Mám problém se samovolným otevíráním IE. Firefox tohle nedělá. Prosím o kontrolu následujícího logu:
Logfile of HijackThis v1.99.1
Scan saved at 21:44:32, on 20.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CPU Status\CPUStatus.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Dokumenty\wincmd\Wincmd32.exe
C:\temp\utility\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.programy-tv.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.111.2:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: CPU Status.lnk = C:\Program Files\CPU Status\CPUStatus.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7759897-7969-450D-B566-5BC3D4E305B7}: NameServer = 213.195.103.230,81.30.225.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCFA0074-C05C-49F3-B257-364CF67CC8FE}: NameServer = 81.30.225.2,81.30.225.6
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Prosím o kontrolu logu
Prosím o kontrolu logu
Ramon
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
V HJT logu nemáš nic špatného, akorát si zkontroluj IP adresy tvoje a tvého poskytovatele.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.111.2:3128
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7759897-7969-450D-B566-5BC3D4E305B7}: NameServer = 213.195.103.230,81.30.225.6
Pokud jsou v pořádku, udělej log z MWAVu a upravený podle návodu v mém podpisu dej sem.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.111.2:3128
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7759897-7969-450D-B566-5BC3D4E305B7}: NameServer = 213.195.103.230,81.30.225.6
Pokud jsou v pořádku, udělej log z MWAVu a upravený podle návodu v mém podpisu dej sem.
IP adresy sedí, tady je výcuc z MWAVu:
Fri Oct 20 23:26:47 2006 => ***** Scanning Registry Files *****
Fri Oct 20 23:26:47 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Fri Oct 20 23:26:47 2006 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8259 kb > 3072 kb...
Fri Oct 20 23:26:47 2006 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Fri Oct 20 23:26:47 2006 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8259 kb > 3072 kb...
Fri Oct 20 23:26:54 2006 => Scanning File C:\PROGRA~1\MESSEN~1\msmsgs.exe
Fri Oct 20 23:26:54 2006 => *** File C:\PROGRA~1\Skype\Phone\Skype.exe having Size Restriction ***. Filesize 18142 kb > 3072 kb...
Fri Oct 20 23:26:54 2006 => Scanning File C:\PROGRA~1\Skype\Phone\Skype.exe [**]
Fri Oct 20 23:26:54 2006 => ERROR!!! Invalid Entry swg = C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Fri Oct 20 23:26:54 2006 => *** File C:\PROGRA~1\PSPADE~1\PSPad.exe having Size Restriction ***. Filesize 3848 kb > 3072 kb...
Fri Oct 20 23:26:54 2006 => Scanning File C:\PROGRA~1\PSPADE~1\PSPad.exe [**]
Fri Oct 20 23:27:03 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Oct 20 23:27:03 2006 => ERROR!!! Invalid Entry system32\DRIVERS\WLC811G.sys in SYSTEM\CurrentControlSet\Services\WLC811GPCI...
Fri Oct 20 23:27:03 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Oct 20 23:27:06 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\instant access !!!
Fri Oct 20 23:27:12 2006 => Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:12 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusearch !!!
Fri Oct 20 23:27:12 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:13 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\instant access !!!
Fri Oct 20 23:27:13 2006 => Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:13 2006 => Offending Key found: HKLM\Software\microsoft\downloadmanager !!!
Fri Oct 20 23:27:13 2006 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:13 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenu !!!
Fri Oct 20 23:27:13 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:13 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch !!!
Fri Oct 20 23:27:13 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:56 2006 => Offending file found: C:\Documents and Settings\All Users\Dokumenty\wincmd\unace.dll
Fri Oct 20 23:27:56 2006 => System found infected with zipitpro Spyware/Adware (unace.dll)! Action taken: No Action Taken.
Fri Oct 20 23:27:58 2006 => Checking CLSID Reference Entries...
Fri Oct 20 23:27:59 2006 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Fri Oct 20 23:27:59 2006 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Fri Oct 20 23:28:00 2006 => Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.
Fri Oct 20 23:28:00 2006 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Fri Oct 20 23:28:00 2006 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Fri Oct 20 23:28:00 2006 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Fri Oct 20 23:28:01 2006 => Entry "HKCR\MyWebSearch.PseudoTransparentPlugin" refers to invalid object "{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}". Action Taken: No Action Taken.
Fri Oct 20 23:28:01 2006 => Entry "HKCR\MyWebSearch.PseudoTransparentPlugin.1" refers to invalid object "{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}". Action Taken: No Action Taken.
Fri Oct 20 23:28:01 2006 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Fri Oct 20 23:28:01 2006 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Fri Oct 20 23:28:03 2006 => Checking Module Usage Entries...
Fri Oct 20 23:28:03 2006 => Checking User Trusted External App Entries...
Fri Oct 20 23:28:03 2006 => Checking Shared DLL Entries...
Fri Oct 20 23:28:03 2006 => Checking Installer Entries...
Fri Oct 20 23:28:04 2006 => Checking Shared Tools Entries...
Fri Oct 20 23:28:04 2006 => Checking File Extension Entries...
Fri Oct 20 23:28:04 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dwf". Action Taken: No Action Taken.
Fri Oct 20 23:28:04 2006 => Checking Application Cache Entries...
Fri Oct 20 23:28:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ICQ". Action Taken: No Action Taken.
Fri Oct 20 23:28:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyWebSearch bar Uninstall". Action Taken: No Action Taken.
Fri Oct 20 23:28:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WhenUSearch". Action Taken: No Action Taken.
Fri Oct 20 23:28:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{536F7C74-844B-4683-B0C5-EA39E19A6FE3}". Action Taken: No Action Taken.
Fri Oct 20 23:29:02 2006 => *** File C:\WINDOWS\system32\MRT.exe having Size Restriction ***. Filesize 9413 kb > 3072 kb...
Fri Oct 20 23:29:02 2006 => Scanning File C:\WINDOWS\system32\MRT.exe [**]
Fri Oct 20 23:29:20 2006 => *** File C:\WINDOWS\system32\oembios.bin having Size Restriction ***. Filesize 12800 kb > 3072 kb...
Fri Oct 20 23:29:20 2006 => Scanning File C:\WINDOWS\system32\oembios.bin [**]
Fri Oct 20 23:29:25 2006 => File C:\WINDOWS\system32\procia.exe tagged as "not-a-virus:Porn-Dialer.Win32.EgroupDial.z". Action Taken: No Action Taken.
Fri Oct 20 23:29:26 2006 => *** File C:\WINDOWS\system32\qt-dx331.dll having Size Restriction ***. Filesize 3512 kb > 3072 kb...
Fri Oct 20 23:29:29 2006 => *** File C:\WINDOWS\system32\rose_wyatt.scr having Size Restriction ***. Filesize 6867 kb > 3072 kb...
Fri Oct 20 23:29:35 2006 => *** File C:\WINDOWS\system32\shell32.dll having Size Restriction ***. Filesize 8259 kb > 3072 kb...
Fri Oct 20 23:29:54 2006 => *** File C:\WINDOWS\system32\wmp.dll having Size Restriction ***. Filesize 5404 kb > 3072 kb...
Fri Oct 20 23:29:54 2006 => *** File C:\WINDOWS\system32\wmploc.dll having Size Restriction ***. Filesize 3312 kb > 3072 kb...
Fri Oct 20 23:30:01 2006 => Scanning C:\DOCUME~1\vit\LOCALS~1\Temp Directory
Fri Oct 20 23:33:46 2006 => File C:\DOCUME~1\vit\LOCALS~1\TEMPOR~1\Content.IE5\SXM74HUN\index[3].htm infected by "Trojan-Clicker.HTML.IFrame.g" Virus! Action Taken: No Action Taken.
Fri Oct 20 23:34:42 2006 => ***** Checking for specific ITW Viruses *****
Fri Oct 20 23:34:42 2006 => Checking for Welchia Virus...
Fri Oct 20 23:34:42 2006 => Checking for LovGate Virus...
Fri Oct 20 23:34:42 2006 => Checking for CodeRed Virus...
Fri Oct 20 23:34:42 2006 => Checking for OpaServ Virus...
Fri Oct 20 23:34:42 2006 => Checking for Sobig.e Virus...
Fri Oct 20 23:34:42 2006 => Checking for Winupie Virus...
Fri Oct 20 23:34:42 2006 => Checking for Swen Virus...
Fri Oct 20 23:34:42 2006 => Checking for JS.Fortnight Virus...
Fri Oct 20 23:34:42 2006 => Checking for Novarg Virus...
Fri Oct 20 23:34:42 2006 => Checking for Pagabot Virus...
Fri Oct 20 23:34:42 2006 => Checking for Parite.b Virus...
Fri Oct 20 23:34:42 2006 => Checking for Parite.a Virus...
Fri Oct 20 23:34:42 2006 => Checking for Adware.SeekSeek Virus...
Fri Oct 20 23:34:42 2006 => ***** Scanning complete. *****
Fri Oct 20 23:34:42 2006 => Total Objects Scanned: 28687
Fri Oct 20 23:34:42 2006 => Total Critical Objects: 9
Fri Oct 20 23:34:42 2006 => Total Disinfected Objects: 0
Fri Oct 20 23:34:42 2006 => Total Objects Renamed: 0
Fri Oct 20 23:34:42 2006 => Total Deleted Objects: 0
Fri Oct 20 23:34:42 2006 => Total Errors: 24
Fri Oct 20 23:34:42 2006 => Time Elapsed: 00:08:32
Fri Oct 20 23:34:42 2006 => Virus Database Date: 10/20/2006
Fri Oct 20 23:34:42 2006 => Virus Database Count: 233488
Fri Oct 20 23:34:42 2006 => Scan Completed.
Fri Oct 20 23:26:47 2006 => ***** Scanning Registry Files *****
Fri Oct 20 23:26:47 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Fri Oct 20 23:26:47 2006 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8259 kb > 3072 kb...
Fri Oct 20 23:26:47 2006 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Fri Oct 20 23:26:47 2006 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8259 kb > 3072 kb...
Fri Oct 20 23:26:54 2006 => Scanning File C:\PROGRA~1\MESSEN~1\msmsgs.exe
Fri Oct 20 23:26:54 2006 => *** File C:\PROGRA~1\Skype\Phone\Skype.exe having Size Restriction ***. Filesize 18142 kb > 3072 kb...
Fri Oct 20 23:26:54 2006 => Scanning File C:\PROGRA~1\Skype\Phone\Skype.exe [**]
Fri Oct 20 23:26:54 2006 => ERROR!!! Invalid Entry swg = C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Fri Oct 20 23:26:54 2006 => *** File C:\PROGRA~1\PSPADE~1\PSPad.exe having Size Restriction ***. Filesize 3848 kb > 3072 kb...
Fri Oct 20 23:26:54 2006 => Scanning File C:\PROGRA~1\PSPADE~1\PSPad.exe [**]
Fri Oct 20 23:27:03 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Oct 20 23:27:03 2006 => ERROR!!! Invalid Entry system32\DRIVERS\WLC811G.sys in SYSTEM\CurrentControlSet\Services\WLC811GPCI...
Fri Oct 20 23:27:03 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri Oct 20 23:27:06 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\instant access !!!
Fri Oct 20 23:27:12 2006 => Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:12 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusearch !!!
Fri Oct 20 23:27:12 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:13 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\instant access !!!
Fri Oct 20 23:27:13 2006 => Object "egroup Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:13 2006 => Offending Key found: HKLM\Software\microsoft\downloadmanager !!!
Fri Oct 20 23:27:13 2006 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:13 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenu !!!
Fri Oct 20 23:27:13 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:13 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch !!!
Fri Oct 20 23:27:13 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Oct 20 23:27:56 2006 => Offending file found: C:\Documents and Settings\All Users\Dokumenty\wincmd\unace.dll
Fri Oct 20 23:27:56 2006 => System found infected with zipitpro Spyware/Adware (unace.dll)! Action taken: No Action Taken.
Fri Oct 20 23:27:58 2006 => Checking CLSID Reference Entries...
Fri Oct 20 23:27:59 2006 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Fri Oct 20 23:27:59 2006 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Fri Oct 20 23:28:00 2006 => Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.
Fri Oct 20 23:28:00 2006 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Fri Oct 20 23:28:00 2006 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Fri Oct 20 23:28:00 2006 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Fri Oct 20 23:28:01 2006 => Entry "HKCR\MyWebSearch.PseudoTransparentPlugin" refers to invalid object "{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}". Action Taken: No Action Taken.
Fri Oct 20 23:28:01 2006 => Entry "HKCR\MyWebSearch.PseudoTransparentPlugin.1" refers to invalid object "{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9}". Action Taken: No Action Taken.
Fri Oct 20 23:28:01 2006 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Fri Oct 20 23:28:01 2006 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Fri Oct 20 23:28:02 2006 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Fri Oct 20 23:28:03 2006 => Checking Module Usage Entries...
Fri Oct 20 23:28:03 2006 => Checking User Trusted External App Entries...
Fri Oct 20 23:28:03 2006 => Checking Shared DLL Entries...
Fri Oct 20 23:28:03 2006 => Checking Installer Entries...
Fri Oct 20 23:28:04 2006 => Checking Shared Tools Entries...
Fri Oct 20 23:28:04 2006 => Checking File Extension Entries...
Fri Oct 20 23:28:04 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dwf". Action Taken: No Action Taken.
Fri Oct 20 23:28:04 2006 => Checking Application Cache Entries...
Fri Oct 20 23:28:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ICQ". Action Taken: No Action Taken.
Fri Oct 20 23:28:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MyWebSearch bar Uninstall". Action Taken: No Action Taken.
Fri Oct 20 23:28:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WhenUSearch". Action Taken: No Action Taken.
Fri Oct 20 23:28:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{536F7C74-844B-4683-B0C5-EA39E19A6FE3}". Action Taken: No Action Taken.
Fri Oct 20 23:29:02 2006 => *** File C:\WINDOWS\system32\MRT.exe having Size Restriction ***. Filesize 9413 kb > 3072 kb...
Fri Oct 20 23:29:02 2006 => Scanning File C:\WINDOWS\system32\MRT.exe [**]
Fri Oct 20 23:29:20 2006 => *** File C:\WINDOWS\system32\oembios.bin having Size Restriction ***. Filesize 12800 kb > 3072 kb...
Fri Oct 20 23:29:20 2006 => Scanning File C:\WINDOWS\system32\oembios.bin [**]
Fri Oct 20 23:29:25 2006 => File C:\WINDOWS\system32\procia.exe tagged as "not-a-virus:Porn-Dialer.Win32.EgroupDial.z". Action Taken: No Action Taken.
Fri Oct 20 23:29:26 2006 => *** File C:\WINDOWS\system32\qt-dx331.dll having Size Restriction ***. Filesize 3512 kb > 3072 kb...
Fri Oct 20 23:29:29 2006 => *** File C:\WINDOWS\system32\rose_wyatt.scr having Size Restriction ***. Filesize 6867 kb > 3072 kb...
Fri Oct 20 23:29:35 2006 => *** File C:\WINDOWS\system32\shell32.dll having Size Restriction ***. Filesize 8259 kb > 3072 kb...
Fri Oct 20 23:29:54 2006 => *** File C:\WINDOWS\system32\wmp.dll having Size Restriction ***. Filesize 5404 kb > 3072 kb...
Fri Oct 20 23:29:54 2006 => *** File C:\WINDOWS\system32\wmploc.dll having Size Restriction ***. Filesize 3312 kb > 3072 kb...
Fri Oct 20 23:30:01 2006 => Scanning C:\DOCUME~1\vit\LOCALS~1\Temp Directory
Fri Oct 20 23:33:46 2006 => File C:\DOCUME~1\vit\LOCALS~1\TEMPOR~1\Content.IE5\SXM74HUN\index[3].htm infected by "Trojan-Clicker.HTML.IFrame.g" Virus! Action Taken: No Action Taken.
Fri Oct 20 23:34:42 2006 => ***** Checking for specific ITW Viruses *****
Fri Oct 20 23:34:42 2006 => Checking for Welchia Virus...
Fri Oct 20 23:34:42 2006 => Checking for LovGate Virus...
Fri Oct 20 23:34:42 2006 => Checking for CodeRed Virus...
Fri Oct 20 23:34:42 2006 => Checking for OpaServ Virus...
Fri Oct 20 23:34:42 2006 => Checking for Sobig.e Virus...
Fri Oct 20 23:34:42 2006 => Checking for Winupie Virus...
Fri Oct 20 23:34:42 2006 => Checking for Swen Virus...
Fri Oct 20 23:34:42 2006 => Checking for JS.Fortnight Virus...
Fri Oct 20 23:34:42 2006 => Checking for Novarg Virus...
Fri Oct 20 23:34:42 2006 => Checking for Pagabot Virus...
Fri Oct 20 23:34:42 2006 => Checking for Parite.b Virus...
Fri Oct 20 23:34:42 2006 => Checking for Parite.a Virus...
Fri Oct 20 23:34:42 2006 => Checking for Adware.SeekSeek Virus...
Fri Oct 20 23:34:42 2006 => ***** Scanning complete. *****
Fri Oct 20 23:34:42 2006 => Total Objects Scanned: 28687
Fri Oct 20 23:34:42 2006 => Total Critical Objects: 9
Fri Oct 20 23:34:42 2006 => Total Disinfected Objects: 0
Fri Oct 20 23:34:42 2006 => Total Objects Renamed: 0
Fri Oct 20 23:34:42 2006 => Total Deleted Objects: 0
Fri Oct 20 23:34:42 2006 => Total Errors: 24
Fri Oct 20 23:34:42 2006 => Time Elapsed: 00:08:32
Fri Oct 20 23:34:42 2006 => Virus Database Date: 10/20/2006
Fri Oct 20 23:34:42 2006 => Virus Database Count: 233488
Fri Oct 20 23:34:42 2006 => Scan Completed.
Ramon
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Dej: Nabídka Start>>Spustit- do okénka napiš regedit a zmáčkni Entern nebo OK. V editoru registrů vyhledej tyto klíče a v nich v pravém okně tyto červené hodnoty:
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\instant access
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusearch
HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\instant access
HKLM\Software\microsoft\downloadmanager
HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenu
HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch
A vymaž tyto soubory z disku:
C:\Documents and Settings\All Users\Dokumenty\wincmd\unace.dll
C:\WINDOWS\system32\procia.exe tagged as "not-a-virus:Porn-Dialer.Win32.EgroupDial.z
C:\DOCUME~1\vit\LOCALS~1\TEMPOR~1\Content.IE5\SXM74HUN\index[3].htm infected by "Trojan-Clicker.HTML.IFrame.g
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\instant access
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusearch
HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\instant access
HKLM\Software\microsoft\downloadmanager
HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenu
HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch
A vymaž tyto soubory z disku:
C:\Documents and Settings\All Users\Dokumenty\wincmd\unace.dll
C:\WINDOWS\system32\procia.exe tagged as "not-a-virus:Porn-Dialer.Win32.EgroupDial.z
C:\DOCUME~1\vit\LOCALS~1\TEMPOR~1\Content.IE5\SXM74HUN\index[3].htm infected by "Trojan-Clicker.HTML.IFrame.g
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Instant Access]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,10,07,00,00,00,00,00,60,3a,ce,\
8b,4d,b6,c6,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,49,00,6e,00,73,00,74,\
00,61,00,6e,00,74,00,20,00,41,00,63,00,63,00,65,00,73,00,73,00,5c,00,4d,00,\
75,00,6c,00,74,00,69,00,5c,00,32,00,30,00,30,00,36,00,30,00,38,00,30,00,32,\
00,31,00,38,00,30,00,38,00,33,00,36,00,5c,00,69,00,6e,00,73,00,74,00,61,00,\
6e,00,74,00,20,00,61,00,63,00,63,00,65,00,73,00,73,00,2e,00,65,00,78,00,65,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSearch]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,00,e0,02,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access]
"DisplayName"="Instant Access"
"UninstallString"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE http://scripts.downloadv3.com/cleaner/D ... nstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WhenU]
"Order"=hex:08,00,00,00,02,00,00,00,de,01,00,00,01,00,00,00,03,00,00,00,a0,00,\
00,00,00,00,00,00,92,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,80,00,32,\
00,5e,00,00,00,2b,34,d2,95,20,00,4c,45,41,52,4e,4d,7e,31,2e,55,52,4c,00,00,\
56,00,03,00,04,00,ef,be,2b,34,d2,95,2b,34,d2,95,14,00,00,00,4c,00,65,00,61,\
00,72,00,6e,00,20,00,4d,00,6f,00,72,00,65,00,20,00,41,00,62,00,6f,00,75,00,\
74,00,20,00,57,00,68,00,65,00,6e,00,55,00,20,00,53,00,61,00,76,00,65,00,2e,\
00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,a6,00,00,00,01,00,00,00,98,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,86,00,32,00,61,00,00,00,2b,34,d2,95,20,00,4c,45,41,52,\
4e,4d,7e,32,2e,55,52,4c,00,00,5c,00,03,00,04,00,ef,be,2b,34,d2,95,2b,34,d2,\
95,14,00,00,00,4c,00,65,00,61,00,72,00,6e,00,20,00,4d,00,6f,00,72,00,65,00,\
20,00,41,00,62,00,6f,00,75,00,74,00,20,00,57,00,68,00,65,00,6e,00,55,00,20,\
00,53,00,61,00,76,00,65,00,4e,00,6f,00,77,00,2e,00,75,00,72,00,6c,00,00,00,\
1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,\
00,00,00,02,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,\
32,00,4c,00,00,00,2b,34,d2,95,20,00,57,48,45,4e,55,43,7e,31,2e,55,52,4c,00,\
00,42,00,03,00,04,00,ef,be,2b,34,d2,95,2b,34,d2,95,14,00,00,00,57,00,68,00,\
65,00,6e,00,55,00,2e,00,63,00,6f,00,6d,00,20,00,57,00,65,00,62,00,73,00,69,\
00,74,00,65,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,1c,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WhenUSearch]
"Order"=hex:08,00,00,00,02,00,00,00,ac,00,00,00,01,00,00,00,01,00,00,00,a0,00,\
00,00,00,00,00,00,92,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,80,00,32,\
00,2b,05,00,00,2b,34,d9,95,20,00,57,48,45,4e,55,53,7e,31,2e,4c,4e,4b,00,00,\
56,00,03,00,04,00,ef,be,2b,34,d9,95,0f,35,32,90,14,00,00,00,57,00,68,00,65,\
00,6e,00,55,00,53,00,65,00,61,00,72,00,63,00,68,00,20,00,44,00,65,00,73,00,\
6b,00,74,00,6f,00,70,00,20,00,54,00,6f,00,6f,00,6c,00,62,00,61,00,72,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,10,07,00,00,00,00,00,60,3a,ce,\
8b,4d,b6,c6,01,00,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\
61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,49,00,6e,00,73,00,74,\
00,61,00,6e,00,74,00,20,00,41,00,63,00,63,00,65,00,73,00,73,00,5c,00,4d,00,\
75,00,6c,00,74,00,69,00,5c,00,32,00,30,00,30,00,36,00,30,00,38,00,30,00,32,\
00,31,00,38,00,30,00,38,00,33,00,36,00,5c,00,69,00,6e,00,73,00,74,00,61,00,\
6e,00,74,00,20,00,61,00,63,00,63,00,65,00,73,00,73,00,2e,00,65,00,78,00,65,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhenUSearch]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,00,e0,02,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00,00,00
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access]
"DisplayName"="Instant Access"
"UninstallString"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE http://scripts.downloadv3.com/cleaner/D ... nstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WhenU]
"Order"=hex:08,00,00,00,02,00,00,00,de,01,00,00,01,00,00,00,03,00,00,00,a0,00,\
00,00,00,00,00,00,92,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,80,00,32,\
00,5e,00,00,00,2b,34,d2,95,20,00,4c,45,41,52,4e,4d,7e,31,2e,55,52,4c,00,00,\
56,00,03,00,04,00,ef,be,2b,34,d2,95,2b,34,d2,95,14,00,00,00,4c,00,65,00,61,\
00,72,00,6e,00,20,00,4d,00,6f,00,72,00,65,00,20,00,41,00,62,00,6f,00,75,00,\
74,00,20,00,57,00,68,00,65,00,6e,00,55,00,20,00,53,00,61,00,76,00,65,00,2e,\
00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00,a6,00,00,00,01,00,00,00,98,00,00,00,41,75,67,4d,02,\
00,00,00,01,00,00,00,86,00,32,00,61,00,00,00,2b,34,d2,95,20,00,4c,45,41,52,\
4e,4d,7e,32,2e,55,52,4c,00,00,5c,00,03,00,04,00,ef,be,2b,34,d2,95,2b,34,d2,\
95,14,00,00,00,4c,00,65,00,61,00,72,00,6e,00,20,00,4d,00,6f,00,72,00,65,00,\
20,00,41,00,62,00,6f,00,75,00,74,00,20,00,57,00,68,00,65,00,6e,00,55,00,20,\
00,53,00,61,00,76,00,65,00,4e,00,6f,00,77,00,2e,00,75,00,72,00,6c,00,00,00,\
1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,00,00,00,00,00,00,00,00,8c,\
00,00,00,02,00,00,00,7e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,6c,00,\
32,00,4c,00,00,00,2b,34,d2,95,20,00,57,48,45,4e,55,43,7e,31,2e,55,52,4c,00,\
00,42,00,03,00,04,00,ef,be,2b,34,d2,95,2b,34,d2,95,14,00,00,00,57,00,68,00,\
65,00,6e,00,55,00,2e,00,63,00,6f,00,6d,00,20,00,57,00,65,00,62,00,73,00,69,\
00,74,00,65,00,2e,00,75,00,72,00,6c,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,\
00,00,00,00,1c,00,00,00,00,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\WhenUSearch]
"Order"=hex:08,00,00,00,02,00,00,00,ac,00,00,00,01,00,00,00,01,00,00,00,a0,00,\
00,00,00,00,00,00,92,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,80,00,32,\
00,2b,05,00,00,2b,34,d9,95,20,00,57,48,45,4e,55,53,7e,31,2e,4c,4e,4b,00,00,\
56,00,03,00,04,00,ef,be,2b,34,d9,95,0f,35,32,90,14,00,00,00,57,00,68,00,65,\
00,6e,00,55,00,53,00,65,00,61,00,72,00,63,00,68,00,20,00,44,00,65,00,73,00,\
6b,00,74,00,6f,00,70,00,20,00,54,00,6f,00,6f,00,6c,00,62,00,61,00,72,00,2e,\
00,6c,00,6e,00,6b,00,00,00,1c,00,0e,00,00,00,0a,00,ef,be,00,00,00,00,1c,00,\
00,00,00,00,00,00,00,00
Ramon
Provedl jsem vyčištění Ccleanerem. Tady je výsledek MWAV:
Sun Oct 22 10:51:59 2006 => ERROR!!! Invalid Entry system32\DRIVERS\WLC811G.sys in SYSTEM\CurrentControlSet\Services\WLC811GPCI...
Sun Oct 22 10:51:52 2006 => ERROR!!! Invalid Entry System32\DRIVERS\atimtag.sys in SYSTEM\CurrentControlSet\Services\atimtag...
Sun Oct 22 10:55:00 2006 => ***** Scanning complete. *****
Sun Oct 22 10:55:00 2006 => Total Objects Scanned: 20757
Sun Oct 22 10:55:00 2006 => Total Critical Objects: 0
Sun Oct 22 10:55:00 2006 => Total Disinfected Objects: 0
Sun Oct 22 10:55:00 2006 => Total Objects Renamed: 0
Sun Oct 22 10:55:00 2006 => Total Deleted Objects: 0
Sun Oct 22 10:55:00 2006 => Total Errors: 2
Sun Oct 22 10:55:00 2006 => Time Elapsed: 00:03:53
Sun Oct 22 10:55:00 2006 => Virus Database Date: 10/22/2006
Sun Oct 22 10:55:00 2006 => Virus Database Count: 233792
Sun Oct 22 10:55:00 2006 => Scan Completed.
projistotu ještě přikládám log z Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:07:14, on 22.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CPU Status\CPUStatus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Dokumenty\wincmd\Wincmd32.exe
C:\temp\utility\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.programy-tv.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.111.2:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: CPU Status.lnk = C:\Program Files\CPU Status\CPUStatus.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7759897-7969-450D-B566-5BC3D4E305B7}: NameServer = 213.195.103.230,81.30.225.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCFA0074-C05C-49F3-B257-364CF67CC8FE}: NameServer = 81.30.225.2,81.30.225.6
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
potíže stále přetrvávají
Sun Oct 22 10:51:59 2006 => ERROR!!! Invalid Entry system32\DRIVERS\WLC811G.sys in SYSTEM\CurrentControlSet\Services\WLC811GPCI...
Sun Oct 22 10:51:52 2006 => ERROR!!! Invalid Entry System32\DRIVERS\atimtag.sys in SYSTEM\CurrentControlSet\Services\atimtag...
Sun Oct 22 10:55:00 2006 => ***** Scanning complete. *****
Sun Oct 22 10:55:00 2006 => Total Objects Scanned: 20757
Sun Oct 22 10:55:00 2006 => Total Critical Objects: 0
Sun Oct 22 10:55:00 2006 => Total Disinfected Objects: 0
Sun Oct 22 10:55:00 2006 => Total Objects Renamed: 0
Sun Oct 22 10:55:00 2006 => Total Deleted Objects: 0
Sun Oct 22 10:55:00 2006 => Total Errors: 2
Sun Oct 22 10:55:00 2006 => Time Elapsed: 00:03:53
Sun Oct 22 10:55:00 2006 => Virus Database Date: 10/22/2006
Sun Oct 22 10:55:00 2006 => Virus Database Count: 233792
Sun Oct 22 10:55:00 2006 => Scan Completed.
projistotu ještě přikládám log z Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 11:07:14, on 22.10.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CPU Status\CPUStatus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Dokumenty\wincmd\Wincmd32.exe
C:\temp\utility\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.programy-tv.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.111.2:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: CPU Status.lnk = C:\Program Files\CPU Status\CPUStatus.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7759897-7969-450D-B566-5BC3D4E305B7}: NameServer = 213.195.103.230,81.30.225.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCFA0074-C05C-49F3-B257-364CF67CC8FE}: NameServer = 81.30.225.2,81.30.225.6
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
potíže stále přetrvávají
Ramon
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 8 hostů