus\SOHDms.exe [12.12.2008 22:18 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\VAIO Media plus\SOHDs.exe [12.12.2008 22:18 62752]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [12.12.2008 22:14 83232]
.
Obsah adresáře 'Naplánované úlohy'
2008-12-12 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-12 02:10]
2008-12-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-12 02:10]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-SmileyApp - c:\program files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbapp.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {6274A93D-AFAC-4744-B54D-A49AB25312A4} = 10.0.0.138
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
Celkový čas: 2009-07-22 18:45
ComboFix-quarantined-files.txt 2009-07-22 16:45
Před spuštěním: Volných bajtů: 156 320 239 616
Po spuštění: Volných bajtů: 158 518 689 792
216 --- E O F --- 2009-07-21 18:59
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2938.1602 [GMT 2:00]
Spuštěný z: c:\users\Nguyet\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-801232012-123408828-3674571984-500
c:\$recycle.bin\S-1-5-21-871698264-3678613051-3317876014-500
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\2.2.0.2880\adwpx.exe
c:\program files\Internet Saving Optimizer\2.2.0.2880\Data\config.md
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\2.2.0.2880\FF\install.rdf
c:\program files\Internet Saving Optimizer\2.2.0.2880\NPCommon.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.dat
c:\program files\Internet Saving Optimizer\2.2.0.2880\unins000.exe
c:\program files\Internet Saving Optimizer\3.1.0.3900\adwpx.exe
c:\program files\Internet Saving Optimizer\3.1.0.3900\Data\config.md
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.1.0.3900\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.1.0.3900\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.1.0.3900\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.1.0.3900\unins000.dat
c:\program files\Internet Saving Optimizer\3.1.0.3900\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.0.0.610\Data\config.md
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.0.0.610\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.0.0.610\FF\chrome.manifest
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.0.0.610\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.0.0.610\FF\install.rdf
c:\program files\Media Access Startup\1.0.0.610\HPCommon.dll
c:\program files\Media Access Startup\1.0.0.610\HPIEAddOn.dll
c:\program files\Media Access Startup\1.0.0.610\hppx.exe
c:\program files\Media Access Startup\1.0.0.610\unins000.dat
c:\program files\Media Access Startup\1.0.0.610\unins000.exe
c:\program files\Nice Prosper
c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-22 do 2009-07-22 )))))))))))))))))))))))))))))))
.
2009-07-21 14:15 . 2009-07-21 14:15 -------- d-----w- c:\users\Nguyet\AppData\Roaming\Malwarebytes
2009-07-21 14:14 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 14:14 . 2009-07-21 14:14 -------- d-----w- c:\programdata\Malwarebytes
2009-07-21 14:14 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 14:14 . 2009-07-21 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 19:26 . 2009-07-16 19:26 -------- d-----w- c:\program files\Trend Micro
2009-07-16 12:16 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 12:16 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 12:16 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 12:16 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 19:32 . 2008-12-12 20:01 -------- d-----w- c:\program files\McAfee
2009-07-17 19:39 . 2008-12-08 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 19:38 . 2009-03-04 20:29 1844883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-07-17 18:34 . 2008-12-08 17:53 645540 ----a-w- c:\windows\system32\perfh005.dat
2009-07-17 18:34 . 2008-12-08 17:53 132514 ----a-w- c:\windows\system32\perfc005.dat
2009-07-16 20:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-25 17:47 . 2009-06-18 06:21 -------- d-----w- c:\program files\GameSpy Arcade
2009-06-05 17:31 . 2009-06-05 17:26 -------- d-----w- c:\users\Nguyet\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-06-02 17:46 . 2009-06-02 17:46 -------- d-----w- c:\program files\Electronic Arts
2009-05-13 19:25 . 2009-05-13 19:25 564083 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-05-13 19:25 . 2009-05-13 19:25 2412275 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\CFCSetup.exe
2009-05-13 19:25 . 2009-05-13 19:25 583337 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-05-13 06:03 . 2009-05-13 19:24 2981419 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\Setup.exe
2009-05-13 06:01 . 2009-05-13 19:24 209176 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\CC8FDF08\3E688669\OEActiveXDLL.dll
2009-05-13 06:01 . 2009-05-13 19:24 127256 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\36F1A852\3E688669\MyDll.dll
2009-05-13 06:01 . 2009-05-13 19:24 102680 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
2009-05-13 06:01 . 2009-05-13 19:24 151832 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
2009-05-13 06:01 . 2009-05-13 19:24 250136 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll
2009-05-13 06:01 . 2009-05-13 19:24 296264 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbterm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295656 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbrunwlm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295328 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbrewlm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295896 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbreaim.exe
2009-05-08 09:40 . 2009-02-01 20:31 2708 ----a-w- c:\users\Nguyet\AppData\Local\d3d9caps.dat
2009-04-30 12:37 . 2009-06-11 20:36 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-11 20:36 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-24 16:05 . 2009-06-10 11:37 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-10 11:37 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-10 11:37 26624 ----a-w- c:\windows\system32\ieUnatt.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-12 39408]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-05 270336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-22 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-08 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-12-12 24576]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-12 641208]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-10-17 6295552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-11-06 02:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{295C1DDF-6614-428C-9ADD-56B514912159}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{24726054-410A-4CF8-903D-DE27ED0576AE}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{422D9217-6272-47A0-A91A-E320718B79FA}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{B5A971EE-5A9F-4957-BA38-5AF7276C5FCA}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{252F6353-27D0-4FD3-94E1-27A440443EAA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{44BE83E6-925B-4B2E-997A-25C3F1FE3710}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3EFFAA12-B9F2-4458-8E2C-148181C3FE31}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4DF46B87-F62F-4AD8-8F21-A517C359C156}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{3C249B11-FFBE-4174-8CB7-70150E25D113}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [12.1.2008 3:50 30312]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12.12.2008 22:04 203280]
R2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [12.12.2008 22:26 303104]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18.4.2007 6:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [8.12.2008 23:25 104992]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [12.12.2008 22:01 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\VAIO Power Management\SPMService.exe [9.12.2008 1:31 415584]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [12.9.2008 5:28 446464]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [12.12.2008 22:14 337184]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [12.12.2008 22:01 17920]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [8.12.2008 19:46 9344]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9.12.2008 1:30 30192]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.2.2007 15:29 29178224]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\VAIO Media plus\SOHCImp.exe [12.12.2008 22:18 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\VAIO Media plus\SOHDms.exe [12.12.2008 22:18 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\VAIO Media plus\SOHDs.exe [12.12.2008 22:18 62752]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [12.12.2008 22:14 83232]
.
Obsah adresáře 'Naplánované úlohy'
2008-12-12 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-12 02:10]
2008-12-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-12 02:10]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-SmileyApp - c:\program files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbapp.exe
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {6274A93D-AFAC-4744-B54D-A49AB25312A4} = 10.0.0.138
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
Celkový čas: 2009-07-22 18:45
ComboFix-quarantined-files.txt 2009-07-22 16:45
Před spuštěním: Volných bajtů: 156 320 239 616
Po spuštění: Volných bajtů: 158 518 689 792
216 --- E O F --- 2009-07-21 18:59
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: PROSIM O KONTROLU LOGU
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\CFCSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\Setup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll
Vlož sem pak odkazy výsledků.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\users\Nguyet\AppData\Local\d3d9caps.dat
RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Toto otestuj na Virustotal
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\CFCSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\Setup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll
Vlož sem pak odkazy výsledků.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: PROSIM O KONTROLU LOGU
ComboFix 09-07-23.04 - Nguyet 23.07.2009 23:40.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2938.1665 [GMT 2:00]
Spuštěný z: c:\users\Nguyet\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Nguyet\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
FILE ::
"c:\users\Nguyet\AppData\Local\d3d9caps.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Nguyet\AppData\Local\d3d9caps.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-23 do 2009-07-23 )))))))))))))))))))))))))))))))
.
2009-07-21 14:15 . 2009-07-21 14:15 -------- d-----w- c:\users\Nguyet\AppData\Roaming\Malwarebytes
2009-07-21 14:14 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 14:14 . 2009-07-21 14:14 -------- d-----w- c:\programdata\Malwarebytes
2009-07-21 14:14 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 14:14 . 2009-07-21 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 19:26 . 2009-07-16 19:26 -------- d-----w- c:\program files\Trend Micro
2009-07-16 12:16 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 12:16 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 12:16 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 12:16 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 21:34 . 2008-12-08 17:53 645540 ----a-w- c:\windows\system32\perfh005.dat
2009-07-23 21:34 . 2008-12-08 17:53 132514 ----a-w- c:\windows\system32\perfc005.dat
2009-07-19 19:32 . 2008-12-12 20:01 -------- d-----w- c:\program files\McAfee
2009-07-17 19:39 . 2008-12-08 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 19:38 . 2009-03-04 20:29 1844883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-07-16 20:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-25 17:47 . 2009-06-18 06:21 -------- d-----w- c:\program files\GameSpy Arcade
2009-06-05 17:31 . 2009-06-05 17:26 -------- d-----w- c:\users\Nguyet\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-06-02 17:46 . 2009-06-02 17:46 -------- d-----w- c:\program files\Electronic Arts
2009-05-13 19:25 . 2009-05-13 19:25 564083 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-05-13 19:25 . 2009-05-13 19:25 2412275 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\CFCSetup.exe
2009-05-13 19:25 . 2009-05-13 19:25 583337 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-05-13 06:03 . 2009-05-13 19:24 2981419 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\Setup.exe
2009-05-13 06:01 . 2009-05-13 19:24 209176 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\CC8FDF08\3E688669\OEActiveXDLL.dll
2009-05-13 06:01 . 2009-05-13 19:24 127256 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\36F1A852\3E688669\MyDll.dll
2009-05-13 06:01 . 2009-05-13 19:24 102680 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
2009-05-13 06:01 . 2009-05-13 19:24 151832 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
2009-05-13 06:01 . 2009-05-13 19:24 250136 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll
2009-05-13 06:01 . 2009-05-13 19:24 296264 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbterm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295656 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbrunwlm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295328 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbrewlm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295896 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbreaim.exe
2009-04-30 12:37 . 2009-06-11 20:36 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-11 20:36 428544 ----a-w- c:\windows\system32\EncDec.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-22_16.44.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-23 21:31 . 2009-03-08 11:32 94720 c:\windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.6001.18702_none_7c2a7e005d93bd9b\inseng.dll
+ 2009-07-23 21:33 . 2009-05-12 22:35 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iesetup.dll
+ 2009-07-23 21:33 . 2009-05-12 22:35 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iernonce.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iesetup.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iernonce.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iesetup.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iernonce.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 59904 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_8.0.6001.18702_none_3d86a1c07a097782\icardie.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 34816 c:\windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_8.0.6001.18702_none_20dfeb2e08d9ec0a\imgutil.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 66560 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\wextract.exe
+ 2009-07-23 21:31 . 2009-03-08 11:31 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_8.0.6001.18702_none_d658a8dacff20c9e\mshtmler.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 66560 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.18702_none_2b140bc159303551\mshtmled.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 45568 c:\windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18702_none_3c45119b1f28ff3d\mshta.exe
+ 2009-07-23 21:31 . 2009-03-08 11:31 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedssync.exe
+ 2009-07-23 21:31 . 2009-03-08 11:31 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedsbs.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 43008 c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.18702_none_accc7a4465be292a\licmgr10.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\admparse.dll
+ 2009-07-23 21:33 . 2009-05-12 22:49 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\WininetPlugin.dll
+ 2009-07-23 21:33 . 2009-05-12 22:36 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\jsproxy.dll
+ 2009-07-23 21:33 . 2009-05-09 05:50 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\WininetPlugin.dll
+ 2009-07-23 21:33 . 2009-05-09 05:35 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\jsproxy.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\WininetPlugin.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\jsproxy.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 18944 c:\windows\winsxs\x86_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.6001.18702_none_6f561c09617d9439\corpol.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 46592 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.6001.18702_none_d0b191832934e44c\pngfilt.dll
+ 2008-01-21 01:58 . 2009-07-23 20:29 52948 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-23 20:29 70478 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-07-22 06:54 70478 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-01 20:32 . 2009-07-23 21:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-01 20:32 . 2009-07-22 16:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-01 20:32 . 2009-07-23 21:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-01 20:32 . 2009-07-22 16:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-01 20:32 . 2009-07-22 16:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-01 20:32 . 2009-07-23 21:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-23 21:31 . 2009-03-08 11:35 2048 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18702_none_83daaad046b59436\iecompat.dll
- 2009-02-14 21:43 . 2009-06-05 21:57 1848 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-14 21:43 . 2009-07-22 20:37 1848 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-01 20:33 . 2009-07-23 20:29 9392 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1054141453-211329636-2874667663-1003_UserData.bin
- 2009-02-01 20:33 . 2009-07-22 06:54 9392 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1054141453-211329636-2874667663-1003_UserData.bin
+ 2009-07-22 16:55 . 2009-07-22 16:55 5362 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\2474B2570F19098354837673E72209085D7ED343\2474B2570F19098354837673E72209085D7ED343\Data.dat
+ 2009-07-23 21:33 . 2009-07-23 21:33 1670 c:\windows\SoftwareDistribution\PostRebootEventCache\{0215DAEF-2ECE-4C0D-A0F6-99DBBC2D98CD}.bin
+ 2009-07-23 20:27 . 2009-07-23 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-22 06:52 . 2009-07-22 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-22 06:52 . 2009-07-22 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-23 20:27 . 2009-07-23 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-23 21:31 . 2009-03-08 11:33 420352 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18702_none_2b4525a943b273a6\vbscript.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 726528 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18702_none_65cb0af10cefc76a\jscript.dll
+ 2009-07-23 21:31 . 2009-03-08 11:22 156160 c:\windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18702_none_aeeaf610b83f2e48\msls31.dll
+ 2009-07-23 21:31 . 2009-03-08 11:35 121344 c:\windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.6001.18702_none_1de359b6148047cc\jsdebuggeride.dll
+ 2009-07-23 21:30 . 2009-03-08 11:33 256000 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18702_none_cb86fb78a76dcdde\ieinstal.exe
+ 2009-07-23 21:33 . 2009-05-12 22:35 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieui.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieui.dll
+ 2009-07-23 21:31 . 2009-03-08 11:22 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieui.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 105984 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.18702_none_d315f3a07395d0ed\url.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 208384 c:\windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18702_none_d4a239fe30224f93\WinFXDocObj.exe
+ 2009-07-23 21:31 . 2009-03-08 11:33 759296 c:\windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.6001.18702_none_d02233c4fe8667df\VGX.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18702_none_fe7d3c2acfc7f690\iesysprep.dll
+ 2009-07-23 21:33 . 2009-05-12 20:35 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\ie4uinit.exe
+ 2009-07-23 21:33 . 2009-05-09 03:36 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\ie4uinit.exe
+ 2009-07-23 21:31 . 2009-03-08 11:32 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\ie4uinit.exe
+ 2009-07-23 21:33 . 2009-05-12 22:48 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\sqmapi.dll
+ 2009-07-23 21:33 . 2009-05-09 05:48 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\sqmapi.dll
+ 2009-07-23 21:31 . 2009-03-08 21:09 140128 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\sqmapi.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 193536 c:\windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.6001.18702_none_aa7d60ae7286ab24\msrating.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 109568 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\PDMSetup.exe
+ 2009-07-23 21:31 . 2009-01-08 01:20 355832 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\pdm.dll
+ 2009-07-23 21:31 . 2009-01-08 01:20 265720 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\msdbg2.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 236544 c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18702_none_44170552678500f2\webcheck.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 109568 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18702_none_1a118a8629ee860e\occache.dll
+ 2009-07-23 21:31 . 2009-03-08 11:35 233984 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.6001.18702_none_d5ea1c01e3fe67ea\jsprofilerui.dll
+ 2009-07-23 21:31 . 2009-03-08 11:35 118272 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.6001.18702_none_ed92bec9472aab53\JSProfilerCore.dll
+ 2009-07-23 21:31 . 2009-03-08 11:35 521216 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.18702_none_9d577137e370ad2c\jsdbgui.dll
+ 2009-07-23 21:30 . 2009-03-08 21:09 638816 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
+ 2009-07-23 21:31 . 2009-03-08 11:33 132608 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\ieUnatt.exe
+ 2009-07-23 21:31 . 2009-03-08 11:35 144384 c:\windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18702_none_10e8e2fad95106ab\ExtExport.exe
+ 2009-07-23 21:31 . 2009-03-08 11:32 169472 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\iexpress.exe
+ 2009-07-23 21:33 . 2009-05-12 22:35 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22874_none_2ab8403ac959093f\IEShims.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18783_none_2a22d339b0446c0f\IEShims.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 196096 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18702_none_2a78524fb0047330\IEShims.dll
+ 2009-07-23 21:33 . 2009-05-12 22:35 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22874_none_7359f4a479b0a2d1\ieproxy.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18783_none_72c487a3609c05a1\ieproxy.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 246784 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18702_none_731a06b9605c0cc2\ieproxy.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 115712 c:\windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18702_none_e9612e8087062a88\ielowutil.exe
+ 2009-07-23 21:32 . 2009-05-30 13:15 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22883_none_840ec88560132cdf\iecompat.dll
+ 2009-07-23 21:32 . 2009-06-02 03:27 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18793_none_837a5bce46fda906\iecompat.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 125952 c:\windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18702_none_a0d17792aa595b3e\iecleanup.exe
+ 2009-07-23 21:31 . 2009-03-08 11:33 103936 c:\windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18702_none_9396116207a33bbc\SetDepNx.exe
+ 2009-07-23 21:31 . 2009-03-08 11:33 107520 c:\windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18702_none_0ad3f877399acafc\RegisterIEPKEYs.exe
+ 2009-07-23 21:31 . 2009-03-08 11:32 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18702_none_42d1aca65041d4fb\msfeeds.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 216064 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtrans.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 348160 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtmsft.dll
+ 2009-07-23 21:31 . 2009-03-08 11:35 742912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18702_none_1e902f2a55a1ce84\iedvtool.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 183808 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18702_none_1faea70907d94aa5\iepeers.dll
+ 2009-07-23 21:31 . 2009-03-08 11:11 445952 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 163840 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieakui.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 229376 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieaksie.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 125952 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.6001.18702_none_87015889ddff063f\ieakeng.dll
+ 2009-07-23 21:33 . 2009-05-12 22:34 385536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22874_none_577b7cbe869d3919\iedkcs32.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 385536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18783_none_56e60fbd6d889be9\iedkcs32.dll
+ 2009-07-23 21:31 . 2009-03-08 21:09 391536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18702_none_573b8ed36d48a30a\iedkcs32.dll
+ 2009-07-23 21:33 . 2009-05-12 22:49 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\wininet.dll
+ 2009-07-23 21:33 . 2009-05-09 05:50 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\wininet.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 914944 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18702_none_c3b0c8fe923e1b1f\mstime.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 107008 c:\windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18702_none_eb622404d6d4cb81\SetIEInstalledDate.exe
+ 2009-07-23 21:31 . 2009-03-08 11:32 128512 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_8.0.6001.18702_none_8eb687d4089bfe4d\advpack.dll
+ 2009-02-03 23:32 . 2009-07-23 06:09 235688 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-07-17 18:34 633886 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-23 21:34 633886 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-23 21:34 118772 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-17 18:34 118772 c:\windows\System32\perfc009.dat
+ 2009-07-23 21:33 . 2009-05-12 22:35 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\iertutil.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\iertutil.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\iertutil.dll
+ 2009-07-23 21:33 . 2009-05-12 22:39 5936128 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22874_none_f66e22e151498188\mshtml.dll
+ 2009-07-23 21:33 . 2009-05-09 05:38 5936128 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18783_none_f5d8b5e03834e458\mshtml.dll
+ 2009-07-23 21:30 . 2009-03-08 11:41 5937152 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
+ 2009-07-23 21:31 . 2009-02-07 04:07 3698584 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dat
+ 2009-07-23 21:33 . 2009-05-12 22:48 1207808 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22874_none_980e282105e9f1bf\urlmon.dll
+ 2009-07-23 21:33 . 2009-05-09 05:49 1207808 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18783_none_9778bb1fecd5548f\urlmon.dll
+ 2009-07-23 21:30 . 2009-03-08 11:34 1206784 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18702_none_97ce3a35ec955bb0\urlmon.dll
- 2006-11-02 10:22 . 2009-07-16 20:31 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2009-07-23 21:31 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-12-12 20:31 . 2009-07-23 06:12 1550240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-12-12 20:31 . 2009-07-22 06:44 1550240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-23 21:39 . 2009-07-23 21:39 6291456 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-07-23 21:33 . 2009-05-12 22:35 11064832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieframe.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 11064832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieframe.dll
+ 2009-07-23 21:30 . 2009-03-08 11:39 11063808 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieframe.dll
+ 2009-05-13 13:34 . 2009-07-23 21:33 47922768 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-12 39408]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-05 270336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-22 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-08 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-12-12 24576]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-12 641208]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-10-17 6295552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-11-06 02:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe /display_progress \SystemRoot\WinSxS\pending.xml
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{295C1DDF-6614-428C-9ADD-56B514912159}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{24726054-410A-4CF8-903D-DE27ED0576AE}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{422D9217-6272-47A0-A91A-E320718B79FA}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{B5A971EE-5A9F-4957-BA38-5AF7276C5FCA}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{252F6353-27D0-4FD3-94E1-27A440443EAA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{44BE83E6-925B-4B2E-997A-25C3F1FE3710}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3EFFAA12-B9F2-4458-8E2C-148181C3FE31}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4DF46B87-F62F-4AD8-8F21-A517C359C156}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{3C249B11-FFBE-4174-8CB7-70150E25D113}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [12.1.2008 3:50 30312]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12.12.2008 22:04 203280]
R2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [12.12.2008 22:26 303104]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18.4.2007 6:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [8.12.2008 23:25 104992]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [12.12.2008 22:01 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\VAIO Power Management\SPMService.exe [9.12.2008 1:31 415584]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [12.9.2008 5:28 446464]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [12.12.2008 22:14 337184]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [12.12.2008 22:01 17920]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [8.12.2008 19:46 9344]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9.12.2008 1:30 30192]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.2.2007 15:29 29178224]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\VAIO Media plus\SOHCImp.exe [12.12.2008 22:18 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\VAIO Media plus\SOHDms.exe [12.12.2008 22:18 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\VAIO Media plus\SOHDs.exe [12.12.2008 22:18 62752]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [12.12.2008 22:14 83232]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
.
Obsah adresáře 'Naplánované úlohy'
2008-12-12 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-12 02:10]
2008-12-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-12 02:10]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {6274A93D-AFAC-4744-B54D-A49AB25312A4} = 10.0.0.138
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
Celkový čas: 2009-07-23 23:48
ComboFix-quarantined-files.txt 2009-07-23 21:48
ComboFix2.txt 2009-07-22 16:45
Před spuštěním: Volných bajtů: 157 794 541 568
Po spuštění: Volných bajtů: 157 234 335 744
305 --- E O F --- 2009-07-23 21:33
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.2938.1665 [GMT 2:00]
Spuštěný z: c:\users\Nguyet\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Nguyet\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý
FILE ::
"c:\users\Nguyet\AppData\Local\d3d9caps.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Nguyet\AppData\Local\d3d9caps.dat
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-06-23 do 2009-07-23 )))))))))))))))))))))))))))))))
.
2009-07-21 14:15 . 2009-07-21 14:15 -------- d-----w- c:\users\Nguyet\AppData\Roaming\Malwarebytes
2009-07-21 14:14 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-21 14:14 . 2009-07-21 14:14 -------- d-----w- c:\programdata\Malwarebytes
2009-07-21 14:14 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-21 14:14 . 2009-07-21 14:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 19:26 . 2009-07-16 19:26 -------- d-----w- c:\program files\Trend Micro
2009-07-16 12:16 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-16 12:16 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-16 12:16 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-16 12:16 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 21:34 . 2008-12-08 17:53 645540 ----a-w- c:\windows\system32\perfh005.dat
2009-07-23 21:34 . 2008-12-08 17:53 132514 ----a-w- c:\windows\system32\perfc005.dat
2009-07-19 19:32 . 2008-12-12 20:01 -------- d-----w- c:\program files\McAfee
2009-07-17 19:39 . 2008-12-08 21:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-17 19:38 . 2009-03-04 20:29 1844883 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-07-16 20:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-25 17:47 . 2009-06-18 06:21 -------- d-----w- c:\program files\GameSpy Arcade
2009-06-05 17:31 . 2009-06-05 17:26 -------- d-----w- c:\users\Nguyet\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-06-02 17:46 . 2009-06-02 17:46 -------- d-----w- c:\program files\Electronic Arts
2009-05-13 19:25 . 2009-05-13 19:25 564083 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
2009-05-13 19:25 . 2009-05-13 19:25 2412275 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\CFCSetup.exe
2009-05-13 19:25 . 2009-05-13 19:25 583337 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
2009-05-13 06:03 . 2009-05-13 19:24 2981419 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\Setup.exe
2009-05-13 06:01 . 2009-05-13 19:24 209176 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\CC8FDF08\3E688669\OEActiveXDLL.dll
2009-05-13 06:01 . 2009-05-13 19:24 127256 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\36F1A852\3E688669\MyDll.dll
2009-05-13 06:01 . 2009-05-13 19:24 102680 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
2009-05-13 06:01 . 2009-05-13 19:24 151832 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
2009-05-13 06:01 . 2009-05-13 19:24 250136 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll
2009-05-13 06:01 . 2009-05-13 19:24 296264 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbterm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295656 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbrunwlm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295328 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbrewlm.exe
2009-05-13 06:01 . 2009-05-13 19:24 295896 -c--a-w- c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\stbreaim.exe
2009-04-30 12:37 . 2009-06-11 20:36 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-11 20:36 428544 ----a-w- c:\windows\system32\EncDec.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-22_16.44.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-23 21:31 . 2009-03-08 11:32 94720 c:\windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.6001.18702_none_7c2a7e005d93bd9b\inseng.dll
+ 2009-07-23 21:33 . 2009-05-12 22:35 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iesetup.dll
+ 2009-07-23 21:33 . 2009-05-12 22:35 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\iernonce.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iesetup.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\iernonce.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 71680 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iesetup.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 55808 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iernonce.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 59904 c:\windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_8.0.6001.18702_none_3d86a1c07a097782\icardie.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 34816 c:\windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_8.0.6001.18702_none_20dfeb2e08d9ec0a\imgutil.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 66560 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\wextract.exe
+ 2009-07-23 21:31 . 2009-03-08 11:31 48128 c:\windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_8.0.6001.18702_none_d658a8dacff20c9e\mshtmler.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 66560 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.18702_none_2b140bc159303551\mshtmled.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 45568 c:\windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18702_none_3c45119b1f28ff3d\mshta.exe
+ 2009-07-23 21:31 . 2009-03-08 11:31 13312 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedssync.exe
+ 2009-07-23 21:31 . 2009-03-08 11:31 55296 c:\windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedsbs.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 43008 c:\windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.18702_none_accc7a4465be292a\licmgr10.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 72704 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\admparse.dll
+ 2009-07-23 21:33 . 2009-05-12 22:49 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\WininetPlugin.dll
+ 2009-07-23 21:33 . 2009-05-12 22:36 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\jsproxy.dll
+ 2009-07-23 21:33 . 2009-05-09 05:50 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\WininetPlugin.dll
+ 2009-07-23 21:33 . 2009-05-09 05:35 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\jsproxy.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 64512 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\WininetPlugin.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 25600 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\jsproxy.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 18944 c:\windows\winsxs\x86_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.6001.18702_none_6f561c09617d9439\corpol.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 46592 c:\windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.6001.18702_none_d0b191832934e44c\pngfilt.dll
+ 2008-01-21 01:58 . 2009-07-23 20:29 52948 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-23 20:29 70478 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-07-22 06:54 70478 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-01 20:32 . 2009-07-23 21:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-01 20:32 . 2009-07-22 16:43 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-01 20:32 . 2009-07-23 21:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-01 20:32 . 2009-07-22 16:43 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-01 20:32 . 2009-07-22 16:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-01 20:32 . 2009-07-23 21:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-23 21:31 . 2009-03-08 11:35 2048 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18702_none_83daaad046b59436\iecompat.dll
- 2009-02-14 21:43 . 2009-06-05 21:57 1848 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-14 21:43 . 2009-07-22 20:37 1848 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-02-01 20:33 . 2009-07-23 20:29 9392 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1054141453-211329636-2874667663-1003_UserData.bin
- 2009-02-01 20:33 . 2009-07-22 06:54 9392 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1054141453-211329636-2874667663-1003_UserData.bin
+ 2009-07-22 16:55 . 2009-07-22 16:55 5362 c:\windows\System32\config\systemprofile\AppData\Roaming\SACore\Cache\DA39A3EE5E6B4B0D3255BFEF95601890AFD80709\2474B2570F19098354837673E72209085D7ED343\2474B2570F19098354837673E72209085D7ED343\Data.dat
+ 2009-07-23 21:33 . 2009-07-23 21:33 1670 c:\windows\SoftwareDistribution\PostRebootEventCache\{0215DAEF-2ECE-4C0D-A0F6-99DBBC2D98CD}.bin
+ 2009-07-23 20:27 . 2009-07-23 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-22 06:52 . 2009-07-22 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-22 06:52 . 2009-07-22 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-23 20:27 . 2009-07-23 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-23 21:31 . 2009-03-08 11:33 420352 c:\windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18702_none_2b4525a943b273a6\vbscript.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 726528 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18702_none_65cb0af10cefc76a\jscript.dll
+ 2009-07-23 21:31 . 2009-03-08 11:22 156160 c:\windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18702_none_aeeaf610b83f2e48\msls31.dll
+ 2009-07-23 21:31 . 2009-03-08 11:35 121344 c:\windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.6001.18702_none_1de359b6148047cc\jsdebuggeride.dll
+ 2009-07-23 21:30 . 2009-03-08 11:33 256000 c:\windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18702_none_cb86fb78a76dcdde\ieinstal.exe
+ 2009-07-23 21:33 . 2009-05-12 22:35 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieui.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieui.dll
+ 2009-07-23 21:31 . 2009-03-08 11:22 164352 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieui.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 105984 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.18702_none_d315f3a07395d0ed\url.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 208384 c:\windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18702_none_d4a239fe30224f93\WinFXDocObj.exe
+ 2009-07-23 21:31 . 2009-03-08 11:33 759296 c:\windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.6001.18702_none_d02233c4fe8667df\VGX.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 109056 c:\windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18702_none_fe7d3c2acfc7f690\iesysprep.dll
+ 2009-07-23 21:33 . 2009-05-12 20:35 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.22874_none_a8fbc5698d994fda\ie4uinit.exe
+ 2009-07-23 21:33 . 2009-05-09 03:36 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18783_none_a86658687484b2aa\ie4uinit.exe
+ 2009-07-23 21:31 . 2009-03-08 11:32 173056 c:\windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\ie4uinit.exe
+ 2009-07-23 21:33 . 2009-05-12 22:48 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\sqmapi.dll
+ 2009-07-23 21:33 . 2009-05-09 05:48 129536 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\sqmapi.dll
+ 2009-07-23 21:31 . 2009-03-08 21:09 140128 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\sqmapi.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 193536 c:\windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.6001.18702_none_aa7d60ae7286ab24\msrating.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 109568 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\PDMSetup.exe
+ 2009-07-23 21:31 . 2009-01-08 01:20 355832 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\pdm.dll
+ 2009-07-23 21:31 . 2009-01-08 01:20 265720 c:\windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\msdbg2.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 236544 c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18702_none_44170552678500f2\webcheck.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 109568 c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18702_none_1a118a8629ee860e\occache.dll
+ 2009-07-23 21:31 . 2009-03-08 11:35 233984 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.6001.18702_none_d5ea1c01e3fe67ea\jsprofilerui.dll
+ 2009-07-23 21:31 . 2009-03-08 11:35 118272 c:\windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.6001.18702_none_ed92bec9472aab53\JSProfilerCore.dll
+ 2009-07-23 21:31 . 2009-03-08 11:35 521216 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.18702_none_9d577137e370ad2c\jsdbgui.dll
+ 2009-07-23 21:30 . 2009-03-08 21:09 638816 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
+ 2009-07-23 21:31 . 2009-03-08 11:33 132608 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\ieUnatt.exe
+ 2009-07-23 21:31 . 2009-03-08 11:35 144384 c:\windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18702_none_10e8e2fad95106ab\ExtExport.exe
+ 2009-07-23 21:31 . 2009-03-08 11:32 169472 c:\windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\iexpress.exe
+ 2009-07-23 21:33 . 2009-05-12 22:35 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.22874_none_2ab8403ac959093f\IEShims.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 197632 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18783_none_2a22d339b0446c0f\IEShims.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 196096 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18702_none_2a78524fb0047330\IEShims.dll
+ 2009-07-23 21:33 . 2009-05-12 22:35 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.22874_none_7359f4a479b0a2d1\ieproxy.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 246272 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18783_none_72c487a3609c05a1\ieproxy.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 246784 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18702_none_731a06b9605c0cc2\ieproxy.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 115712 c:\windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18702_none_e9612e8087062a88\ielowutil.exe
+ 2009-07-23 21:32 . 2009-05-30 13:15 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22883_none_840ec88560132cdf\iecompat.dll
+ 2009-07-23 21:32 . 2009-06-02 03:27 102912 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18793_none_837a5bce46fda906\iecompat.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 125952 c:\windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18702_none_a0d17792aa595b3e\iecleanup.exe
+ 2009-07-23 21:31 . 2009-03-08 11:33 103936 c:\windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18702_none_9396116207a33bbc\SetDepNx.exe
+ 2009-07-23 21:31 . 2009-03-08 11:33 107520 c:\windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18702_none_0ad3f877399acafc\RegisterIEPKEYs.exe
+ 2009-07-23 21:31 . 2009-03-08 11:32 594432 c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18702_none_42d1aca65041d4fb\msfeeds.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 216064 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtrans.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 348160 c:\windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtmsft.dll
+ 2009-07-23 21:31 . 2009-03-08 11:35 742912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18702_none_1e902f2a55a1ce84\iedvtool.dll
+ 2009-07-23 21:31 . 2009-03-08 11:31 183808 c:\windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18702_none_1faea70907d94aa5\iepeers.dll
+ 2009-07-23 21:31 . 2009-03-08 11:11 445952 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 163840 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieakui.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 229376 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieaksie.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 125952 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.6001.18702_none_87015889ddff063f\ieakeng.dll
+ 2009-07-23 21:33 . 2009-05-12 22:34 385536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.22874_none_577b7cbe869d3919\iedkcs32.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 385536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18783_none_56e60fbd6d889be9\iedkcs32.dll
+ 2009-07-23 21:31 . 2009-03-08 21:09 391536 c:\windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18702_none_573b8ed36d48a30a\iedkcs32.dll
+ 2009-07-23 21:33 . 2009-05-12 22:49 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.22874_none_e51403c2d0f31852\wininet.dll
+ 2009-07-23 21:33 . 2009-05-09 05:50 915456 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18783_none_e47e96c1b7de7b22\wininet.dll
+ 2009-07-23 21:31 . 2009-03-08 11:34 914944 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 611840 c:\windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18702_none_c3b0c8fe923e1b1f\mstime.dll
+ 2009-07-23 21:31 . 2009-03-08 11:33 107008 c:\windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18702_none_eb622404d6d4cb81\SetIEInstalledDate.exe
+ 2009-07-23 21:31 . 2009-03-08 11:32 128512 c:\windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_8.0.6001.18702_none_8eb687d4089bfe4d\advpack.dll
+ 2009-02-03 23:32 . 2009-07-23 06:09 235688 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2009-07-17 18:34 633886 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-23 21:34 633886 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-23 21:34 118772 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-17 18:34 118772 c:\windows\System32\perfc009.dat
+ 2009-07-23 21:33 . 2009-05-12 22:35 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.22874_none_2aceba9ebba436af\iertutil.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18783_none_2a394d9da28f997f\iertutil.dll
+ 2009-07-23 21:31 . 2009-03-08 11:32 1985024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\iertutil.dll
+ 2009-07-23 21:33 . 2009-05-12 22:39 5936128 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.22874_none_f66e22e151498188\mshtml.dll
+ 2009-07-23 21:33 . 2009-05-09 05:38 5936128 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18783_none_f5d8b5e03834e458\mshtml.dll
+ 2009-07-23 21:30 . 2009-03-08 11:41 5937152 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
+ 2009-07-23 21:31 . 2009-02-07 04:07 3698584 c:\windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dat
+ 2009-07-23 21:33 . 2009-05-12 22:48 1207808 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.22874_none_980e282105e9f1bf\urlmon.dll
+ 2009-07-23 21:33 . 2009-05-09 05:49 1207808 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18783_none_9778bb1fecd5548f\urlmon.dll
+ 2009-07-23 21:30 . 2009-03-08 11:34 1206784 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18702_none_97ce3a35ec955bb0\urlmon.dll
- 2006-11-02 10:22 . 2009-07-16 20:31 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22 . 2009-07-23 21:31 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-12-12 20:31 . 2009-07-23 06:12 1550240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-12-12 20:31 . 2009-07-22 06:44 1550240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-23 21:39 . 2009-07-23 21:39 6291456 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-07-23 21:33 . 2009-05-12 22:35 11064832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.22874_none_47cd7ce4dd3f0fb5\ieframe.dll
+ 2009-07-23 21:33 . 2009-05-09 05:34 11064832 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18783_none_47380fe3c42a7285\ieframe.dll
+ 2009-07-23 21:30 . 2009-03-08 11:39 11063808 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieframe.dll
+ 2009-05-13 13:34 . 2009-07-23 21:33 47922768 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-12 39408]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-05 270336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-22 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-08 30192]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-08-25 144784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-12-12 24576]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-12 641208]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-10-17 6295552]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-11-06 02:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\poqexec.exe /display_progress \SystemRoot\WinSxS\pending.xml
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{295C1DDF-6614-428C-9ADD-56B514912159}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{24726054-410A-4CF8-903D-DE27ED0576AE}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{422D9217-6272-47A0-A91A-E320718B79FA}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{B5A971EE-5A9F-4957-BA38-5AF7276C5FCA}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{252F6353-27D0-4FD3-94E1-27A440443EAA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{44BE83E6-925B-4B2E-997A-25C3F1FE3710}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3EFFAA12-B9F2-4458-8E2C-148181C3FE31}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4DF46B87-F62F-4AD8-8F21-A517C359C156}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{3C249B11-FFBE-4174-8CB7-70150E25D113}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [12.1.2008 3:50 30312]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12.12.2008 22:04 203280]
R2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [12.12.2008 22:26 303104]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18.4.2007 6:09 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [8.12.2008 23:25 104992]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [12.12.2008 22:01 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\VAIO Power Management\SPMService.exe [9.12.2008 1:31 415584]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [12.9.2008 5:28 446464]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [12.12.2008 22:14 337184]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [12.12.2008 22:01 17920]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [8.12.2008 19:46 9344]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9.12.2008 1:30 30192]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10.2.2007 15:29 29178224]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\VAIO Media plus\SOHCImp.exe [12.12.2008 22:18 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\VAIO Media plus\SOHDms.exe [12.12.2008 22:18 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\VAIO Media plus\SOHDs.exe [12.12.2008 22:18 62752]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [12.12.2008 22:14 83232]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - MBAMSwissArmy
.
Obsah adresáře 'Naplánované úlohy'
2008-12-12 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-12 02:10]
2008-12-12 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-12-12 02:10]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {6274A93D-AFAC-4744-B54D-A49AB25312A4} = 10.0.0.138
.
**************************************************************************
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory:
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
Celkový čas: 2009-07-23 23:48
ComboFix-quarantined-files.txt 2009-07-23 21:48
ComboFix2.txt 2009-07-22 16:45
Před spuštěním: Volných bajtů: 157 794 541 568
Po spuštění: Volných bajtů: 157 234 335 744
305 --- E O F --- 2009-07-23 21:33
Re: PROSIM O KONTROLU LOGU
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:53, on 16.7.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbappHelper.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\McAfee\MSC\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.0.0.610\HPIEAddOn.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.1.0.3900\NPIEAddOn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbapp.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ano
O17 - HKLM\Software\..\Telephony: DomainName = ano
O17 - HKLM\System\CCS\Services\Tcpip\..\{6274A93D-AFAC-4744-B54D-A49AB25312A4}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ano
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ano
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0297931247771837) (0297931247771837mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\029793~1.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12910 bytes
Scan saved at 21:27:53, on 16.7.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbappHelper.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\McAfee\MSC\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.0.0.610\HPIEAddOn.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.1.0.3900\NPIEAddOn.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SmileyApp] C:\Program Files\DoubleD\Desktop Smiley Toolbar\3.10.3.13450\stbapp.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ano
O17 - HKLM\Software\..\Telephony: DomainName = ano
O17 - HKLM\System\CCS\Services\Tcpip\..\{6274A93D-AFAC-4744-B54D-A49AB25312A4}: NameServer = 10.0.0.138
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ano
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ano
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0297931247771837) (0297931247771837mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\029793~1.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12910 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: PROSIM O KONTROLU LOGU
Co toto:
Toto otestuj na Virustotal (odkaz výše)
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\CFCSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\Setup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll
?
Vlož sem nový log z HJT, tento má špatné datum i čas...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:53, on 16.7.2009
máš správně nastaveno v PC?
Toto otestuj na Virustotal (odkaz výše)
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\CFCSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\Setup.exe
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\3FA86A06\3E688669\HookAPINT.dll
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\C90EEF64\3E688669\AxGifAnimator.dll
c:\programdata\{92C12939-C613-44F3-B0C5-EE1D2A3A1E7B}\OFFLINE\A53562F1\3E688669\AIMActiveXDLL.dll
?
Vlož sem nový log z HJT, tento má špatné datum i čas...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:27:53, on 16.7.2009
máš správně nastaveno v PC?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: PROSIM O KONTROLU LOGU
Antivirus Version Last Update Result
AhnLab-V3 5.0.0.2 2009.05.15 -
AntiVir 7.9.0.168 2009.05.15 -
Antiy-AVL 2.0.3.1 2009.05.15 -
Authentium 5.1.2.4 2009.05.15 -
Avast 4.8.1335.0 2009.05.15 -
AVG 8.5.0.336 2009.05.15 -
BitDefender 7.2 2009.05.15 -
CAT-QuickHeal 10.00 2009.05.15 -
ClamAV 0.94.1 2009.05.15 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.15 -
eSafe 7.0.17.0 2009.05.14 -
eTrust-Vet 31.6.6507 2009.05.15 -
F-Prot 4.4.4.56 2009.05.15 -
F-Secure 8.0.14470.0 2009.05.15 -
Fortinet 3.117.0.0 2009.05.15 -
GData 19 2009.05.15 -
Ikarus T3.1.1.49.0 2009.05.15 -
K7AntiVirus 7.10.735 2009.05.14 -
Kaspersky 7.0.0.125 2009.05.15 -
McAfee 5616 2009.05.15 -
McAfee+Artemis 5616 2009.05.15 -
McAfee-GW-Edition 6.7.6 2009.05.15 -
Microsoft 1.4602 2009.05.15 -
NOD32 4080 2009.05.15 -
Norman 2009.05.14 -
nProtect 2009.1.8.0 2009.05.15 -
Panda 10.0.0.14 2009.05.15 -
PCTools 4.4.2.0 2009.05.15 -
Prevx 3.0 2009.05.15 -
Rising 21.29.44.00 2009.05.15 -
Sophos 4.41.0 2009.05.15 -
Sunbelt 3.2.1858.2 2009.05.15 -
Symantec 1.4.4.12 2009.05.15 -
TheHacker 6.3.4.1.326 2009.05.15 -
TrendMicro 8.950.0.1092 2009.05.15 -
VBA32 3.12.10.5 2009.05.15 -
ViRobot 2009.5.15.1737 2009.05.15 -
VirusBuster 4.6.5.0 2009.05.15 -
Additional information
File size: 564083 bytes
MD5 : 3604e6afcfefcbca21193428cd248473
SHA1 : 8e72d5cea91897d820cf774e826bc57c0ea83f88
SHA256: 755503346d99b00fff75face64281eab89f3c3e12d1acdb77b2887aac256e2ce
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9A58
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x9174 0x9200 6.57 ea92e1415bc80e2738e334267ebbb921
DATA 0xB000 0x24C 0x400 2.74 f96da19d2571a42bdff1b9e8bd62ec99
BSS 0xC000 0xE48 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xD000 0x950 0xA00 4.43 bb5485bf968b970e5ea81292af2acdba
.tls 0xE000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xF000 0x18 0x200 0.20 9ba824905bf9c7922b6fc87a38b74366
.reloc 0x10000 0x8B4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x11000 0x9D38 0x9E00 4.77 736bfb99ad5e7d17f66c4d4e38262792
( 5 imports )
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges
> comctl32.dll: InitCommonControls
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle, WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
> user32.dll: MessageBoxA, TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
( 0 exports )
TrID : File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
ssdeep: 12288:E2UtboP/+y4p0jUdEep/d6OxK+Qns7jN+U8NGJWq9L7yqZSsO:E2UqH+XpTnp/kO87nGptaGJWqhyqQsO
PEiD : -
RDS : NSRL Reference Data Set
AhnLab-V3 5.0.0.2 2009.05.15 -
AntiVir 7.9.0.168 2009.05.15 -
Antiy-AVL 2.0.3.1 2009.05.15 -
Authentium 5.1.2.4 2009.05.15 -
Avast 4.8.1335.0 2009.05.15 -
AVG 8.5.0.336 2009.05.15 -
BitDefender 7.2 2009.05.15 -
CAT-QuickHeal 10.00 2009.05.15 -
ClamAV 0.94.1 2009.05.15 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.15 -
eSafe 7.0.17.0 2009.05.14 -
eTrust-Vet 31.6.6507 2009.05.15 -
F-Prot 4.4.4.56 2009.05.15 -
F-Secure 8.0.14470.0 2009.05.15 -
Fortinet 3.117.0.0 2009.05.15 -
GData 19 2009.05.15 -
Ikarus T3.1.1.49.0 2009.05.15 -
K7AntiVirus 7.10.735 2009.05.14 -
Kaspersky 7.0.0.125 2009.05.15 -
McAfee 5616 2009.05.15 -
McAfee+Artemis 5616 2009.05.15 -
McAfee-GW-Edition 6.7.6 2009.05.15 -
Microsoft 1.4602 2009.05.15 -
NOD32 4080 2009.05.15 -
Norman 2009.05.14 -
nProtect 2009.1.8.0 2009.05.15 -
Panda 10.0.0.14 2009.05.15 -
PCTools 4.4.2.0 2009.05.15 -
Prevx 3.0 2009.05.15 -
Rising 21.29.44.00 2009.05.15 -
Sophos 4.41.0 2009.05.15 -
Sunbelt 3.2.1858.2 2009.05.15 -
Symantec 1.4.4.12 2009.05.15 -
TheHacker 6.3.4.1.326 2009.05.15 -
TrendMicro 8.950.0.1092 2009.05.15 -
VBA32 3.12.10.5 2009.05.15 -
ViRobot 2009.5.15.1737 2009.05.15 -
VirusBuster 4.6.5.0 2009.05.15 -
Additional information
File size: 564083 bytes
MD5 : 3604e6afcfefcbca21193428cd248473
SHA1 : 8e72d5cea91897d820cf774e826bc57c0ea83f88
SHA256: 755503346d99b00fff75face64281eab89f3c3e12d1acdb77b2887aac256e2ce
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9A58
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x9174 0x9200 6.57 ea92e1415bc80e2738e334267ebbb921
DATA 0xB000 0x24C 0x400 2.74 f96da19d2571a42bdff1b9e8bd62ec99
BSS 0xC000 0xE48 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xD000 0x950 0xA00 4.43 bb5485bf968b970e5ea81292af2acdba
.tls 0xE000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xF000 0x18 0x200 0.20 9ba824905bf9c7922b6fc87a38b74366
.reloc 0x10000 0x8B4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x11000 0x9D38 0x9E00 4.77 736bfb99ad5e7d17f66c4d4e38262792
( 5 imports )
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges
> comctl32.dll: InitCommonControls
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle, WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
> user32.dll: MessageBoxA, TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
( 0 exports )
TrID : File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
ssdeep: 12288:E2UtboP/+y4p0jUdEep/d6OxK+Qns7jN+U8NGJWq9L7yqZSsO:E2UqH+XpTnp/kO87nGptaGJWqhyqQsO
PEiD : -
RDS : NSRL Reference Data Set
Re: PROSIM O KONTROLU LOGU
Soubor DPTJQONEFB-70.pms.exe.SVD přijatý 2009.05.18 09:43:26 (UTC)Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 5.0.0.2 2009.05.18 -
AntiVir 7.9.0.168 2009.05.18 -
Antiy-AVL 2.0.3.1 2009.05.18 -
Authentium 5.1.2.4 2009.05.17 -
Avast 4.8.1335.0 2009.05.17 -
AVG 8.5.0.336 2009.05.18 -
BitDefender 7.2 2009.05.18 -
CAT-QuickHeal 10.00 2009.05.15 -
ClamAV 0.94.1 2009.05.18 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.18 -
eSafe 7.0.17.0 2009.05.17 -
eTrust-Vet 31.6.6508 2009.05.16 -
F-Prot 4.4.4.56 2009.05.17 -
F-Secure 8.0.14470.0 2009.05.16 -
Fortinet 3.117.0.0 2009.05.18 -
GData 19 2009.05.18 -
Ikarus T3.1.1.49.0 2009.05.18 -
K7AntiVirus 7.10.737 2009.05.16 -
Kaspersky 7.0.0.125 2009.05.18 -
McAfee 5618 2009.05.17 -
McAfee+Artemis 5618 2009.05.17 -
McAfee-GW-Edition 6.7.6 2009.05.18 -
Microsoft 1.4602 2009.05.18 -
NOD32 4082 2009.05.18 -
Norman 2009.05.16 -
nProtect 2009.1.8.0 2009.05.18 -
Panda 10.0.0.14 2009.05.18 -
PCTools 4.4.2.0 2009.05.17 -
Prevx 3.0 2009.05.18 -
Rising 21.30.02.00 2009.05.18 -
Sophos 4.41.0 2009.05.17 -
Sunbelt 3.2.1858.2 2009.05.17 -
Symantec 1.4.4.12 2009.05.18 -
TheHacker 6.3.4.1.326 2009.05.18 -
TrendMicro 8.950.0.1092 2009.05.18 -
VBA32 3.12.10.5 2009.05.18 -
ViRobot 2009.5.18.1738 2009.05.18 -
VirusBuster 4.6.5.0 2009.05.18 -
Rozšiřující informace
File size: 2412275 bytes
MD5 : 1b2167afcf393e343908b83580e7ea92
SHA1 : 53be6f6edab91c0be94d316a1784f46e9487dae4
SHA256: 2cec5a332d02de8e2de053b071264ac68b0cfd877199f4230244f2ad6318805e
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x9A58<BR>timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x9174 0x9200 6.57 ea92e1415bc80e2738e334267ebbb921<BR>DATA 0xB000 0x24C 0x400 2.74 f96da19d2571a42bdff1b9e8bd62ec99<BR>BSS 0xC000 0xE48 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xD000 0x950 0xA00 4.43 bb5485bf968b970e5ea81292af2acdba<BR>.tls 0xE000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xF000 0x18 0x200 0.20 9ba824905bf9c7922b6fc87a38b74366<BR>.reloc 0x10000 0x8B4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rsrc 0x11000 0x2A00 0x2A00 4.50 ec4de9aa205526509210a155e24a81e4<BR><BR>( 5 imports )<BR><BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges<BR>> comctl32.dll: InitCommonControls<BR>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle, WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle<BR>> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen<BR>> user32.dll: MessageBoxA, TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA<BR><BR>( 0 exports )<BR>
TrID : File type identification<BR>Win32 Executable Generic (38.4%)<BR>Win32 Dynamic Link Library (generic) (34.1%)<BR>Win16/32 Executable Delphi generic (9.3%)<BR>Generic Win/DOS Executable (9.0%)<BR>DOS Executable Generic (9.0%)
ssdeep: 49152:v2tbUXgVu1wKdI3EamYZP07AOUN2dSv5NqSnOLsepbK5Xy4fBfaV:utoXiCwn3EaX10WN2ERNqSqPpKrm
PEiD : -
packers (F-Prot): ZIP
RDS : NSRL Reference Data Set<BR>-
AhnLab-V3 5.0.0.2 2009.05.18 -
AntiVir 7.9.0.168 2009.05.18 -
Antiy-AVL 2.0.3.1 2009.05.18 -
Authentium 5.1.2.4 2009.05.17 -
Avast 4.8.1335.0 2009.05.17 -
AVG 8.5.0.336 2009.05.18 -
BitDefender 7.2 2009.05.18 -
CAT-QuickHeal 10.00 2009.05.15 -
ClamAV 0.94.1 2009.05.18 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.18 -
eSafe 7.0.17.0 2009.05.17 -
eTrust-Vet 31.6.6508 2009.05.16 -
F-Prot 4.4.4.56 2009.05.17 -
F-Secure 8.0.14470.0 2009.05.16 -
Fortinet 3.117.0.0 2009.05.18 -
GData 19 2009.05.18 -
Ikarus T3.1.1.49.0 2009.05.18 -
K7AntiVirus 7.10.737 2009.05.16 -
Kaspersky 7.0.0.125 2009.05.18 -
McAfee 5618 2009.05.17 -
McAfee+Artemis 5618 2009.05.17 -
McAfee-GW-Edition 6.7.6 2009.05.18 -
Microsoft 1.4602 2009.05.18 -
NOD32 4082 2009.05.18 -
Norman 2009.05.16 -
nProtect 2009.1.8.0 2009.05.18 -
Panda 10.0.0.14 2009.05.18 -
PCTools 4.4.2.0 2009.05.17 -
Prevx 3.0 2009.05.18 -
Rising 21.30.02.00 2009.05.18 -
Sophos 4.41.0 2009.05.17 -
Sunbelt 3.2.1858.2 2009.05.17 -
Symantec 1.4.4.12 2009.05.18 -
TheHacker 6.3.4.1.326 2009.05.18 -
TrendMicro 8.950.0.1092 2009.05.18 -
VBA32 3.12.10.5 2009.05.18 -
ViRobot 2009.5.18.1738 2009.05.18 -
VirusBuster 4.6.5.0 2009.05.18 -
Rozšiřující informace
File size: 2412275 bytes
MD5 : 1b2167afcf393e343908b83580e7ea92
SHA1 : 53be6f6edab91c0be94d316a1784f46e9487dae4
SHA256: 2cec5a332d02de8e2de053b071264ac68b0cfd877199f4230244f2ad6318805e
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x9A58<BR>timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x9174 0x9200 6.57 ea92e1415bc80e2738e334267ebbb921<BR>DATA 0xB000 0x24C 0x400 2.74 f96da19d2571a42bdff1b9e8bd62ec99<BR>BSS 0xC000 0xE48 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xD000 0x950 0xA00 4.43 bb5485bf968b970e5ea81292af2acdba<BR>.tls 0xE000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xF000 0x18 0x200 0.20 9ba824905bf9c7922b6fc87a38b74366<BR>.reloc 0x10000 0x8B4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rsrc 0x11000 0x2A00 0x2A00 4.50 ec4de9aa205526509210a155e24a81e4<BR><BR>( 5 imports )<BR><BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges<BR>> comctl32.dll: InitCommonControls<BR>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle, WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle<BR>> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen<BR>> user32.dll: MessageBoxA, TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA<BR><BR>( 0 exports )<BR>
TrID : File type identification<BR>Win32 Executable Generic (38.4%)<BR>Win32 Dynamic Link Library (generic) (34.1%)<BR>Win16/32 Executable Delphi generic (9.3%)<BR>Generic Win/DOS Executable (9.0%)<BR>DOS Executable Generic (9.0%)
ssdeep: 49152:v2tbUXgVu1wKdI3EamYZP07AOUN2dSv5NqSnOLsepbK5Xy4fBfaV:utoXiCwn3EaX10WN2ERNqSqPpKrm
PEiD : -
packers (F-Prot): ZIP
RDS : NSRL Reference Data Set<BR>-
Re: PROSIM O KONTROLU LOGU
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 5.0.0.2 2009.05.24 -
AntiVir 7.9.0.168 2009.05.24 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.24 -
Avast 4.8.1335.0 2009.05.24 -
AVG 8.5.0.339 2009.05.24 -
BitDefender 7.2 2009.05.24 -
CAT-QuickHeal 10.00 2009.05.23 -
ClamAV 0.94.1 2009.05.24 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.24 -
eSafe 7.0.17.0 2009.05.24 -
eTrust-Vet 31.6.6519 2009.05.23 -
F-Prot 4.4.4.56 2009.05.24 -
F-Secure 8.0.14470.0 2009.05.23 -
Fortinet 3.117.0.0 2009.05.24 -
GData 19 2009.05.24 -
Ikarus T3.1.1.49.0 2009.05.24 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.24 -
McAfee 5625 2009.05.24 -
McAfee+Artemis 5625 2009.05.24 -
McAfee-GW-Edition 6.7.6 2009.05.24 -
Microsoft 1.4701 2009.05.24 -
NOD32 4098 2009.05.22 -
Norman 2009.05.22 -
nProtect 2009.1.8.0 2009.05.24 -
Panda 10.0.0.14 2009.05.24 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.24 -
Rising 21.30.62.00 2009.05.24 -
Sophos 4.42.0 2009.05.24 -
Sunbelt 3.2.1858.2 2009.05.24 -
Symantec 1.4.4.12 2009.05.24 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.23 -
VBA32 3.12.10.5 2009.05.24 -
ViRobot 2009.5.23.1749 2009.05.23 -
VirusBuster 4.6.5.0 2009.05.24 -
Rozšiřující informace
File size: 583337 bytes
MD5 : 22569361a3b117db87903b498c974793
SHA1 : 533b410b1c6f661aa0466c7ce988666337d61b22
SHA256: 2cf9e86fc386dd92eab683c0ba605c508065e66b09f0906d4ecb424ca6bc0986
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9A58
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x9174 0x9200 6.57 ea92e1415bc80e2738e334267ebbb921
DATA 0xB000 0x24C 0x400 2.74 f96da19d2571a42bdff1b9e8bd62ec99
BSS 0xC000 0xE48 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xD000 0x950 0xA00 4.43 bb5485bf968b970e5ea81292af2acdba
.tls 0xE000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xF000 0x18 0x200 0.20 9ba824905bf9c7922b6fc87a38b74366
.reloc 0x10000 0x8B4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x11000 0x9D38 0x9E00 4.77 5c74e959eb546f7aecd3a42d4e914f7a
( 5 imports )
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges
> comctl32.dll: InitCommonControls
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle, WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
> user32.dll: MessageBoxA, TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
( 0 exports )
TrID : File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 498c974793
ssdeep: 12288:E2UtMi8FjVdh9IB74hI+Ms7jN+U8NGJWq9L7yqZSsO:E2USRFjVdI74hINGptaGJWqhyqQsO
PEiD : -
RDS : NSRL Reference Data Set
-
AhnLab-V3 5.0.0.2 2009.05.24 -
AntiVir 7.9.0.168 2009.05.24 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.24 -
Avast 4.8.1335.0 2009.05.24 -
AVG 8.5.0.339 2009.05.24 -
BitDefender 7.2 2009.05.24 -
CAT-QuickHeal 10.00 2009.05.23 -
ClamAV 0.94.1 2009.05.24 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.24 -
eSafe 7.0.17.0 2009.05.24 -
eTrust-Vet 31.6.6519 2009.05.23 -
F-Prot 4.4.4.56 2009.05.24 -
F-Secure 8.0.14470.0 2009.05.23 -
Fortinet 3.117.0.0 2009.05.24 -
GData 19 2009.05.24 -
Ikarus T3.1.1.49.0 2009.05.24 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.24 -
McAfee 5625 2009.05.24 -
McAfee+Artemis 5625 2009.05.24 -
McAfee-GW-Edition 6.7.6 2009.05.24 -
Microsoft 1.4701 2009.05.24 -
NOD32 4098 2009.05.22 -
Norman 2009.05.22 -
nProtect 2009.1.8.0 2009.05.24 -
Panda 10.0.0.14 2009.05.24 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.24 -
Rising 21.30.62.00 2009.05.24 -
Sophos 4.42.0 2009.05.24 -
Sunbelt 3.2.1858.2 2009.05.24 -
Symantec 1.4.4.12 2009.05.24 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.23 -
VBA32 3.12.10.5 2009.05.24 -
ViRobot 2009.5.23.1749 2009.05.23 -
VirusBuster 4.6.5.0 2009.05.24 -
Rozšiřující informace
File size: 583337 bytes
MD5 : 22569361a3b117db87903b498c974793
SHA1 : 533b410b1c6f661aa0466c7ce988666337d61b22
SHA256: 2cf9e86fc386dd92eab683c0ba605c508065e66b09f0906d4ecb424ca6bc0986
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x9A58
timedatestamp.....: 0x2A425E19 (Sat Jun 20 00:22:17 1992)
machinetype.......: 0x14C (Intel I386)
( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x9174 0x9200 6.57 ea92e1415bc80e2738e334267ebbb921
DATA 0xB000 0x24C 0x400 2.74 f96da19d2571a42bdff1b9e8bd62ec99
BSS 0xC000 0xE48 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xD000 0x950 0xA00 4.43 bb5485bf968b970e5ea81292af2acdba
.tls 0xE000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xF000 0x18 0x200 0.20 9ba824905bf9c7922b6fc87a38b74366
.reloc 0x10000 0x8B4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x11000 0x9D38 0x9E00 4.77 5c74e959eb546f7aecd3a42d4e914f7a
( 5 imports )
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges
> comctl32.dll: InitCommonControls
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle, WriteFile, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, Sleep, SizeofResource, SetLastError, SetFilePointer, SetErrorMode, SetEndOfFile, RemoveDirectoryA, ReadFile, LockResource, LoadResource, LoadLibraryA, IsDBCSLeadByte, GetWindowsDirectoryA, GetVersionExA, GetUserDefaultLangID, GetSystemInfo, GetSystemDefaultLCID, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetCurrentProcess, GetCommandLineA, GetACP, InterlockedExchange, FormatMessageA, FindResourceA, DeleteFileA, CreateProcessA, CreateFileA, CreateDirectoryA, CloseHandle
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen
> user32.dll: MessageBoxA, TranslateMessage, SetWindowLongA, PeekMessageA, MsgWaitForMultipleObjects, MessageBoxA, LoadStringA, ExitWindowsEx, DispatchMessageA, DestroyWindow, CreateWindowExA, CallWindowProcA, CharPrevA
( 0 exports )
TrID : File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
ThreatExpert: http://www.threatexpert.com/report.aspx ... 498c974793
ssdeep: 12288:E2UtMi8FjVdh9IB74hI+Ms7jN+U8NGJWq9L7yqZSsO:E2USRFjVdI74hINGptaGJWqhyqQsO
PEiD : -
RDS : NSRL Reference Data Set
-
Kdo je online
Uživatelé prohlížející si toto fórum: DotNetDotCom.org [Bot], Majestic-12 [Bot] a 6 hostů