prosim o kontrolu logu

[evuleban]

Dobry den pri spusteni mi to hlasi porad trojaka v Chii.exe,projela jsem to Ad-awarem,spybootem.ccleaner,avastem ale je tam porad.Jsem laik

Logfile of HijackThis v1.99.1
Scan saved at 10:57:48, on 17/12/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\System32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\System32\Atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\System32\internat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: MSWin--21737366.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3018453643
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejewe ... er_v10.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

[Reklama]

[fredik]

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejewe ... er_v10.cab

po zaškrtnutí klikni na FixChecked

tato položka se mi nelíbi O4 - Startup: MSWin--21737366.exe

Zkus to ještě projet a dej sem upravený log z Mwav.

Bylo by pak dobré si doinstalovat SP4 pro Windows 2000

[evuleban]

Fixla jsem cos rekl a tady je log z Mwav

Sun Dec 17 11:47:13 2006 => **********************************************************
Sun Dec 17 11:47:14 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sun Dec 17 11:47:14 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Sun Dec 17 11:47:14 2006 => **********************************************************
Sun Dec 17 11:47:14 2006 => Source: C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\GZCPOVO5\MWAV_1~1.EXE
Sun Dec 17 11:47:14 2006 => Version 8.8.1 (C:\DOCUME~1\user\LOCALS~1\Temp\mexe.com)
Sun Dec 17 11:47:14 2006 => Log File: C:\DOCUME~1\user\LOCALS~1\Temp\MWAV.LOG
Sun Dec 17 11:47:14 2006 => MWAV Registered: FALSE.
Sun Dec 17 11:47:14 2006 => User Account: user
Sun Dec 17 11:47:14 2006 => OS Type: Windows Workstation
Sun Dec 17 11:47:14 2006 => OS: Windows 2000
Sun Dec 17 11:47:14 2006 => Ver: Service Pack 2 (Build 2195)
Sun Dec 17 11:47:14 2006 => Windows Root Folder: C:\WINNT
Sun Dec 17 11:47:14 2006 => Windows Sys32 Folder: C:\WINNT\System32
Sun Dec 17 11:47:14 2006 => Local Fixed Drives: c:\
Sun Dec 17 11:47:14 2006 => MWAV Mode: Only Scan files.
Sun Dec 17 11:47:17 2006 => Latest Date of files inside MWAV: 16 Dec 2006 07:00:5.
Sun Dec 17 11:47:31 2006 => AV Library Loaded...
Sun Dec 17 11:47:31 2006 => MWAV doing self scanning...
Sun Dec 17 11:47:31 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\Getvlist.exe
Sun Dec 17 11:47:31 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\main.avi
Sun Dec 17 11:47:31 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\virus.avi
Sun Dec 17 11:47:31 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\ScanningProcess.exe
Sun Dec 17 11:47:31 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\Kave.dll
Sun Dec 17 11:47:31 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\prloader.dll
Sun Dec 17 11:47:31 2006 => MWAV files are clean.
Sun Dec 17 11:49:39 2006 => Virus Database Date: 12/16/2006
Sun Dec 17 11:49:39 2006 => Virus Database Count: 251300

Sun Dec 17 11:50:03 2006 => **********************************************************
Sun Dec 17 11:50:03 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sun Dec 17 11:50:03 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Sun Dec 17 11:50:03 2006 =>
Sun Dec 17 11:50:03 2006 => Support: support@mwti.net
Sun Dec 17 11:50:03 2006 => Web: http://www.mwti.net
Sun Dec 17 11:50:03 2006 => **********************************************************
Sun Dec 17 11:50:03 2006 => Version 8.8.1 (C:\DOCUME~1\user\LOCALS~1\Temp\mexe.com)
Sun Dec 17 11:50:03 2006 => Log File: C:\DOCUME~1\user\LOCALS~1\Temp\MWAV.LOG
Sun Dec 17 11:50:03 2006 => User Account: user
Sun Dec 17 11:50:03 2006 => Windows Root Folder: C:\WINNT
Sun Dec 17 11:50:03 2006 => Windows Sys32 Folder: C:\WINNT\System32
Sun Dec 17 11:50:03 2006 => OS: Windows 2000
Sun Dec 17 11:50:03 2006 => Ver: Service Pack 2 (Build 2195)
Sun Dec 17 11:50:04 2006 => Latest Date of files inside MWAV: 16 Dec 2006 07:00:5.

Sun Dec 17 11:50:04 2006 => Options Selected by User:
Sun Dec 17 11:50:04 2006 => Memory Check: Enabled
Sun Dec 17 11:50:04 2006 => Registry Check: Enabled
Sun Dec 17 11:50:04 2006 => StartUp Folder Check: Enabled
Sun Dec 17 11:50:04 2006 => System Folder Check: Enabled
Sun Dec 17 11:50:04 2006 => System Area Check: Disabled
Sun Dec 17 11:50:04 2006 => Services Check: Enabled
Sun Dec 17 11:50:04 2006 => Drive Check Option Disabled
Sun Dec 17 11:50:04 2006 => Folder Check: Disabled

Sun Dec 17 11:50:07 2006 => ***** Scanning Memory Files *****
Sun Dec 17 11:50:07 2006 => Scanning File C:\WINNT\System32\smss.exe
Sun Dec 17 11:50:07 2006 => Scanning File C:\WINNT\System32\ntdll.dll
Sun Dec 17 11:50:07 2006 => Scanning File C:\WINNT\System32\sfcfiles.dll
Sun Dec 17 11:50:08 2006 => Scanning File C:\WINNT\SYSTEM32\CSRSS.EXE
Sun Dec 17 11:50:08 2006 => Scanning File C:\WINNT\system32\CSRSRV.dll
Sun Dec 17 11:50:08 2006 => Scanning File C:\WINNT\system32\basesrv.dll
Sun Dec 17 11:50:08 2006 => Scanning File C:\WINNT\system32\winsrv.dll
Sun Dec 17 11:50:08 2006 => Scanning File C:\WINNT\system32\USER32.DLL
Sun Dec 17 11:50:08 2006 => Scanning File C:\WINNT\system32\KERNEL32.DLL
Sun Dec 17 11:50:08 2006 => Scanning File C:\WINNT\system32\GDI32.DLL
Sun Dec 17 11:50:08 2006 => Scanning File C:\WINNT\system32\ADVAPI32.dll
Sun Dec 17 11:50:09 2006 => Scanning File C:\WINNT\system32\RPCRT4.DLL
Sun Dec 17 11:50:09 2006 => Scanning File C:\WINNT\system32\SHELL32.dll
Sun Dec 17 11:50:09 2006 => Scanning File C:\WINNT\system32\SHLWAPI.DLL
Sun Dec 17 11:50:10 2006 => Scanning File C:\WINNT\system32\msvcrt.dll
Sun Dec 17 11:50:11 2006 => Scanning File C:\WINNT\system32\COMCTL32.DLL
Sun Dec 17 11:50:11 2006 => Scanning File C:\WINNT\system32\WININET.dll
Sun Dec 17 11:50:11 2006 => Scanning File C:\WINNT\system32\CRYPT32.dll
Sun Dec 17 11:50:11 2006 => Scanning File C:\WINNT\system32\MSASN1.DLL
Sun Dec 17 11:50:11 2006 => Scanning File C:\WINNT\system32\OLEAUT32.dll
Sun Dec 17 11:50:11 2006 => Scanning File C:\WINNT\system32\ole32.dll
Sun Dec 17 11:50:12 2006 => Scanning File C:\WINNT\system32\psapi.dll
Sun Dec 17 11:50:12 2006 => Scanning File C:\WINNT\SYSTEM32\WINLOGON.EXE
Sun Dec 17 11:50:12 2006 => Scanning File C:\WINNT\system32\USERENV.DLL
Sun Dec 17 11:50:12 2006 => Scanning File C:\WINNT\system32\NDDEAPI.DLL
Sun Dec 17 11:50:12 2006 => Scanning File C:\WINNT\system32\SFC.DLL
Sun Dec 17 11:50:12 2006 => Scanning File C:\WINNT\system32\SECUR32.DLL
Sun Dec 17 11:50:12 2006 => Scanning File C:\WINNT\system32\PROFMAP.DLL
Sun Dec 17 11:50:12 2006 => Scanning File C:\WINNT\system32\NETAPI32.dll
Sun Dec 17 11:50:12 2006 => Scanning File C:\WINNT\system32\NETRAP.DLL
Sun Dec 17 11:50:12 2006 => Scanning File C:\WINNT\system32\SAMLIB.DLL
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\WS2_32.DLL
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\WS2HELP.DLL
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\WLDAP32.DLL
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\DNSAPI.DLL
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\WSOCK32.DLL
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\msgina.dll
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\WINMM.dll
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\serwvdrv.dll
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\umdmxfrm.dll
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\setupapi.dll
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\wintrust.dll
Sun Dec 17 11:50:13 2006 => Scanning File C:\WINNT\system32\IMAGEHLP.dll
Sun Dec 17 11:50:14 2006 => Scanning File C:\WINNT\system32\mscat32.dll
Sun Dec 17 11:50:14 2006 => Scanning File C:\WINNT\system32\rsaenh.dll
Sun Dec 17 11:50:14 2006 => Scanning File C:\WINNT\system32\wdmaud.drv
Sun Dec 17 11:50:14 2006 => Scanning File C:\WINNT\system32\cscdll.dll
Sun Dec 17 11:50:14 2006 => Scanning File C:\WINNT\system32\WlNotify.dll
Sun Dec 17 11:50:14 2006 => Scanning File C:\WINNT\system32\WINSCARD.DLL
Sun Dec 17 11:50:14 2006 => Scanning File C:\WINNT\system32\WINSPOOL.DRV
Sun Dec 17 11:50:14 2006 => Scanning File C:\WINNT\system32\VERSION.dll
Sun Dec 17 11:50:14 2006 => Scanning File C:\WINNT\system32\LZ32.DLL
Sun Dec 17 11:50:14 2006 => Scanning File C:\WINNT\system32\cscui.dll
Sun Dec 17 11:50:14 2006 => Scanning File C:\WINNT\System32\CLBCATQ.DLL
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\system32\msv1_0.dll
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\System32\msacm32.drv
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\System32\MSACM32.dll
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\system32\services.exe
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\system32\UMPNPMGR.DLL
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\system32\SCESRV.DLL
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\system32\NTDSAPI.DLL
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\system32\eventlog.dll
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\system32\dhcpcsvc.dll
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\system32\ICMP.DLL
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\system32\IPHLPAPI.DLL
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\system32\MPRAPI.DLL
Sun Dec 17 11:50:15 2006 => Scanning File C:\WINNT\system32\ACTIVEDS.DLL
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\ADSLDPC.DLL
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\RTUTILS.DLL
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\RASAPI32.DLL
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\RASMAN.DLL
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\TAPI32.DLL
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\dnsrslvr.dll
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\lmhsvc.dll
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\msafd.dll
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\System32\wshtcpip.dll
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\WINSTA.DLL
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\dmserver.dll
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\CFGMGR32.DLL
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\Srvsvc.dll
Sun Dec 17 11:50:16 2006 => Scanning File C:\WINNT\system32\wkssvc.dll
Sun Dec 17 11:50:17 2006 => Scanning File C:\WINNT\system32\CRYPTDLL.DLL
Sun Dec 17 11:50:17 2006 => Scanning File C:\WINNT\system32\cryptsvc.dll
Sun Dec 17 11:50:17 2006 => Scanning File C:\WINNT\system32\psbase.dll
Sun Dec 17 11:50:17 2006 => Scanning File C:\WINNT\system32\seclogon.dll
Sun Dec 17 11:50:17 2006 => Scanning File C:\WINNT\system32\trkwks.dll
Sun Dec 17 11:50:17 2006 => Scanning File C:\WINNT\system32\browser.dll
Sun Dec 17 11:50:17 2006 => Scanning File C:\WINNT\system32\msgsvc.dll
Sun Dec 17 11:50:17 2006 => Scanning File C:\WINNT\system32\mswsock.dll
Sun Dec 17 11:50:17 2006 => Scanning File C:\WINNT\System32\rnr20.dll
Sun Dec 17 11:50:17 2006 => Scanning File C:\WINNT\System32\winrnr.dll
Sun Dec 17 11:50:17 2006 => Scanning File C:\WINNT\system32\rasadhlp.dll
Sun Dec 17 11:50:18 2006 => Scanning File C:\WINNT\system32\wmicore.dll
Sun Dec 17 11:50:18 2006 => Scanning File C:\WINNT\system32\lsass.exe
Sun Dec 17 11:50:18 2006 => Scanning File C:\WINNT\system32\LSASRV.dll
Sun Dec 17 11:50:18 2006 => Scanning File C:\WINNT\system32\SAMSRV.DLL
Sun Dec 17 11:50:18 2006 => Scanning File C:\WINNT\system32\msprivs.dll
Sun Dec 17 11:50:18 2006 => Scanning File C:\WINNT\system32\kerberos.dll
Sun Dec 17 11:50:18 2006 => Scanning File C:\WINNT\system32\netlogon.dll
Sun Dec 17 11:50:18 2006 => Scanning File C:\WINNT\system32\schannel.dll
Sun Dec 17 11:50:18 2006 => Scanning File C:\WINNT\system32\rsabase.dll
Sun Dec 17 11:50:19 2006 => Scanning File C:\WINNT\system32\mpr.dll
Sun Dec 17 11:50:19 2006 => Scanning File C:\WINNT\system32\scecli.dll
Sun Dec 17 11:50:19 2006 => Scanning File C:\WINNT\system32\polagent.dll
Sun Dec 17 11:50:19 2006 => Scanning File C:\WINNT\system32\MFC42U.DLL
Sun Dec 17 11:50:19 2006 => Scanning File C:\WINNT\system32\OAKLEY.DLL
Sun Dec 17 11:50:19 2006 => Scanning File C:\WINNT\system32\dssenh.dll
Sun Dec 17 11:50:19 2006 => Scanning File C:\WINNT\system32\svchost.exe
Sun Dec 17 11:50:19 2006 => Scanning File c:\winnt\system32\rpcss.dll
Sun Dec 17 11:50:20 2006 => Scanning File c:\winnt\system32\irmon.dll
Sun Dec 17 11:50:20 2006 => Scanning File C:\WINNT\System32\wshirda.dll
Sun Dec 17 11:50:20 2006 => Scanning File c:\winnt\system32\es.dll
Sun Dec 17 11:50:20 2006 => Scanning File c:\winnt\system32\TXFAUX.DLL
Sun Dec 17 11:50:20 2006 => Scanning File c:\winnt\system32\ntmssvc.dll
Sun Dec 17 11:50:20 2006 => Scanning File c:\winnt\system32\sens.dll
Sun Dec 17 11:50:21 2006 => Scanning File c:\winnt\system32\netman.dll
Sun Dec 17 11:50:21 2006 => Scanning File c:\winnt\system32\tapisrv.dll
Sun Dec 17 11:50:21 2006 => Scanning File C:\WINNT\system32\NETSHELL.dll
Sun Dec 17 11:50:21 2006 => Scanning File C:\WINNT\System32\ATL.DLL
Sun Dec 17 11:50:21 2006 => Scanning File C:\WINNT\System32\WMI.dll
Sun Dec 17 11:50:21 2006 => Scanning File c:\winnt\system32\rasmans.dll
Sun Dec 17 11:50:21 2006 => Scanning File c:\winnt\system32\netcfgx.dll
Sun Dec 17 11:50:21 2006 => Scanning File c:\winnt\system32\RASDLG.dll
Sun Dec 17 11:50:22 2006 => Scanning File C:\WINNT\System32\NTMSDBA.dll
Sun Dec 17 11:50:22 2006 => Scanning File C:\WINNT\System32\comsvcs.dll
Sun Dec 17 11:50:22 2006 => Scanning File C:\WINNT\System32\MSDTCPRX.dll
Sun Dec 17 11:50:22 2006 => Scanning File C:\WINNT\System32\MTXCLU.DLL
Sun Dec 17 11:50:22 2006 => Scanning File C:\WINNT\System32\CLUSAPI.DLL
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\RESUTILS.DLL
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\rastapi.dll
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\unimdm.tsp
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\uniplat.dll
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\NTMARTA.DLL
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\unimdmat.dll
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\modemui.dll
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\kmddsp.tsp
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\ndptsp.tsp
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\ipconf.tsp
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\h323.tsp
Sun Dec 17 11:50:23 2006 => Scanning File C:\WINNT\System32\rasppp.dll
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\System32\ntlsapi.dll
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\System32\raschap.dll
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\System32\rastls.dll
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\system32\spoolsv.exe
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\system32\SPOOLSS.DLL
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\system32\localspl.dll
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\system32\cnbjmon.dll
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\system32\pjlmon.dll
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\system32\tcpmon.dll
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\system32\usbmon.dll
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\system32\msfaxmon.dll
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\system32\win32spl.dll
Sun Dec 17 11:50:24 2006 => Scanning File C:\WINNT\system32\inetpp.dll
Sun Dec 17 11:50:25 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswUpdSv.exe
Sun Dec 17 11:50:25 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll
Sun Dec 17 11:50:25 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll
Sun Dec 17 11:50:25 2006 => Scanning File C:\WINNT\system32\MSVCP71.dll
Sun Dec 17 11:50:25 2006 => Scanning File C:\WINNT\system32\MSVCR71.dll
Sun Dec 17 11:50:26 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll
Sun Dec 17 11:50:26 2006 => Scanning File C:\WINNT\System32\ati2evxx.exe
Sun Dec 17 11:50:26 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashServ.exe
Sun Dec 17 11:50:26 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll
Sun Dec 17 11:50:26 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswEngin.dll
Sun Dec 17 11:50:26 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswScan.dll
Sun Dec 17 11:50:26 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll
Sun Dec 17 11:50:27 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll
Sun Dec 17 11:50:27 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswInteg.dll
Sun Dec 17 11:50:27 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswIdle.dll
Sun Dec 17 11:50:27 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll
Sun Dec 17 11:50:27 2006 => Scanning File C:\WINNT\system32\dbghelp.dll
Sun Dec 17 11:50:27 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\Czech\Base.dll
Sun Dec 17 11:50:27 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\UNACEV2.DLL
Sun Dec 17 11:50:28 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\AhResMai.dll
Sun Dec 17 11:50:28 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ahResMes.dll
Sun Dec 17 11:50:28 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\AhResNS.dll
Sun Dec 17 11:50:28 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\AhResOut.dll
Sun Dec 17 11:50:28 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ahResP2P.dll
Sun Dec 17 11:50:28 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\AhResStd.dll
Sun Dec 17 11:50:28 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\AhResWS.dll
Sun Dec 17 11:50:29 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashSSqlt.dll
Sun Dec 17 11:50:29 2006 => Scanning File C:\WINNT\System32\perfos.dll
Sun Dec 17 11:50:29 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswRes.dll
Sun Dec 17 11:50:29 2006 => Scanning File C:\WINNT\system32\regsvc.exe
Sun Dec 17 11:50:29 2006 => Scanning File C:\WINNT\system32\MSTask.exe
Sun Dec 17 11:50:29 2006 => Scanning File C:\WINNT\system32\MSIDLE.DLL
Sun Dec 17 11:50:29 2006 => Scanning File C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
Sun Dec 17 11:50:29 2006 => Scanning File C:\PROGRA~1\NORTON~1\SPEEDD~1\SDException.dll
Sun Dec 17 11:50:30 2006 => Scanning File C:\WINNT\system32\MSVCP60.dll
Sun Dec 17 11:50:30 2006 => Scanning File C:\PROGRA~1\NORTON~1\SPEEDD~1\SDOPTI~1.DLL
Sun Dec 17 11:50:30 2006 => Scanning File C:\WINNT\System32\WBEM\WinMgmt.exe
Sun Dec 17 11:50:30 2006 => Scanning File C:\WINNT\System32\WBEM\wbemcomn.dll
Sun Dec 17 11:50:30 2006 => Scanning File C:\WINNT\Explorer.EXE
Sun Dec 17 11:50:30 2006 => Scanning File C:\WINNT\System32\shim.dll
Sun Dec 17 11:50:31 2006 => Scanning File C:\WINNT\AppPatch\Win2kPropagateLayer.dll
Sun Dec 17 11:50:31 2006 => Scanning File C:\WINNT\System32\MSI.DLL
Sun Dec 17 11:50:31 2006 => Scanning File C:\WINNT\System32\SHDOCVW.DLL
Sun Dec 17 11:50:31 2006 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\SymTrHk.dll
Sun Dec 17 11:50:31 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:50:31 2006 => Scanning File C:\WINNT\system32\URLMON.DLL
Sun Dec 17 11:50:32 2006 => Scanning File C:\WINNT\System32\mlang.dll
Sun Dec 17 11:50:32 2006 => Scanning File C:\WINNT\System32\mshtml.dll
Sun Dec 17 11:50:32 2006 => Scanning File C:\WINNT\System32\sensapi.dll
Sun Dec 17 11:50:32 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:50:32 2006 => Scanning File C:\WINNT\System32\stobject.dll
Sun Dec 17 11:50:33 2006 => Scanning File C:\WINNT\System32\BATMETER.DLL
Sun Dec 17 11:50:33 2006 => Scanning File C:\WINNT\System32\POWRPROF.DLL
Sun Dec 17 11:50:33 2006 => Scanning File C:\WINNT\System32\INDICDLL.dll
Sun Dec 17 11:50:33 2006 => Scanning File C:\WINNT\System32\IMM32.dll
Sun Dec 17 11:50:33 2006 => Scanning File C:\WINNT\System32\mydocs.dll
Sun Dec 17 11:50:33 2006 => Scanning File C:\WINNT\System32\ntshrui.dll
Sun Dec 17 11:50:33 2006 => Scanning File C:\WINNT\System32\shdoclc.dll
Sun Dec 17 11:50:34 2006 => Scanning File C:\WINNT\System32\MSLS31.DLL
Sun Dec 17 11:50:34 2006 => Scanning File C:\WINNT\System32\jscript.dll
Sun Dec 17 11:50:34 2006 => Scanning File C:\WINNT\System32\mshtmled.dll
Sun Dec 17 11:50:34 2006 => Scanning File C:\WINNT\System32\browselc.dll
Sun Dec 17 11:50:35 2006 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Sun Dec 17 11:50:35 2006 => Scanning File C:\WINNT\System32\olepro32.dll
Sun Dec 17 11:50:35 2006 => Scanning File C:\WINNT\System32\webvw.dll
Sun Dec 17 11:50:35 2006 => Scanning File C:\WINNT\System32\docprop2.dll
Sun Dec 17 11:50:35 2006 => Scanning File C:\WINNT\System32\MSVFW32.DLL
Sun Dec 17 11:50:35 2006 => Scanning File C:\WINNT\System32\AVIFIL32.DLL
Sun Dec 17 11:50:35 2006 => Scanning File C:\WINNT\system32\faxshell.dll
Sun Dec 17 11:50:36 2006 => Scanning File C:\WINNT\System32\imgutil.dll
Sun Dec 17 11:50:36 2006 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Sun Dec 17 11:50:36 2006 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Sun Dec 17 11:50:36 2006 => Scanning File C:\PROGRA~1\ICQ\ICQShExt.dll
Sun Dec 17 11:50:36 2006 => Scanning File C:\PROGRA~1\ICQLite\ICQLIT~1.DLL
Sun Dec 17 11:50:36 2006 => Scanning File C:\WINNT\System32\MFC42.DLL
Sun Dec 17 11:50:37 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashShell.dll
Sun Dec 17 11:50:37 2006 => Scanning File C:\WINNT\System32\USP10.DLL
Sun Dec 17 11:50:37 2006 => Scanning File C:\WINNT\System32\actxprxy.dll
Sun Dec 17 11:50:37 2006 => Scanning File C:\WINNT\System32\ntlanman.dll
Sun Dec 17 11:50:37 2006 => Scanning File C:\WINNT\System32\NETUI0.DLL
Sun Dec 17 11:50:37 2006 => Scanning File C:\WINNT\System32\NETUI1.DLL
Sun Dec 17 11:50:37 2006 => Scanning File C:\WINNT\System32\LINKINFO.DLL
Sun Dec 17 11:50:37 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashMaiSv.exe
Sun Dec 17 11:50:38 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll
Sun Dec 17 11:50:38 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll
Sun Dec 17 11:50:38 2006 => Scanning File C:\WINNT\system32\MFC71.DLL
Sun Dec 17 11:50:38 2006 => Scanning File C:\WINNT\system32\RICHED20.DLL
Sun Dec 17 11:50:38 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\Czech\Lang.dll
Sun Dec 17 11:50:39 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\Czech\langmai.dll
Sun Dec 17 11:50:39 2006 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\SymTray.exe
Sun Dec 17 11:50:39 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe
Sun Dec 17 11:50:39 2006 => Scanning File C:\WINNT\System32\security.dll
Sun Dec 17 11:50:39 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashWsFtr.dll
Sun Dec 17 11:50:39 2006 => Scanning File C:\WINNT\System32\OLEACC.dll
Sun Dec 17 11:50:40 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll
Sun Dec 17 11:50:40 2006 => Scanning File C:\WINNT\System32\Atiptaxx.exe
Sun Dec 17 11:50:40 2006 => Scanning File C:\WINNT\System32\ATRPUIXX.ENU
Sun Dec 17 11:50:40 2006 => Scanning File C:\WINNT\System32\atipdsxx.dll
Sun Dec 17 11:50:40 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Sun Dec 17 11:50:40 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll
Sun Dec 17 11:50:40 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll
Sun Dec 17 11:50:40 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll
Sun Dec 17 11:50:41 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll
Sun Dec 17 11:50:41 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll
Sun Dec 17 11:50:41 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll
Sun Dec 17 11:50:41 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll
Sun Dec 17 11:50:41 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll
Sun Dec 17 11:50:41 2006 => Scanning File c:\PROGRA~1\ALWILS~1\avast4\ahruimai.dll
Sun Dec 17 11:50:41 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll
Sun Dec 17 11:50:41 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll
Sun Dec 17 11:50:42 2006 => Scanning File c:\PROGRA~1\ALWILS~1\avast4\ahruimes.dll
Sun Dec 17 11:50:42 2006 => Scanning File c:\PROGRA~1\ALWILS~1\avast4\ahruins.dll
Sun Dec 17 11:50:42 2006 => Scanning File c:\PROGRA~1\ALWILS~1\avast4\ahruiout.dll
Sun Dec 17 11:50:42 2006 => Scanning File C:\WINNT\System32\MAPI32.dll
Sun Dec 17 11:50:42 2006 => Scanning File c:\PROGRA~1\ALWILS~1\avast4\ahruip2p.dll
Sun Dec 17 11:50:42 2006 => Scanning File c:\PROGRA~1\ALWILS~1\avast4\ahruistd.dll
Sun Dec 17 11:50:42 2006 => Scanning File c:\PROGRA~1\ALWILS~1\avast4\ahruiws.dll
Sun Dec 17 11:50:43 2006 => Scanning File C:\WINNT\System32\internat.exe
Sun Dec 17 11:50:43 2006 => Scanning File C:\PROGRA~1\WinZip\WZQKPICK.EXE
Sun Dec 17 11:50:43 2006 => Scanning File C:\PROGRA~1\ICQ\ICQ.exe
Sun Dec 17 11:50:44 2006 => Scanning File C:\PROGRA~1\ICQ\Xprt.dll
Sun Dec 17 11:50:44 2006 => Scanning File C:\PROGRA~1\ICQ\ICQPlug.dll
Sun Dec 17 11:50:44 2006 => Scanning File C:\PROGRA~1\ICQ\ICQRT.dll
Sun Dec 17 11:50:44 2006 => Scanning File C:\PROGRA~1\ICQ\ICQWCOM.dll
Sun Dec 17 11:50:45 2006 => Scanning File C:\PROGRA~1\ICQ\ICQWUtl.dll
Sun Dec 17 11:50:45 2006 => Scanning File C:\PROGRA~1\ICQ\ICQCUtl.dll
Sun Dec 17 11:50:45 2006 => Scanning File C:\PROGRA~1\ICQ\ICQMUtl.dll
Sun Dec 17 11:50:45 2006 => Scanning File C:\PROGRA~1\ICQ\Xpcs.dll
Sun Dec 17 11:50:45 2006 => Scanning File C:\PROGRA~1\ICQ\Xptl.dll
Sun Dec 17 11:50:45 2006 => Scanning File C:\PROGRA~1\ICQ\ICQProLib.dll
Sun Dec 17 11:50:45 2006 => Scanning File C:\PROGRA~1\ICQ\ICQUIex.dll
Sun Dec 17 11:50:45 2006 => Scanning File C:\WINNT\system32\comdlg32.dll
Sun Dec 17 11:50:46 2006 => Scanning File C:\PROGRA~1\ICQ\ICQSkinUtils.dll
Sun Dec 17 11:50:46 2006 => Scanning File C:\PROGRA~1\ICQ\ICQSmartDLL.dll
Sun Dec 17 11:50:46 2006 => Scanning File C:\PROGRA~1\ICQ\ICQDBClient.dll
Sun Dec 17 11:50:46 2006 => Scanning File C:\PROGRA~1\ICQ\zlib.dll
Sun Dec 17 11:50:46 2006 => Scanning File C:\WINNT\System32\CRTDLL.dll
Sun Dec 17 11:50:46 2006 => Scanning File C:\PROGRA~1\ICQ\ICQSock.dll
Sun Dec 17 11:50:46 2006 => Scanning File C:\PROGRA~1\ICQ\actskin4.ocx
Sun Dec 17 11:50:47 2006 => Scanning File C:\WINNT\System32\RICHED32.DLL
Sun Dec 17 11:50:47 2006 => Scanning File C:\PROGRA~1\ICQ\ICQTIC~1.DLL
Sun Dec 17 11:50:47 2006 => Scanning File C:\PROGRA~1\ICQ\ICQDBS~1.DLL
Sun Dec 17 11:50:47 2006 => Scanning File C:\PROGRA~1\ICQ\C4dll.dll
Sun Dec 17 11:50:47 2006 => Scanning File C:\PROGRA~1\ICQ\ICQTsLib.dll
Sun Dec 17 11:50:47 2006 => Scanning File C:\PROGRA~1\ICQ\ICQFt.dll
Sun Dec 17 11:50:47 2006 => Scanning File C:\PROGRA~1\ICQ\ICQSMS.dll
Sun Dec 17 11:50:48 2006 => Scanning File C:\PROGRA~1\ICQ\ICQSND~1.DLL
Sun Dec 17 11:50:48 2006 => Scanning File C:\PROGRA~1\ICQ\ICQusr.dll
Sun Dec 17 11:50:48 2006 => Scanning File C:\PROGRA~1\ICQ\ICQPhon.dll
Sun Dec 17 11:50:48 2006 => Scanning File C:\PROGRA~1\ICQ\ICQCool.dll
Sun Dec 17 11:50:48 2006 => Scanning File C:\PROGRA~1\ICQ\ICQFTLib.dll
Sun Dec 17 11:50:48 2006 => Scanning File C:\PROGRA~1\ICQ\ICQConLb.dll
Sun Dec 17 11:50:49 2006 => Scanning File C:\PROGRA~1\ICQ\ICQAddUs.dll
Sun Dec 17 11:50:49 2006 => Scanning File C:\PROGRA~1\ICQ\ICQSMSST.dll
Sun Dec 17 11:50:49 2006 => Scanning File C:\PROGRA~1\ICQ\COOLBU~1.DLL
Sun Dec 17 11:50:49 2006 => Scanning File C:\PROGRA~1\ICQ\COOLSO~1.DLL
Sun Dec 17 11:50:49 2006 => Scanning File C:\PROGRA~1\ICQ\CoolBos.dll
Sun Dec 17 11:50:49 2006 => Scanning File C:\PROGRA~1\ICQ\CoolIcq.dll
Sun Dec 17 11:50:49 2006 => Scanning File C:\PROGRA~1\ICQ\ICQStatM.dll
Sun Dec 17 11:50:49 2006 => Scanning File C:\PROGRA~1\ICQ\ICQInfM.dll
Sun Dec 17 11:50:49 2006 => Scanning File C:\PROGRA~1\ICQ\ICQStUn.dll
Sun Dec 17 11:50:50 2006 => Scanning File C:\PROGRA~1\ICQ\CoolHttp.dll
Sun Dec 17 11:50:50 2006 => Scanning File C:\PROGRA~1\ICQ\ICQRndP.dll
Sun Dec 17 11:50:50 2006 => Scanning File C:\WINNT\System32\vbscript.dll
Sun Dec 17 11:50:50 2006 => Scanning File C:\WINNT\System32\Macromed\Flash\Flash9.ocx
Sun Dec 17 11:50:50 2006 => Scanning File C:\WINNT\System32\iepeers.dll
Sun Dec 17 11:50:50 2006 => Scanning File C:\WINNT\System32\Macromed\Common\SwSupport.dll
Sun Dec 17 11:50:50 2006 => Scanning File C:\WINNT\System32\ddrawex.dll
Sun Dec 17 11:50:51 2006 => Scanning File C:\WINNT\System32\DDRAW.dll
Sun Dec 17 11:50:51 2006 => Scanning File C:\WINNT\System32\DCIMAN32.dll
Sun Dec 17 11:50:51 2006 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe
Sun Dec 17 11:50:51 2006 => Scanning File C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
Sun Dec 17 11:50:51 2006 => Scanning File C:\PROGRA~1\ICQTOO~1\toolbaru.dll
Sun Dec 17 11:50:51 2006 => Scanning File C:\WINNT\System32\msxml3.dll
Sun Dec 17 11:50:52 2006 => Scanning File C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\pubmod.dll
Sun Dec 17 11:50:52 2006 => Scanning File C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ypubc.dll
Sun Dec 17 11:50:52 2006 => Scanning File C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YMEREM~1.DLL
Sun Dec 17 11:50:52 2006 => Scanning File C:\WINNT\System32\dxtrans.dll
Sun Dec 17 11:50:52 2006 => Scanning File C:\WINNT\System32\dxtmsft.dll
Sun Dec 17 11:50:52 2006 => Scanning File C:\WINNT\System32\msadp32.acm
Sun Dec 17 11:50:53 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\mexe.com
Sun Dec 17 11:50:54 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\psapi.dll
Sun Dec 17 11:50:54 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\msvl64.dll
Sun Dec 17 11:50:54 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\kave.dll
Sun Dec 17 11:50:54 2006 => Scanning File C:\WINNT\System32\VDMDBG.DLL
Sun Dec 17 11:50:55 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\ScanningProcess.exe
Sun Dec 17 11:50:55 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\prloader.dll
Sun Dec 17 11:50:55 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\prkernel.ppl
Sun Dec 17 11:50:55 2006 => Scanning File c:\docume~1\user\locals~1\temp\avpmgr.ppl
Sun Dec 17 11:50:55 2006 => Scanning File c:\docume~1\user\locals~1\temp\wdiskio.ppl
Sun Dec 17 11:50:55 2006 => Scanning File c:\docume~1\user\locals~1\temp\nfio.ppl
Sun Dec 17 11:50:55 2006 => Scanning File c:\docume~1\user\locals~1\temp\avlib.ppl
Sun Dec 17 11:50:55 2006 => Scanning File c:\docume~1\user\locals~1\temp\dtreg.ppl
Sun Dec 17 11:50:55 2006 => Scanning File c:\docume~1\user\locals~1\temp\prutil.ppl
Sun Dec 17 11:50:55 2006 => Scanning File c:\docume~1\user\locals~1\temp\avp1.ppl
Sun Dec 17 11:50:56 2006 => Scanning File c:\docume~1\user\locals~1\temp\l_llio.ppl
Sun Dec 17 11:50:56 2006 => Scanning File c:\docume~1\user\locals~1\temp\ichstrms.ppl
Sun Dec 17 11:50:56 2006 => Scanning File c:\docume~1\user\locals~1\temp\hashcont.ppl
Sun Dec 17 11:50:56 2006 => Scanning File c:\docume~1\user\locals~1\temp\hccmp.ppl
Sun Dec 17 11:50:56 2006 => Scanning File c:\docume~1\user\locals~1\temp\iwgen.ppl

Sun Dec 17 11:50:56 2006 => ***** Scanning Registry Files *****

Sun Dec 17 11:50:56 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Sun Dec 17 11:50:56 2006 => Scanning File C:\WINNT\system32\NETSHELL.dll
Sun Dec 17 11:50:56 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:50:56 2006 => Scanning File C:\WINNT\system32\stobject.dll

Sun Dec 17 11:50:56 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Sun Dec 17 11:50:56 2006 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Sun Dec 17 11:50:56 2006 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Sun Dec 17 11:50:56 2006 => Scanning File C:\WINNT\System32\msdxm.ocx
Sun Dec 17 11:50:56 2006 => Scanning File C:\PROGRA~1\ICQTOO~1\toolbaru.dll
Sun Dec 17 11:50:57 2006 => Scanning File C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll

Sun Dec 17 11:50:57 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Sun Dec 17 11:50:57 2006 => {02478D38-C3F9-4EFB-9B51-7695ECA05670} = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Sun Dec 17 11:50:57 2006 => Scanning File C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
Sun Dec 17 11:50:57 2006 => {055FD26D-3A88-4e15-963D-DC8493744B1D} = C:\Program Files\ICQToolbar\toolbaru.dll
Sun Dec 17 11:50:57 2006 => Scanning File C:\PROGRA~1\ICQTOO~1\toolbaru.dll
Sun Dec 17 11:50:57 2006 => {53707962-6F74-2D53-2644-206D7942484F} = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Sun Dec 17 11:50:57 2006 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll

Sun Dec 17 11:50:57 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Sun Dec 17 11:50:57 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:50:57 2006 => Scanning File C:\WINNT\System32\browseui.dll

Sun Dec 17 11:50:57 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Sun Dec 17 11:50:57 2006 => Scanning File C:\WINNT\system32\mmsys.cpl
Sun Dec 17 11:50:57 2006 => Scanning File C:\WINNT\system32\icmui.dll
Sun Dec 17 11:50:57 2006 => Scanning File C:\WINNT\system32\rshx32.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\system32\docprop.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\system32\ntshrui.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\system32\plustab.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\system32\deskadp.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\system32\deskmon.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\system32\dssec.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\system32\shscrap.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\system32\diskcopy.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\system32\ntlanui2.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\System32\icmui.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\system32\icmui.dll
Sun Dec 17 11:50:58 2006 => Scanning File C:\WINNT\system32\printui.dll
Sun Dec 17 11:50:59 2006 => Scanning File C:\WINNT\system32\dskquoui.dll
Sun Dec 17 11:50:59 2006 => Scanning File C:\WINNT\system32\syncui.dll
Sun Dec 17 11:50:59 2006 => Scanning File C:\WINNT\System32\hticons.dll
Sun Dec 17 11:50:59 2006 => Scanning File C:\WINNT\system32\fontext.dll
Sun Dec 17 11:50:59 2006 => Scanning File C:\WINNT\system32\icmui.dll
Sun Dec 17 11:50:59 2006 => Scanning File C:\WINNT\system32\rshx32.dll
Sun Dec 17 11:50:59 2006 => Scanning File C:\WINNT\system32\ntshrui.dll
Sun Dec 17 11:50:59 2006 => Scanning File C:\WINNT\system32\deskperf.dll
Sun Dec 17 11:50:59 2006 => Scanning File C:\WINNT\System32\wshext.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\cryptext.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\cryptext.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\NETSHELL.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\System32\mstask.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\System32\mstask.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\System32\mstask.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:00 2006 => Scanning File C:\WINNT\system32\shell32.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:01 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\system32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\sendmail.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\sendmail.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\occache.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:51:02 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\webcheck.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\thumbvw.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\thumbvw.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\thumbvw.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\thumbvw.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\thumbvw.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\appwiz.cpl
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\appwiz.cpl
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\System32\appwiz.cpl
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\system32\dsfolder.dll
Sun Dec 17 11:51:03 2006 => Scanning File C:\WINNT\system32\dsfolder.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\dsquery.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\dsquery.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\dsquery.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\dsuiext.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\dsuiext.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\mydocs.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\mydocs.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\mydocs.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\mydocs.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\cscui.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\cscui.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\cscui.dll
Sun Dec 17 11:51:04 2006 => Scanning File C:\WINNT\system32\mmcshext.dll
Sun Dec 17 11:51:05 2006 => Scanning File C:\WINNT\system32\cabview.dll
Sun Dec 17 11:51:05 2006 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Sun Dec 17 11:51:05 2006 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Sun Dec 17 11:51:05 2006 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Sun Dec 17 11:51:05 2006 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Sun Dec 17 11:51:05 2006 => Scanning File C:\PROGRA~1\ICQ\ICQShExt.dll
Sun Dec 17 11:51:05 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashShell.dll
Sun Dec 17 11:51:05 2006 => Scanning File C:\PROGRA~1\ICQLite\ICQLIT~1.DLL
Sun Dec 17 11:51:05 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:05 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:05 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\System32\browseui.dll
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\System32\shdocvw.dll
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\System32\cdfview.dll
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\System32\cdfview.dll
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\System32\cdfview.dll
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\System32\cdfview.dll
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\System32\cdfview.dll
Sun Dec 17 11:51:06 2006 => Scanning File C:\PROGRA~1\OUTLOO~1\wabfind.dll

Sun Dec 17 11:51:06 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Sun Dec 17 11:51:06 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\Explorer.exe
Sun Dec 17 11:51:06 2006 => Scanning File C:\WINNT\system32\userinit.exe
Sun Dec 17 11:51:07 2006 => Scanning File C:\WINNT\system32\fdeploy.dll
Sun Dec 17 11:51:07 2006 => Scanning File C:\WINNT\system32\dskquota.dll
Sun Dec 17 11:51:07 2006 => Scanning File C:\WINNT\system32\gptext.dll
Sun Dec 17 11:51:07 2006 => Scanning File C:\WINNT\system32\scecli.dll
Sun Dec 17 11:51:07 2006 => Scanning File C:\WINNT\system32\iedkcs32.dll
Sun Dec 17 11:51:07 2006 => Scanning File C:\WINNT\system32\scecli.dll
Sun Dec 17 11:51:07 2006 => Scanning File C:\WINNT\system32\appmgmts.dll
Sun Dec 17 11:51:07 2006 => Scanning File C:\WINNT\system32\gptext.dll
Sun Dec 17 11:51:07 2006 => Scanning File C:\WINNT\system32\crypt32.dll
Sun Dec 17 11:51:08 2006 => Scanning File C:\WINNT\system32\cryptnet.dll
Sun Dec 17 11:51:08 2006 => Scanning File C:\WINNT\system32\cscdll.dll
Sun Dec 17 11:51:08 2006 => Scanning File C:\WINNT\system32\sclgntfy.dll
Sun Dec 17 11:51:08 2006 => Scanning File C:\WINNT\system32\WlNotify.dll

Sun Dec 17 11:51:08 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Sun Dec 17 11:51:08 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Sun Dec 17 11:51:08 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Sun Dec 17 11:51:08 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG
Sun Dec 17 11:51:08 2006 => Scanning File C:\WINNT\system32\drwtsn32.exe

Sun Dec 17 11:51:08 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Sun Dec 17 11:51:08 2006 => Scanning File C:\WINNT\system32\ntsd.exe

Sun Dec 17 11:51:08 2006 => Scanning HKCU\Control Panel\Desktop

Sun Dec 17 11:51:08 2006 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
Sun Dec 17 11:51:08 2006 => Scanning File C:\WINNT\system32\ntvdm.exe
Sun Dec 17 11:51:09 2006 => Scanning File C:\WINNT\system32\ntvdm.exe

Sun Dec 17 11:51:09 2006 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Sun Dec 17 11:51:09 2006 => Scanning File C:\WINNT\inf\unregmp2.exe
Sun Dec 17 11:51:09 2006 => Scanning File C:\WINNT\system32\RunDLL32.exe
Sun Dec 17 11:51:09 2006 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Sun Dec 17 11:51:09 2006 => Scanning File C:\WINNT\system32\rundll32.exe
Sun Dec 17 11:51:09 2006 => Scanning File C:\WINNT\system32\regsvr32.exe
Sun Dec 17 11:51:09 2006 => Scanning File C:\WINNT\system32\rundll32.exe
Sun Dec 17 11:51:09 2006 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Sun Dec 17 11:51:09 2006 => Scanning File C:\WINNT\system32\regsvr32.exe
Sun Dec 17 11:51:09 2006 => Scanning File C:\WINNT\System32\ie4uinit.exe
Sun Dec 17 11:51:10 2006 => Scanning File C:\WINNT\System32\updcrl.exe

Sun Dec 17 11:51:10 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Sun Dec 17 11:51:10 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Sun Dec 17 11:51:10 2006 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run

Sun Dec 17 11:51:10 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run

Sun Dec 17 11:51:10 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sun Dec 17 11:51:10 2006 => Scanning File C:\WINNT\system32\mobsync.exe
Sun Dec 17 11:51:10 2006 => Scanning File C:\WINNT\system32\Atiptaxx.exe
Sun Dec 17 11:51:10 2006 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\Symtray.exe
Sun Dec 17 11:51:10 2006 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Sun Dec 17 11:51:10 2006 => Scanning File C:\PROGRA~1\ICQ\ICQNet.exe

Sun Dec 17 11:51:10 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Sun Dec 17 11:51:10 2006 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\Symtrdr.exe

Sun Dec 17 11:51:11 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Sun Dec 17 11:51:11 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Sun Dec 17 11:51:11 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Sun Dec 17 11:51:11 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sun Dec 17 11:51:11 2006 => Scanning File C:\WINNT\system32\internat.exe

Sun Dec 17 11:51:11 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Sun Dec 17 11:51:11 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Sun Dec 17 11:51:11 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Sun Dec 17 11:51:11 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup

Sun Dec 17 11:51:11 2006 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Sun Dec 17 11:51:11 2006 => Scanning File C:\WINNT\system32\internat.exe

Sun Dec 17 11:51:11 2006 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Sun Dec 17 11:51:11 2006 => Scanning File C:\PROGRA~1\INTERN~1\CONNEC~1\icwconn1.exe

Sun Dec 17 11:51:11 2006 => Scanning HKCR\txtfile\shell\open\command

Sun Dec 17 11:51:11 2006 => Scanning HKCR\comfile\shell\open\command

Sun Dec 17 11:51:11 2006 => Scanning HKCR\exefile\shell\open\command

Sun Dec 17 11:51:11 2006 => Scanning HKCR\dllfile\shell\open\command

Sun Dec 17 11:51:11 2006 => Scanning HKCR\batfile\shell\open\command

Sun Dec 17 11:51:11 2006 => Scanning HKCR\piffile\shell\open\command

Sun Dec 17 11:51:11 2006 => Scanning HKCR\scrfile\shell\open\command

Sun Dec 17 11:51:11 2006 => Scanning HKCR\scrfile\shell\config\command
Sun Dec 17 11:51:11 2006 => Replacing Registry Value

Sun Dec 17 11:51:11 2006 => Scanning HKCR\regfile\shell\open\command

Sun Dec 17 11:51:11 2006 => Scanning HKCR\htmlfile\shell\open\command
Sun Dec 17 11:51:11 2006 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe

Sun Dec 17 11:51:11 2006 => Scanning HKCR\htafile\shell\open\command
Sun Dec 17 11:51:11 2006 => Scanning File C:\WINNT\System32\mshta.exe

Sun Dec 17 11:51:11 2006 => Scanning HKCR\jsfile\shell\open\command
Sun Dec 17 11:51:11 2006 => Scanning File C:\WINNT\System32\WScript.exe

Sun Dec 17 11:51:11 2006 => Scanning HKCR\jsefile\shell\open\command
Sun Dec 17 11:51:11 2006 => Scanning File C:\WINNT\System32\WScript.exe

Sun Dec 17 11:51:11 2006 => Scanning HKCR\vbsfile\shell\open\command
Sun Dec 17 11:51:11 2006 => Scanning File C:\WINNT\System32\WScript.exe

Sun Dec 17 11:51:11 2006 => Scanning HKCR\vbefile\shell\open\command
Sun Dec 17 11:51:11 2006 => Scanning File C:\WINNT\System32\WScript.exe

Sun Dec 17 11:51:11 2006 => Scanning HKCR\wshfile\shell\open\command
Sun Dec 17 11:51:11 2006 => Scanning File C:\WINNT\System32\WScript.exe

Sun Dec 17 11:51:11 2006 => Scanning HKCR\wsffile\shell\open\command
Sun Dec 17 11:51:11 2006 => Scanning File C:\WINNT\System32\WScript.exe

Sun Dec 17 11:51:12 2006 => ***** Scanning StartUp Folders *****

Sun Dec 17 11:51:12 2006 => ***** Scanning C:\Documents and Settings\user\Start Menu\Programs\Startup Folder *****
Sun Dec 17 11:51:12 2006 => Scanning Folder: C:\Documents and Settings\user\Start Menu\Programs\Startup\*.*

Sun Dec 17 11:51:12 2006 => ***** Scanning C:\Documents and Settings\user\Desktop Folder *****
Sun Dec 17 11:51:12 2006 => Scanning Folder: C:\Documents and Settings\user\Desktop\*.*
Sun Dec 17 11:51:12 2006 => Scanning File C:\Documents and Settings\user\Desktop\5 Spots II.lnk
Sun Dec 17 11:51:12 2006 => Scanning File C:\Documents and Settings\user\Desktop\ACDSee.lnk
Sun Dec 17 11:51:12 2006 => Scanning File C:\Documents and Settings\user\Desktop\Age of Empires II.lnk
Sun Dec 17 11:51:12 2006 => Scanning File C:\Documents and Settings\user\Desktop\ALLPlayer V2.X.lnk
Sun Dec 17 11:51:12 2006 => Scanning File C:\Documents and Settings\user\Desktop\Bubbles Deluxe.lnk
Sun Dec 17 11:51:12 2006 => Scanning File C:\Documents and Settings\user\Desktop\CCleaner.lnk
Sun Dec 17 11:51:12 2006 => Scanning File C:\Documents and Settings\user\Desktop\CDex1.50b8pl.lnk
Sun Dec 17 11:51:12 2006 => Scanning Folder: C:\Documents and Settings\user\Desktop\hijackthis\*.*
Sun Dec 17 11:51:12 2006 => Scanning Folder: C:\Documents and Settings\user\Desktop\hijackthis\backups\*.*
Sun Dec 17 11:51:12 2006 => Scanning File C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20061217-105620-386
Sun Dec 17 11:51:12 2006 => Scanning File C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20061217-105620-832
Sun Dec 17 11:51:12 2006 => Scanning File C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20061217-114000-298
Sun Dec 17 11:51:12 2006 => Scanning File C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20061217-114000-298-MSWin--21737366.exe
Sun Dec 17 11:51:22 2006 => File C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20061217-114000-298-MSWin--21737366.exe infected by "Trojan-Downloader.Win32.Small.dyr" Virus! Action Taken: No Action Taken.

Sun Dec 17 11:51:22 2006 => Scanning File C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20061217-114835-614
Sun Dec 17 11:51:22 2006 => Scanning File C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20061217-114835-614.dll
Sun Dec 17 11:51:22 2006 => Scanning File C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20061217-114835-614.inf
Sun Dec 17 11:51:22 2006 => Scanning File C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe
Sun Dec 17 11:51:23 2006 => Scanning File C:\Documents and Settings\user\Desktop\hijackthis\hijackthis.log
Sun Dec 17 11:51:23 2006 => Scanning Folder: C:\Documents and Settings\user\Desktop\HYLBG2K1\*.*
Sun Dec 17 11:51:23 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\BOARD.GID
Sun Dec 17 11:51:23 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\BOARD.HLP
Sun Dec 17 11:51:23 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\board.INI
Sun Dec 17 11:51:23 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Bonus.prf
Sun Dec 17 11:51:24 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\class.exe
Sun Dec 17 11:51:24 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\CLASS.NFO
Sun Dec 17 11:51:24 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\fonts.prf
Sun Dec 17 11:51:24 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\galaxyn.ttf
Sun Dec 17 11:51:24 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\habits.prf
Sun Dec 17 11:51:24 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Hoyle Board Games 4.prf
Sun Dec 17 11:51:24 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Hoyle Board Games.exe
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Hoyle Web Site.URL
Sun Dec 17 11:51:25 2006 => Scanning Folder: C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\*.*
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl0.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl1.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl10.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl11.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl12.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl13.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl14.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl15.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl16.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl17.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl18.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl19.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl2.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl20.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl21.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl22.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl23.grd
Sun Dec 17 11:51:25 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl24.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl25.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl26.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl27.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl28.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl29.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl3.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl30.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl31.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl32.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl33.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl34.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl35.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl36.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl37.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl38.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl39.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl4.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl40.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl41.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl42.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl43.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl44.grd
Sun Dec 17 11:51:26 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl45.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl46.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl47.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl48.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl49.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl5.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl50.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl51.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl52.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl53.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl54.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl55.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl56.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl57.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl58.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl59.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl6.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl60.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl61.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl7.grd
Sun Dec 17 11:51:27 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl8.grd
Sun Dec 17 11:51:28 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Mahjong Layouts\mjl9.grd
Sun Dec 17 11:51:28 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\placer.ini
Sun Dec 17 11:51:28 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Play Hoyle Games Online.URL
Sun Dec 17 11:51:28 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Readme.txt
Sun Dec 17 11:51:28 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Sierra Web Site.URL
Sun Dec 17 11:51:28 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\Sierra.inf
Sun Dec 17 11:51:28 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG2K1\SOS9503.DLL
Sun Dec 17 11:51:28 2006 => Scanning File C:\Documents and Settings\user\Desktop\HYLBG

[evuleban]

Omlouvam se spletla jsem to,na naprave se pracuje.

[evuleban]

Sun Dec 17 12:15:07 2006 => Scanning File C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20061217-114000-298-MSWin--21737366.exe
Sun Dec 17 12:15:07 2006 => File C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20061217-114000-298-MSWin--21737366.exe infected by "Trojan-Downloader.Win32.Small.dyr" Virus! Action Taken: No Action Taken.


Sun Dec 17 12:18:13 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\virusburster !!!
Sun Dec 17 12:18:13 2006 => Object "virusburst Trojan" found in File System! Action Taken: No Action Taken.

Sun Dec 17 12:18:13 2006 => Offending Key found: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ruins !!!
Sun Dec 17 12:18:13 2006 => Object "Wareout adware" found in File System! Action Taken: No Action Taken.

Sun Dec 17 12:18:13 2006 => Poisoned DNS Server Entry 85.255.112.116 (85.255.112.*) found!!!
Sun Dec 17 12:18:13 2006 => Object "UnSpyPC adware" found in File System! Action Taken: No Action Taken.

Sun Dec 17 12:18:32 2006 => Offending file found: C:\Documents and Settings\All Users\Start Menu\programs\norton systemworks\norton utilities\norton disk doctor.lnk
Sun Dec 17 12:18:32 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.

Sun Dec 17 12:18:33 2006 => Offending file found: C:\Documents and Settings\All Users\Start Menu\Programs\norton systemworks\norton utilities\norton disk doctor.lnk
Sun Dec 17 12:18:33 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.


Sun Dec 17 12:21:43 2006 => Scanning File C:\WINNT\System32\{1B1A986E-0BA7-4360-8CA4-2D5A43060593}.exe
Sun Dec 17 12:21:43 2006 => File C:\WINNT\System32\{1B1A986E-0BA7-4360-8CA4-2D5A43060593}.exe infected by "Trojan-Downloader.Win32.Agent.uj" Virus! Action Taken: No Action Taken.


Sun Dec 17 12:21:58 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\Chii.exe
Sun Dec 17 12:21:58 2006 => File C:\DOCUME~1\user\LOCALS~1\Temp\Chii.exe infected by "Trojan.Win32.Agent.aaw" Virus! Action Taken: No Action Taken.


Sun Dec 17 12:22:07 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\installer.exe
Sun Dec 17 12:22:07 2006 => File C:\DOCUME~1\user\LOCALS~1\Temp\installer.exe infected by "Trojan-Dropper.Win32.Delf.rc" Virus! Action Taken: No Action Taken.


Sun Dec 17 12:22:34 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\8HKTQ56X\aawsepersonal[1].exe
Sun Dec 17 12:22:46 2006 => Result: ERROR!!! File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\8HKTQ56X\aawsepersonal[1].exe: Scanning Failure!!!
Sun Dec 17 12:22:46 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\8HKTQ56X\aawsepersonal[1].exe


Sun Dec 17 12:23:34 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\GZCPOVO5\Chii[1].exe
Sun Dec 17 12:23:36 2006 => File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\GZCPOVO5\Chii[1].exe infected by "Trojan.Win32.Agent.aaw" Virus! Action Taken: No Action Taken.


Sun Dec 17 12:26:35 2006 => Result: ERROR!!! File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\KP2FGLMJ\hijackthis_199[1].zip is Not Scanned
Sun Dec 17 12:26:35 2006 => C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\KP2FGLMJ\hijackthis_199[1].zip not Scanned. Possibly password protected...


Sun Dec 17 12:26:37 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\KP2FGLMJ\installer[1].exe
Sun Dec 17 12:26:38 2006 => File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\KP2FGLMJ\installer[1].exe infected by "Trojan-Dropper.Win32.Delf.rc" Virus! Action Taken: No Action Taken.

Doufam ze jsem to udelala nyni dobre.Diky

[fredik]

Tak ještě fixni v HJT tuto položku pokud si ji už nefixnula předtím:
O4 - Startup: MSWin--21737366.exe

Stáhni si CCleaner a pročisti Pc (Čistič a Problémy)

Najdi a smaž tučne označený soubory.
C:\WINNT\System32\{1B1A986E-0BA7-4360-8CA4-2D5A43060593}.exe
C:\Documents and Settings\user\Desktop\hijackthis\backups\backup-20061217-114000-298-MSWin--21737366.exe

Pak klikni na Start - > Spustit ... a do okna co se ti otevře napiš regedit a dej Ok. Otevře se ti okno registrů a v něm vymaž červeně označené položky.
HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\virusburster

ještě je tam zmíněný wareout tak zkus:
Stáhni si Fixwareout.
Restartuj do nouzáku a spusť Fixwareout, klikni na Next, potom na Install, zvolíš možnost Run fixit a klikni na Finish.
▪ Začne čistící proces a ty postupuj dle instrukcí.
▪ V případě odolnějších variant je vyžadován restart počítače, takže restartuj.
▪ Počítač může trochu déle nabíhat, po vstupu do Windows by mělo vyběhnout okno s logem z Fixwareoutu, tento log vloží zde do fóra a zároveň vlož nový log z HJT. Jestliže se výpis neobjeví, najdeš jej v C:\fixwareout\report.txt

ještě si nevložila tu záverečnou tabulku jak byla zmíněná v návodu.

[evuleban]

Udelal jsem to,ale neco tam jeste je.

Tady je novy log z Mwavu.

Sun Dec 17 16:10:46 2006 => Offending Key found: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ruins !!!
Sun Dec 17 16:10:53 2006 => Object "Wareout adware" found in File System! Action Taken: No Action Taken.

Sun Dec 17 16:10:53 2006 => Poisoned DNS Server Entry 85.255.112.116 (85.255.112.*) found!!!
Sun Dec 17 16:10:53 2006 => Object "UnSpyPC adware" found in File System! Action Taken: No Action Taken.

Sun Dec 17 16:11:16 2006 => Offending file found: C:\Documents and Settings\All Users\Start Menu\programs\norton systemworks\norton utilities\norton disk doctor.lnk
Sun Dec 17 16:11:16 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.

Sun Dec 17 16:11:17 2006 => Offending file found: C:\Documents and Settings\All Users\Start Menu\Programs\norton systemworks\norton utilities\norton disk doctor.lnk
Sun Dec 17 16:11:17 2006 => System found infected with powerreg scheduler Spyware/Adware (norton disk doctor.lnk)! Action taken: No Action Taken.

Sun Dec 17 16:11:27 2006 => Checking CLSID Reference Entries...
Sun Dec 17 16:11:31 2006 => Checking Module Usage Entries...
Sun Dec 17 16:11:31 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINNT\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.

Sun Dec 17 16:11:31 2006 => Checking User Trusted External App Entries...
Sun Dec 17 16:11:32 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""E:\data\cdw32.exe"". Action Taken: No Action Taken.

Sun Dec 17 16:11:32 2006 => Checking Shared DLL Entries...
Sun Dec 17 16:11:34 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.

Sun Dec 17 16:14:48 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\Chii.exe
Sun Dec 17 16:14:48 2006 => File C:\DOCUME~1\user\LOCALS~1\Temp\Chii.exe infected by "Trojan.Win32.Agent.aaw" Virus! Action Taken: No Action Taken.

Sun Dec 17 16:14:57 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\Temp\installer.exe
Sun Dec 17 16:14:57 2006 => File C:\DOCUME~1\user\LOCALS~1\Temp\installer.exe infected by "Trojan-Dropper.Win32.Delf.rc" Virus! Action Taken: No Action Taken.

Sun Dec 17 16:15:32 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\8HKTQ56X\aawsepersonal[1].exe
Sun Dec 17 16:15:43 2006 => Result: ERROR!!! File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\8HKTQ56X\aawsepersonal[1].exe: Scanning Failure!!!
Sun Dec 17 16:15:43 2006 => ERROR!!! ScanFile fails for C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\8HKTQ56X\aawsepersonal[1].exe

Sun Dec 17 16:16:11 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\8HKTQ56X\RicochetLostWorldsSetup[1].exe
Sun Dec 17 16:16:12 2006 => Result: ERROR!!! File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\8HKTQ56X\RicochetLostWorldsSetup[1].exe is Not Scanned
Sun Dec 17 16:16:12 2006 => C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\8HKTQ56X\RicochetLostWorldsSetup[1].exe not Scanned. Possibly password protected...

Sun Dec 17 16:16:32 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\GZCPOVO5\Chii[1].exe
Sun Dec 17 16:16:32 2006 => File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\GZCPOVO5\Chii[1].exe infected by "Trojan.Win32.Agent.aaw" Virus! Action Taken: No Action Taken.

Sun Dec 17 16:18:10 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\KP2FGLMJ\hijackthis_199[1].zip
Sun Dec 17 16:18:11 2006 => Result: ERROR!!! File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\KP2FGLMJ\hijackthis_199[1].zip is Not Scanned
Sun Dec 17 16:18:11 2006 => C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\KP2FGLMJ\hijackthis_199[1].zip not Scanned. Possibly password protected...

Sun Dec 17 16:18:14 2006 => Scanning File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\KP2FGLMJ\installer[1].exe
Sun Dec 17 16:18:15 2006 => File C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\KP2FGLMJ\installer[1].exe infected by "Trojan-Dropper.Win32.Delf.rc" Virus! Action Taken: No Action Taken.

Sun Dec 17 16:19:06 2006 => ***** Scanning complete. *****

Sun Dec 17 16:19:06 2006 => Total Objects Scanned: 22547
Sun Dec 17 16:19:06 2006 => Total Critical Objects: 8
Sun Dec 17 16:19:06 2006 => Total Disinfected Objects: 0
Sun Dec 17 16:19:06 2006 => Total Objects Renamed: 0
Sun Dec 17 16:19:06 2006 => Total Deleted Objects: 0
Sun Dec 17 16:19:06 2006 => Total Errors: 7
Sun Dec 17 16:19:06 2006 => Time Elapsed: 00:12:17
Sun Dec 17 16:19:06 2006 => Virus Database Date: 12/17/2006
Sun Dec 17 16:19:06 2006 => Virus Database Count: 251460

Sun Dec 17 16:19:06 2006 => Scan Completed.

Toto mi vyjel Fixwareout
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm kd and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
...
Postrun check
[HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="csbzg.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dmvoo.exe"="C:\\WINNT\\System32\\dmvoo.exe"

...

A jeste hijack

Logfile of HijackThis v1.99.1
Scan saved at 16:44:16, on 17/12/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINNT\System32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\System32\Atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\System32\internat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\Yahoo!\Common\unyt.exe
C:\Program Files\Yahoo!\Common\unyt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3018453643
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe

[sakiri]

Uděláme to takto.

Stáhni si Avenger a spusť ho pod účtem administrátora.

Zvol možnost:
Input script manually a klikni na ikonku lupy vyskočí ti prázdne okno kam zkopíruj ten tučně označený text:
Files to delete:
"C:\Documents and Settings\All Users\Start Menu\programs\norton systemworks\norton utilities\norton disk doctor.lnk"
"C:\DOCUME~1\user\LOCALS~1\Temp\Chii.exe"
"C:\DOCUME~1\user\LOCALS~1\Temp\installer.exe"
"C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\GZCPOVO5\Chii[1].exe"
"C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\Content.IE5\KP2FGLMJ\installer[1].exe"

Registry keys to delete:
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ruins"

A klini na Done.
Pak klikni na ikonku semafory.
Vyskočí ti hláška kde odklikni Yes poté další kde taky odklikni Yes.
PC se restartuje po restartu by ti měl vyskočit výpis avengeru tak ho sem zkopíruj.

Poté nech tyhle soubory zkontrolovat na Virustotallu:
C:\WINNT\System32\dmvoo.exe
csbzg.exe - tenhle soubor budeš muset najít.
Pro lepší nalezení si zapni zobrazovat skryté a systémové soubory.
Poté sem zkopíruj výsledky.

Poté znovu proscanuj PC MWAVem a dej sem upravený log.