NOD32, spybot a kerio crasch! (vyřešeno)
Ted uz teda opravdu vypis z MWAVu:
Mon Jul 24 08:55:46 2006 => File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
Mon Jul 24 08:55:56 2006 => File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
Mon Jul 24 08:56:15 2006 => ERROR!!! Invalid Entry \??\C:\Documents and Settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys in SYSTEM\CurrentControlSet\Services\ids00026...
Mon Jul 24 08:57:21 2006 => File C:\WINDOWS\mtuninst.exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.u". Action Taken: No Action Taken.
Mon Jul 24 08:57:22 2006 => File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
Mon Jul 24 08:57:22 2006 => File C:\WINDOWS\NDNuninstall7_22.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken.
Mon Jul 24 08:58:57 2006 => File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
Mon Jul 24 08:59:07 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\FtpTempF\virus007.avc [**]
?
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus.avi [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus004.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus005.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus006.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus007.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus008.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus009.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus010.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus011.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus012.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus013.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus014.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus015.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus016.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus017.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus018.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus019.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus020.avc [**]
?
už sem se neorientoval tak radši takto:
File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bonzibuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bonzibuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bonzibuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\PhotoRecord.Album" refers to invalid object "{FEDCFFC1-BEC4-11D1-93B9-0060979C8AB8}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\HD2DS.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Fonts\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Czech\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Czech\subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\english\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\english\subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\EnglishUS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\EnglishUS\subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\french\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\french\subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\italian\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\italian\Subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\spanish\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\spanish\Subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Gamemovie\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\DFX\WMP\Announcements\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\DFX\WMP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\DFX\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dealio\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dealio\temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\DAO" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\DAO\DAO3032.DLL". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bmk". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".oct". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "eMedia Codec". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NOD32". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ToolbarICQToolbar.ICQToolbarObjectIEToolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{fe7ccec2-0f76-4921-bc75-caaf255cbbf2}". Action Taken: No Action Taken.
File C:\WINDOWS\mtuninst.exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.u". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall7_22.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken.
File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
Mon Jul 24 08:59:26 2006 => ***** Checking for specific ITW Viruses *****
Mon Jul 24 08:59:26 2006 => Checking for Welchia Virus...
Mon Jul 24 08:59:26 2006 => Checking for LovGate Virus...
Mon Jul 24 08:59:26 2006 => Checking for CodeRed Virus...
Mon Jul 24 08:59:26 2006 => Checking for OpaServ Virus...
Mon Jul 24 08:59:26 2006 => Checking for Sobig.e Virus...
Mon Jul 24 08:59:26 2006 => Checking for Winupie Virus...
Mon Jul 24 08:59:26 2006 => Checking for Swen Virus...
Mon Jul 24 08:59:26 2006 => Checking for JS.Fortnight Virus...
Mon Jul 24 08:59:26 2006 => Checking for Novarg Virus...
Mon Jul 24 08:59:26 2006 => Checking for Pagabot Virus...
Mon Jul 24 08:59:26 2006 => Checking for Parite.b Virus...
Mon Jul 24 08:59:26 2006 => Checking for Parite.a Virus...
Mon Jul 24 08:59:26 2006 => Checking for Adware.SeekSeek Virus...
Mon Jul 24 08:59:26 2006 => ***** Scanning complete. *****
Mon Jul 24 08:59:26 2006 => Total Objects Scanned: 22317
Mon Jul 24 08:59:26 2006 => Total Critical Objects: 10
Mon Jul 24 08:59:26 2006 => Total Disinfected Objects: 0
Mon Jul 24 08:59:26 2006 => Total Objects Renamed: 0
Mon Jul 24 08:59:26 2006 => Total Deleted Objects: 0
Mon Jul 24 08:59:26 2006 => Total Errors: 49
Mon Jul 24 08:59:26 2006 => Time Elapsed: 00:03:55
Mon Jul 24 08:59:26 2006 => Virus Database Date: 7/24/2006
Mon Jul 24 08:59:26 2006 => Virus Database Count: 209452
Mon Jul 24 08:55:46 2006 => File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
Mon Jul 24 08:55:56 2006 => File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
Mon Jul 24 08:56:15 2006 => ERROR!!! Invalid Entry \??\C:\Documents and Settings\All Users\Data aplikací\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys in SYSTEM\CurrentControlSet\Services\ids00026...
Mon Jul 24 08:57:21 2006 => File C:\WINDOWS\mtuninst.exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.u". Action Taken: No Action Taken.
Mon Jul 24 08:57:22 2006 => File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
Mon Jul 24 08:57:22 2006 => File C:\WINDOWS\NDNuninstall7_22.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken.
Mon Jul 24 08:58:57 2006 => File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
Mon Jul 24 08:59:07 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\FtpTempF\virus007.avc [**]
?
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus.avi [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus004.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus005.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus006.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus007.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus008.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus009.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus010.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus011.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus012.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus013.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus014.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus015.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus016.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus017.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus018.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus019.avc [**]
Mon Jul 24 08:59:23 2006 => Scanning File C:\DOCUME~1\admin\LOCALS~1\Temp\virus020.avc [**]
?
už sem se neorientoval tak radši takto:
File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bonzibuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bonzibuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bonzibuddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\PhotoRecord.Album" refers to invalid object "{FEDCFFC1-BEC4-11D1-93B9-0060979C8AB8}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\HD2DS.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Fonts\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Czech\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\Czech\subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\english\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\english\subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\EnglishUS\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\EnglishUS\subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\french\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\french\subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\italian\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\italian\Subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\spanish\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Text\spanish\Subtitles\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\Gamemovie\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\DFX\WMP\Announcements\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\DFX\WMP\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\DFX\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dealio\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Dealio\temp\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\DAO" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\DAO\DAO3032.DLL". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bmk". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".oct". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "eMedia Codec". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NOD32". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ToolbarICQToolbar.ICQToolbarObjectIEToolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{fe7ccec2-0f76-4921-bc75-caaf255cbbf2}". Action Taken: No Action Taken.
File C:\WINDOWS\mtuninst.exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.u". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_38.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall7_22.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet.e". Action Taken: No Action Taken.
File C:\WINDOWS\system32\wintems.exe infected by "Email-Worm.Win32.Bagle.gi" Virus! Action Taken: No Action Taken.
Mon Jul 24 08:59:26 2006 => ***** Checking for specific ITW Viruses *****
Mon Jul 24 08:59:26 2006 => Checking for Welchia Virus...
Mon Jul 24 08:59:26 2006 => Checking for LovGate Virus...
Mon Jul 24 08:59:26 2006 => Checking for CodeRed Virus...
Mon Jul 24 08:59:26 2006 => Checking for OpaServ Virus...
Mon Jul 24 08:59:26 2006 => Checking for Sobig.e Virus...
Mon Jul 24 08:59:26 2006 => Checking for Winupie Virus...
Mon Jul 24 08:59:26 2006 => Checking for Swen Virus...
Mon Jul 24 08:59:26 2006 => Checking for JS.Fortnight Virus...
Mon Jul 24 08:59:26 2006 => Checking for Novarg Virus...
Mon Jul 24 08:59:26 2006 => Checking for Pagabot Virus...
Mon Jul 24 08:59:26 2006 => Checking for Parite.b Virus...
Mon Jul 24 08:59:26 2006 => Checking for Parite.a Virus...
Mon Jul 24 08:59:26 2006 => Checking for Adware.SeekSeek Virus...
Mon Jul 24 08:59:26 2006 => ***** Scanning complete. *****
Mon Jul 24 08:59:26 2006 => Total Objects Scanned: 22317
Mon Jul 24 08:59:26 2006 => Total Critical Objects: 10
Mon Jul 24 08:59:26 2006 => Total Disinfected Objects: 0
Mon Jul 24 08:59:26 2006 => Total Objects Renamed: 0
Mon Jul 24 08:59:26 2006 => Total Deleted Objects: 0
Mon Jul 24 08:59:26 2006 => Total Errors: 49
Mon Jul 24 08:59:26 2006 => Time Elapsed: 00:03:55
Mon Jul 24 08:59:26 2006 => Virus Database Date: 7/24/2006
Mon Jul 24 08:59:26 2006 => Virus Database Count: 209452
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Takže smaž ještě tyto soubory - nejlépe zase přes Killbox s restartem:
Na šmejda Bonzibuddy se musíš podívat po disku na tyhle soubory a registry:
bbsetupad1.exe
agentsvr.exe-002e45ab.pf
agentsvr.exe-2e0b3a35.pf
bbsetupmss.exe
bbsmar~2.exe-07e9ade6.pf
bbsmartsetup.exe
bbsmartstubfal.exe
bbuddy~1.exe-13d276bc.pf
bbuddymini.exe
bonzi.acs
bonzi.url
bonzibdy.exe
bonzibdy.exe-2603b754.pf
bonzibuddy.lnk
bonzibuddy.txt
bonzibuddyuninstall.exe
bonzictb.dll
bonzitapfilters.dll
glb2.tmp-0890585f.pf
glba.tmp-259e75b5.pf
gljc.tmp-3189723e.pf
grpconv.exe-111cd845.pf
install.log
msagent.exe-2fa66abe.pf
restart.exe-0fff213d.pf
spchapi.exe-28f57ba4.pf
speed up my computer.url
tv_enua.exe-2ee94b5f.pf
uninstall bonzibuddy.lnk
webcompass.dll
webcompassbar.dll
commonprograms+\bonzibuddy.lnk
commonprograms+\bonzibuddy\bonzibuddy.lnk
commonprograms+\bonzibuddy\uninstall bonzibuddy.lnk
desktopdir+\bonzibuddy.lnk
desktopdir+\download bonzibuddy now - free!.lnk
desktopdir+\finish installing....lnk
profilepath+\administrator\start menu\programs\bonzibuddy\bonzibuddy.lnk
programfilesdir+\audiogalaxy satellite\bbshortcut.ico
bbsetuphom.exe
bbsetuphom.exe-29ffd054.pf
programfilesdir+\bonzi.com web compass\wcinst.exe
programfilesdir+\bonzi.com web compass\wclogic.dll
programfilesdir+\bonzi.com web compass\webcompass.dll
programfilesdir+\bonzibuddy\bbsmartsetup.exe
programfilesdir+\bonzibuddy\bbsmartstubfal.exe
programfilesdir+\bonzibuddy\bbuddymini.exe
programfilesdir+\bonzibuddy\bonzibdy.exe
programfilesdir+\bonzibuddy\bonzibuddyuninstall.exe
programfilesdir+\bonzibuddy\bonzictb.dll
programfilesdir+\bonzibuddy\msagent.exe
programfilesdir+\bonzibuddy\savenowinst.exe
programfilesdir+\bonzibuddy\tv_enua.exe
programfilesdir+\limewire\2.4.1\bonzi.url
startupfolder+\bonzibuddy.lnk
startupfolder+\finish installing....lnk
startupfolder+\messenger-pro 3.lnk
startupfolder+\umax vistaaccess.lnk
systemroot+\bbshortcut.ico
systemroot+\desktop\bonzibuddy.lnk
systemroot+\desktop\free bonzibuddy.lnk
systemroot+\start menu\programs\bonzibuddy.lnk
programfilesdir+\bonzibuddy\spchapi.exe
systemroot+\system\bonzitapfilters.dll
systemroot+\system\webcompass.dll
systemroot+\system32\bonzitapfilters.dll
systemroot+\windows\svcwms.exe
systemroot+\system32\webcompass.dll
systemroot+\windows\prefetch\svcwms.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run bonzibuddy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run clickthebutton
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\program files\bonzibuddy\bbuddymini.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\program files\limewire\2.8.6\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\program files\limewire\3.6.15\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\msagent\chars\short.acs
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\system\iehelpermiddleman.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\system32\bonzitapfilters.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\winnt\system32\bonzitapfilters.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls d:\program files\bonzibuddy\bbuddymini.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls d:\program files\limewire\3.6.6\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls d:\winnt\system32\bonzitapfilters.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bonzibuddy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bonzibuddy displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bonzibuddy uninstallstring
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object eventmessagefile
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object typessupported
HKEY_CLASSES_ROOT\.bbma
HKEY_CLASSES_ROOT\.bonzimail_message
HKEY_CLASSES_ROOT\bonzibdy.document
HKEY_CLASSES_ROOT\bonzibuddy.ccalendarvbperiod
HKEY_CLASSES_ROOT\bonzibuddy.ccalendarvbperiods
HKEY_CLASSES_ROOT\bonzibuddy.ccalendarvbperiods\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsaddressbook
HKEY_CLASSES_ROOT\bonzibuddy.clsaddressbook\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsbbplayer
HKEY_CLASSES_ROOT\bonzibuddy.clsbbplayer\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsclickthebutton
HKEY_CLASSES_ROOT\bonzibuddy.clsclickthebutton\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsdownloadmanager
HKEY_CLASSES_ROOT\bonzibuddy.clsdownloadmanager\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsregistration
HKEY_CLASSES_ROOT\bonzibuddy.clsregistration\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsstoryreader
HKEY_CLASSES_ROOT\bonzibuddy.clsstoryreader\clsid
HKEY_CLASSES_ROOT\bonzibuddy.cperiod
HKEY_CLASSES_ROOT\bonzibuddy.cperiod\clsid
HKEY_CLASSES_ROOT\bonzibuddy.cperiods
HKEY_CLASSES_ROOT\bonzibuddy.cperiods\clsid
HKEY_CLASSES_ROOT\bonzictbhelper.clsbonzictbhelper
HKEY_CLASSES_ROOT\bonzictbhelper.clsbonzictbhelper\clsid
HKEY_CLASSES_ROOT\bonzimail_messagefile
HKEY_CLASSES_ROOT\bonzimail_messagefile\defaulticon
HKEY_CLASSES_ROOT\bonzimail_messagefile\shell\open\command
HKEY_CLASSES_ROOT\bonzitapfilters.clsbonzicontent
HKEY_CLASSES_ROOT\bonzitapfilters.clsbonzicontent\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandclosetoast
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandclosetoast\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommanddownloadfile
HKEY_CLASSES_ROOT\bonzitapfilters.clscommanddownloadfile\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandhttppost
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandhttppost\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgbox
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgbox\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgboxonno
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgboxonno\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgboxonyes
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgboxonyes\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandopenweb
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandopenweb\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandplay
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandplay\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandraiseevent
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandraiseevent\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandsetiehomepage
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandsetiehomepage\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandshowtoast
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandshowtoast\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandspeak
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandspeak\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscontent
HKEY_CLASSES_ROOT\bonzitapfilters.clscontent\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clsfiltration
HKEY_CLASSES_ROOT\bonzitapfilters.clsfiltration\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clssubscription
HKEY_CLASSES_ROOT\bonzitapfilters.clssubscription\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clstapevent
HKEY_CLASSES_ROOT\bonzitapfilters.clstapevent\clsid
HKEY_CLASSES_ROOT\clsid\{210787c2-92b0-4776-8e80-14c02174893d}
HKEY_CLASSES_ROOT\clsid\{22eb59ae-1cb8-4153-9dfc-b5ce048357cf}
HKEY_CLASSES_ROOT\clsid\{3b89ad5a-42a2-4258-9242-d67eb0c80442}
HKEY_CLASSES_ROOT\clsid\{50a2c2b1-5a56-4183-b1d0-3f59877bad60}
HKEY_CLASSES_ROOT\clsid\{53f082c5-72fe-49d5-a34f-c054cad30dd0}
HKEY_CLASSES_ROOT\clsid\{57da7e73-b94f-49a2-9fef-9f4b40c8e221}
HKEY_CLASSES_ROOT\clsid\{5d11b6dc-358a-44b3-b2ac-22b5dcbc936b}
HKEY_CLASSES_ROOT\clsid\{6a96c266-f125-4d60-8be0-c247349a7ce4}
HKEY_CLASSES_ROOT\clsid\{7b6b6079-a483-43f4-9376-1cc374ba3600}
HKEY_CLASSES_ROOT\clsid\{7c3845b5-4b34-43ce-99de-3bfad5308e68}
HKEY_CLASSES_ROOT\clsid\{82ca10ae-d2f8-441e-a01d-4dfc46f37612}
HKEY_CLASSES_ROOT\clsid\{837cca31-1813-40ea-80bc-aba9d97cb64b}
HKEY_CLASSES_ROOT\clsid\{856b6cbe-b0c1-4b4d-8586-2d6e9df3e4f2}
HKEY_CLASSES_ROOT\clsid\{86e5d750-02eb-11d3-a464-0080c858f182}
HKEY_CLASSES_ROOT\clsid\{962f96f8-624c-4b0e-b055-f2f1d1deff0e}
HKEY_CLASSES_ROOT\clsid\{a031fbf6-81a7-4440-9e20-51abb2289e4b}
HKEY_CLASSES_ROOT\clsid\{a28c2a31-3ab0-4118-922f-f6b3184f5495}
HKEY_CLASSES_ROOT\clsid\{a7aa73e0-f6f9-4967-b209-aa1b11c47dcf}
HKEY_CLASSES_ROOT\clsid\{aaa403c6-03b3-11d3-a465-0080c858f182}
HKEY_CLASSES_ROOT\clsid\{aab7faed-91f8-4591-8e4c-9291d2b7f381}
HKEY_CLASSES_ROOT\clsid\{cb6f59f9-fa69-4d14-9d96-4bb3190e3df5}
HKEY_CLASSES_ROOT\clsid\{d3cd5f89-bfe3-4bad-ac10-25751a08811c}
HKEY_CLASSES_ROOT\clsid\{d985e1b8-e314-4d36-b095-ebd4c5295f69}
HKEY_CLASSES_ROOT\clsid\{e26dd3cd-b06c-47ba-9766-5f264b858e09}
HKEY_CLASSES_ROOT\clsid\{e509d0e0-da02-4d16-ba63-70f23cac74c8}
HKEY_CLASSES_ROOT\clsid\{f2394898-748d-4415-8ce8-65e429445b33}
HKEY_CLASSES_ROOT\clsid\{f4900f5d-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f67-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f6a-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f8d-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f96-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f5a31f2f-122f-4615-a9b7-90841538ec7c}
HKEY_CLASSES_ROOT\clsid\{f77a2b0f-476c-4536-beb1-2cb17ca6bcbc}
HKEY_CLASSES_ROOT\clsid\{f8b44545-c2e0-46c3-b78b-11e821c9d2e1}
HKEY_CLASSES_ROOT\clsid\{f91f3264-454b-45be-a402-fe0e56bb9315}
HKEY_CLASSES_ROOT\clsid\{fe56c7a2-aaf1-47f2-9b68-4057d7ff5b4a}
HKEY_CLASSES_ROOT\interface\{0570bf7b-e1bf-4ef3-bc37-7ae3f54bd605}
HKEY_CLASSES_ROOT\interface\{120c5484-09ba-4936-98b9-1b0c15c9ce5e}
HKEY_CLASSES_ROOT\interface\{159c2806-4a71-45b4-8d4e-74c181cd6842}
HKEY_CLASSES_ROOT\interface\{17b3c2cb-6697-4736-bee7-69f363f1f35e}
HKEY_CLASSES_ROOT\interface\{22df5084-12bc-4c98-8044-4fad06f4119a}
HKEY_CLASSES_ROOT\interface\{28e4193c-f276-4568-bcdc-dd15d88fadcc}
HKEY_CLASSES_ROOT\interface\{3d08842d-983e-4226-8d6e-612965eb32d9}
HKEY_CLASSES_ROOT\interface\{44279f35-8ed3-4234-9d61-069ae93efbec}
HKEY_CLASSES_ROOT\interface\{4bbfaacc-619c-4a9d-a32c-a8b3453ce783}
HKEY_CLASSES_ROOT\interface\{565029f7-d84e-4edc-bf87-a204645da3ea}
HKEY_CLASSES_ROOT\interface\{6549f504-c43a-43f3-b8cd-d077af0427c8}
HKEY_CLASSES_ROOT\interface\{6a96c266-f125-4d60-8be0-c247349a7ce4}
HKEY_CLASSES_ROOT\interface\{6dc6a7a5-0862-406e-8fd9-e4d5adb93aed}
HKEY_CLASSES_ROOT\interface\{7679e16d-9af0-439d-be07-7bff15459c59}
HKEY_CLASSES_ROOT\interface\{86e5d74f-02eb-11d3-a464-0080c858f182}
HKEY_CLASSES_ROOT\interface\{86e5d751-02eb-11d3-a464-0080c858f182}
HKEY_CLASSES_ROOT\interface\{89e800de-5c96-4802-8da6-2cf50c9d19af}
HKEY_CLASSES_ROOT\interface\{8cfc92fa-7057-4a98-a3be-9c34d3d255fd}
HKEY_CLASSES_ROOT\interface\{8db2224e-d2fa-4b2e-8402-085ea7cc826b}
HKEY_CLASSES_ROOT\interface\{8e71a3f9-cecf-4dc4-accf-3dd01c843a45}
HKEY_CLASSES_ROOT\interface\{916694a8-8ad6-11d2-b6fd-0060976c699f}
HKEY_CLASSES_ROOT\interface\{916694a9-8ad6-11d2-b6fd-0060976c699f}
HKEY_CLASSES_ROOT\interface\{993d6cac-49a8-40d9-bd97-405281136e78}
HKEY_CLASSES_ROOT\interface\{9fbcd665-010a-4c21-be40-9de2bdf34e50}
HKEY_CLASSES_ROOT\interface\{a4e0988e-24be-4570-b4d8-982f1386e0c6}
HKEY_CLASSES_ROOT\interface\{a56be8e7-6b37-43dd-88f4-6d42e57ca1d7}
HKEY_CLASSES_ROOT\interface\{b2676d5b-8d53-4569-af2c-a55a0d90c132}
HKEY_CLASSES_ROOT\interface\{bd6f0855-7792-4131-a06f-aa2a991e0549}
HKEY_CLASSES_ROOT\interface\{cb6f59f9-fa69-4d14-9d96-4bb3190e3df5}
HKEY_CLASSES_ROOT\interface\{d7ba20a4-7049-416f-a7e4-97530442d62f}
HKEY_CLASSES_ROOT\interface\{dacb7a39-cc0d-4b85-908b-10d2451761a5}
HKEY_CLASSES_ROOT\interface\{f4043742-ac8d-4f86-88e9-f3fd3369dd8c}
HKEY_CLASSES_ROOT\interface\{f4900f66-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{f4900f68-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{f4900f69-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{f4900f6b-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{f4900f8c-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{f4900f95-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{fdf3d1e0-2da2-4238-af4f-026670289749}
HKEY_CLASSES_ROOT\mime\database\content type\application /bonzi-mail-message
HKEY_CLASSES_ROOT\mime\database\content type\application/bonzi-mail-message
HKEY_CLASSES_ROOT\registrycontrol.regicon
HKEY_CLASSES_ROOT\registrycontrol.regicon\clsid
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a28c2a31-3ab0-4118-922f-f6b3184f5495}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\shareddlls d:\windows\system32\bonzitapfilters.dll
HKEY_CLASSES_ROOT\typelib\{50a2c2b1-5a56-4183-b1d0-3f59877bad60}
HKEY_CLASSES_ROOT\typelib\{86e5d740-02eb-11d3-a464-0080c858f182}
HKEY_CLASSES_ROOT\typelib\{aab7faed-91f8-4591-8e4c-9291d2b7f381}
HKEY_CLASSES_ROOT\typelib\{f4900f5d-055f-11d4-8f9b-00104ba312d6}
HKEY_CURRENT_USER\software\vb and vba program settings bonzibuddy
HKEY_CURRENT_USER\software\vb and vba program settings\bonzibuddy
HKEY_LOCAL_MACHINE\software\bonzi software
HKEY_LOCAL_MACHINE\software\classes\mime\database\content type\application/bonzi-mail-message extension
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a28c2a31-3ab0-4118-922f-f6b3184f5495}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run bonzi buddy
Můžeš tam mít jen jednu položku z nich a už to mwav hlásí. Ale není aktivní.
Pro Zipitpro jsou to tyhle soubory:
avpupd.exe-009f51bf.pf
c:\zipitpro\cabinet.dll
c:\zipitpro\gate.exe
c:\zipitpro\help\all_actions.htm
c:\zipitpro\help\index.htm
c:\zipitpro\help\index_menu.htm
c:\zipitpro\help\keyboard_layout.htm
c:\zipitpro\help\license.htm
c:\zipitpro\help\what_is_an_archive.htm
c:\zipitpro\help\what_is_zipitfast.htm
c:\zipitpro\help\zipitfast.htm
c:\zipitpro\irunin.ini
c:\zipitpro\skinz\default\skin.ini
c:\zipitpro\skinz\speeditup\skin.ini
c:\zipitpro\skinz\windowsxp\skin.ini
c:\zipitpro\thank.exe
c:\zipitpro\unace.dll
c:\zipitpro\unrar.dll
c:\zipitpro\zipitfast.exe
c:\zipitpro\zshellad.dll
c:\zipitpro\zshellex.dll
commonprograms+\zipitfast pro 3.0\history.lnk
commonprograms+\zipitfast pro 3.0\readme.txt.lnk
commonprograms+\zipitfast pro 3.0\zipitfast pro.lnk
desktopdir+\kill annoying popup ads.lnk
desktopdir+\zipitfast pro.lnk
ethereal.exe-1c148eef.pf
irsetup.exe-0de0091d.pf
iun6002.exe
mergecalic.exe-1c19a61e.pf
profilepath+\local settings\temp\irsetup.exe
profilepath+\local settings\temp\irsetup.ini
rundll32.exe-268bff96.pf
showbehind.exe-198e0a77.pf
thank.exe-15644fe3.pf
zipit3[1].exe-2c928677.pf
zipitpro.txt
Opět to bude jediný soubor. Takže až to najdeš smaž to a měl bys mít čistý komp.
Kód: Vybrat vše
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\mtuninst.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_22.exe Na šmejda Bonzibuddy se musíš podívat po disku na tyhle soubory a registry:
bbsetupad1.exe
agentsvr.exe-002e45ab.pf
agentsvr.exe-2e0b3a35.pf
bbsetupmss.exe
bbsmar~2.exe-07e9ade6.pf
bbsmartsetup.exe
bbsmartstubfal.exe
bbuddy~1.exe-13d276bc.pf
bbuddymini.exe
bonzi.acs
bonzi.url
bonzibdy.exe
bonzibdy.exe-2603b754.pf
bonzibuddy.lnk
bonzibuddy.txt
bonzibuddyuninstall.exe
bonzictb.dll
bonzitapfilters.dll
glb2.tmp-0890585f.pf
glba.tmp-259e75b5.pf
gljc.tmp-3189723e.pf
grpconv.exe-111cd845.pf
install.log
msagent.exe-2fa66abe.pf
restart.exe-0fff213d.pf
spchapi.exe-28f57ba4.pf
speed up my computer.url
tv_enua.exe-2ee94b5f.pf
uninstall bonzibuddy.lnk
webcompass.dll
webcompassbar.dll
commonprograms+\bonzibuddy.lnk
commonprograms+\bonzibuddy\bonzibuddy.lnk
commonprograms+\bonzibuddy\uninstall bonzibuddy.lnk
desktopdir+\bonzibuddy.lnk
desktopdir+\download bonzibuddy now - free!.lnk
desktopdir+\finish installing....lnk
profilepath+\administrator\start menu\programs\bonzibuddy\bonzibuddy.lnk
programfilesdir+\audiogalaxy satellite\bbshortcut.ico
bbsetuphom.exe
bbsetuphom.exe-29ffd054.pf
programfilesdir+\bonzi.com web compass\wcinst.exe
programfilesdir+\bonzi.com web compass\wclogic.dll
programfilesdir+\bonzi.com web compass\webcompass.dll
programfilesdir+\bonzibuddy\bbsmartsetup.exe
programfilesdir+\bonzibuddy\bbsmartstubfal.exe
programfilesdir+\bonzibuddy\bbuddymini.exe
programfilesdir+\bonzibuddy\bonzibdy.exe
programfilesdir+\bonzibuddy\bonzibuddyuninstall.exe
programfilesdir+\bonzibuddy\bonzictb.dll
programfilesdir+\bonzibuddy\msagent.exe
programfilesdir+\bonzibuddy\savenowinst.exe
programfilesdir+\bonzibuddy\tv_enua.exe
programfilesdir+\limewire\2.4.1\bonzi.url
startupfolder+\bonzibuddy.lnk
startupfolder+\finish installing....lnk
startupfolder+\messenger-pro 3.lnk
startupfolder+\umax vistaaccess.lnk
systemroot+\bbshortcut.ico
systemroot+\desktop\bonzibuddy.lnk
systemroot+\desktop\free bonzibuddy.lnk
systemroot+\start menu\programs\bonzibuddy.lnk
programfilesdir+\bonzibuddy\spchapi.exe
systemroot+\system\bonzitapfilters.dll
systemroot+\system\webcompass.dll
systemroot+\system32\bonzitapfilters.dll
systemroot+\windows\svcwms.exe
systemroot+\system32\webcompass.dll
systemroot+\windows\prefetch\svcwms.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run bonzibuddy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run clickthebutton
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\program files\bonzibuddy\bbuddymini.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\program files\limewire\2.8.6\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\program files\limewire\3.6.15\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\msagent\chars\short.acs
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\system\iehelpermiddleman.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\system32\bonzitapfilters.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\winnt\system32\bonzitapfilters.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls d:\program files\bonzibuddy\bbuddymini.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls d:\program files\limewire\3.6.6\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls d:\winnt\system32\bonzitapfilters.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bonzibuddy
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bonzibuddy displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bonzibuddy uninstallstring
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object eventmessagefile
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\eventlog\application\easymail pop3 object typessupported
HKEY_CLASSES_ROOT\.bbma
HKEY_CLASSES_ROOT\.bonzimail_message
HKEY_CLASSES_ROOT\bonzibdy.document
HKEY_CLASSES_ROOT\bonzibuddy.ccalendarvbperiod
HKEY_CLASSES_ROOT\bonzibuddy.ccalendarvbperiods
HKEY_CLASSES_ROOT\bonzibuddy.ccalendarvbperiods\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsaddressbook
HKEY_CLASSES_ROOT\bonzibuddy.clsaddressbook\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsbbplayer
HKEY_CLASSES_ROOT\bonzibuddy.clsbbplayer\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsclickthebutton
HKEY_CLASSES_ROOT\bonzibuddy.clsclickthebutton\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsdownloadmanager
HKEY_CLASSES_ROOT\bonzibuddy.clsdownloadmanager\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsregistration
HKEY_CLASSES_ROOT\bonzibuddy.clsregistration\clsid
HKEY_CLASSES_ROOT\bonzibuddy.clsstoryreader
HKEY_CLASSES_ROOT\bonzibuddy.clsstoryreader\clsid
HKEY_CLASSES_ROOT\bonzibuddy.cperiod
HKEY_CLASSES_ROOT\bonzibuddy.cperiod\clsid
HKEY_CLASSES_ROOT\bonzibuddy.cperiods
HKEY_CLASSES_ROOT\bonzibuddy.cperiods\clsid
HKEY_CLASSES_ROOT\bonzictbhelper.clsbonzictbhelper
HKEY_CLASSES_ROOT\bonzictbhelper.clsbonzictbhelper\clsid
HKEY_CLASSES_ROOT\bonzimail_messagefile
HKEY_CLASSES_ROOT\bonzimail_messagefile\defaulticon
HKEY_CLASSES_ROOT\bonzimail_messagefile\shell\open\command
HKEY_CLASSES_ROOT\bonzitapfilters.clsbonzicontent
HKEY_CLASSES_ROOT\bonzitapfilters.clsbonzicontent\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandclosetoast
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandclosetoast\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommanddownloadfile
HKEY_CLASSES_ROOT\bonzitapfilters.clscommanddownloadfile\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandhttppost
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandhttppost\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgbox
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgbox\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgboxonno
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgboxonno\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgboxonyes
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandmsgboxonyes\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandopenweb
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandopenweb\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandplay
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandplay\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandraiseevent
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandraiseevent\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandsetiehomepage
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandsetiehomepage\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandshowtoast
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandshowtoast\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandspeak
HKEY_CLASSES_ROOT\bonzitapfilters.clscommandspeak\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clscontent
HKEY_CLASSES_ROOT\bonzitapfilters.clscontent\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clsfiltration
HKEY_CLASSES_ROOT\bonzitapfilters.clsfiltration\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clssubscription
HKEY_CLASSES_ROOT\bonzitapfilters.clssubscription\clsid
HKEY_CLASSES_ROOT\bonzitapfilters.clstapevent
HKEY_CLASSES_ROOT\bonzitapfilters.clstapevent\clsid
HKEY_CLASSES_ROOT\clsid\{210787c2-92b0-4776-8e80-14c02174893d}
HKEY_CLASSES_ROOT\clsid\{22eb59ae-1cb8-4153-9dfc-b5ce048357cf}
HKEY_CLASSES_ROOT\clsid\{3b89ad5a-42a2-4258-9242-d67eb0c80442}
HKEY_CLASSES_ROOT\clsid\{50a2c2b1-5a56-4183-b1d0-3f59877bad60}
HKEY_CLASSES_ROOT\clsid\{53f082c5-72fe-49d5-a34f-c054cad30dd0}
HKEY_CLASSES_ROOT\clsid\{57da7e73-b94f-49a2-9fef-9f4b40c8e221}
HKEY_CLASSES_ROOT\clsid\{5d11b6dc-358a-44b3-b2ac-22b5dcbc936b}
HKEY_CLASSES_ROOT\clsid\{6a96c266-f125-4d60-8be0-c247349a7ce4}
HKEY_CLASSES_ROOT\clsid\{7b6b6079-a483-43f4-9376-1cc374ba3600}
HKEY_CLASSES_ROOT\clsid\{7c3845b5-4b34-43ce-99de-3bfad5308e68}
HKEY_CLASSES_ROOT\clsid\{82ca10ae-d2f8-441e-a01d-4dfc46f37612}
HKEY_CLASSES_ROOT\clsid\{837cca31-1813-40ea-80bc-aba9d97cb64b}
HKEY_CLASSES_ROOT\clsid\{856b6cbe-b0c1-4b4d-8586-2d6e9df3e4f2}
HKEY_CLASSES_ROOT\clsid\{86e5d750-02eb-11d3-a464-0080c858f182}
HKEY_CLASSES_ROOT\clsid\{962f96f8-624c-4b0e-b055-f2f1d1deff0e}
HKEY_CLASSES_ROOT\clsid\{a031fbf6-81a7-4440-9e20-51abb2289e4b}
HKEY_CLASSES_ROOT\clsid\{a28c2a31-3ab0-4118-922f-f6b3184f5495}
HKEY_CLASSES_ROOT\clsid\{a7aa73e0-f6f9-4967-b209-aa1b11c47dcf}
HKEY_CLASSES_ROOT\clsid\{aaa403c6-03b3-11d3-a465-0080c858f182}
HKEY_CLASSES_ROOT\clsid\{aab7faed-91f8-4591-8e4c-9291d2b7f381}
HKEY_CLASSES_ROOT\clsid\{cb6f59f9-fa69-4d14-9d96-4bb3190e3df5}
HKEY_CLASSES_ROOT\clsid\{d3cd5f89-bfe3-4bad-ac10-25751a08811c}
HKEY_CLASSES_ROOT\clsid\{d985e1b8-e314-4d36-b095-ebd4c5295f69}
HKEY_CLASSES_ROOT\clsid\{e26dd3cd-b06c-47ba-9766-5f264b858e09}
HKEY_CLASSES_ROOT\clsid\{e509d0e0-da02-4d16-ba63-70f23cac74c8}
HKEY_CLASSES_ROOT\clsid\{f2394898-748d-4415-8ce8-65e429445b33}
HKEY_CLASSES_ROOT\clsid\{f4900f5d-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f67-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f6a-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f8d-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f4900f96-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\clsid\{f5a31f2f-122f-4615-a9b7-90841538ec7c}
HKEY_CLASSES_ROOT\clsid\{f77a2b0f-476c-4536-beb1-2cb17ca6bcbc}
HKEY_CLASSES_ROOT\clsid\{f8b44545-c2e0-46c3-b78b-11e821c9d2e1}
HKEY_CLASSES_ROOT\clsid\{f91f3264-454b-45be-a402-fe0e56bb9315}
HKEY_CLASSES_ROOT\clsid\{fe56c7a2-aaf1-47f2-9b68-4057d7ff5b4a}
HKEY_CLASSES_ROOT\interface\{0570bf7b-e1bf-4ef3-bc37-7ae3f54bd605}
HKEY_CLASSES_ROOT\interface\{120c5484-09ba-4936-98b9-1b0c15c9ce5e}
HKEY_CLASSES_ROOT\interface\{159c2806-4a71-45b4-8d4e-74c181cd6842}
HKEY_CLASSES_ROOT\interface\{17b3c2cb-6697-4736-bee7-69f363f1f35e}
HKEY_CLASSES_ROOT\interface\{22df5084-12bc-4c98-8044-4fad06f4119a}
HKEY_CLASSES_ROOT\interface\{28e4193c-f276-4568-bcdc-dd15d88fadcc}
HKEY_CLASSES_ROOT\interface\{3d08842d-983e-4226-8d6e-612965eb32d9}
HKEY_CLASSES_ROOT\interface\{44279f35-8ed3-4234-9d61-069ae93efbec}
HKEY_CLASSES_ROOT\interface\{4bbfaacc-619c-4a9d-a32c-a8b3453ce783}
HKEY_CLASSES_ROOT\interface\{565029f7-d84e-4edc-bf87-a204645da3ea}
HKEY_CLASSES_ROOT\interface\{6549f504-c43a-43f3-b8cd-d077af0427c8}
HKEY_CLASSES_ROOT\interface\{6a96c266-f125-4d60-8be0-c247349a7ce4}
HKEY_CLASSES_ROOT\interface\{6dc6a7a5-0862-406e-8fd9-e4d5adb93aed}
HKEY_CLASSES_ROOT\interface\{7679e16d-9af0-439d-be07-7bff15459c59}
HKEY_CLASSES_ROOT\interface\{86e5d74f-02eb-11d3-a464-0080c858f182}
HKEY_CLASSES_ROOT\interface\{86e5d751-02eb-11d3-a464-0080c858f182}
HKEY_CLASSES_ROOT\interface\{89e800de-5c96-4802-8da6-2cf50c9d19af}
HKEY_CLASSES_ROOT\interface\{8cfc92fa-7057-4a98-a3be-9c34d3d255fd}
HKEY_CLASSES_ROOT\interface\{8db2224e-d2fa-4b2e-8402-085ea7cc826b}
HKEY_CLASSES_ROOT\interface\{8e71a3f9-cecf-4dc4-accf-3dd01c843a45}
HKEY_CLASSES_ROOT\interface\{916694a8-8ad6-11d2-b6fd-0060976c699f}
HKEY_CLASSES_ROOT\interface\{916694a9-8ad6-11d2-b6fd-0060976c699f}
HKEY_CLASSES_ROOT\interface\{993d6cac-49a8-40d9-bd97-405281136e78}
HKEY_CLASSES_ROOT\interface\{9fbcd665-010a-4c21-be40-9de2bdf34e50}
HKEY_CLASSES_ROOT\interface\{a4e0988e-24be-4570-b4d8-982f1386e0c6}
HKEY_CLASSES_ROOT\interface\{a56be8e7-6b37-43dd-88f4-6d42e57ca1d7}
HKEY_CLASSES_ROOT\interface\{b2676d5b-8d53-4569-af2c-a55a0d90c132}
HKEY_CLASSES_ROOT\interface\{bd6f0855-7792-4131-a06f-aa2a991e0549}
HKEY_CLASSES_ROOT\interface\{cb6f59f9-fa69-4d14-9d96-4bb3190e3df5}
HKEY_CLASSES_ROOT\interface\{d7ba20a4-7049-416f-a7e4-97530442d62f}
HKEY_CLASSES_ROOT\interface\{dacb7a39-cc0d-4b85-908b-10d2451761a5}
HKEY_CLASSES_ROOT\interface\{f4043742-ac8d-4f86-88e9-f3fd3369dd8c}
HKEY_CLASSES_ROOT\interface\{f4900f66-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{f4900f68-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{f4900f69-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{f4900f6b-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{f4900f8c-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{f4900f95-055f-11d4-8f9b-00104ba312d6}
HKEY_CLASSES_ROOT\interface\{fdf3d1e0-2da2-4238-af4f-026670289749}
HKEY_CLASSES_ROOT\mime\database\content type\application /bonzi-mail-message
HKEY_CLASSES_ROOT\mime\database\content type\application/bonzi-mail-message
HKEY_CLASSES_ROOT\registrycontrol.regicon
HKEY_CLASSES_ROOT\registrycontrol.regicon\clsid
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{a28c2a31-3ab0-4118-922f-f6b3184f5495}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\shareddlls d:\windows\system32\bonzitapfilters.dll
HKEY_CLASSES_ROOT\typelib\{50a2c2b1-5a56-4183-b1d0-3f59877bad60}
HKEY_CLASSES_ROOT\typelib\{86e5d740-02eb-11d3-a464-0080c858f182}
HKEY_CLASSES_ROOT\typelib\{aab7faed-91f8-4591-8e4c-9291d2b7f381}
HKEY_CLASSES_ROOT\typelib\{f4900f5d-055f-11d4-8f9b-00104ba312d6}
HKEY_CURRENT_USER\software\vb and vba program settings bonzibuddy
HKEY_CURRENT_USER\software\vb and vba program settings\bonzibuddy
HKEY_LOCAL_MACHINE\software\bonzi software
HKEY_LOCAL_MACHINE\software\classes\mime\database\content type\application/bonzi-mail-message extension
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{a28c2a31-3ab0-4118-922f-f6b3184f5495}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run bonzi buddy
Můžeš tam mít jen jednu položku z nich a už to mwav hlásí. Ale není aktivní.
Pro Zipitpro jsou to tyhle soubory:
avpupd.exe-009f51bf.pf
c:\zipitpro\cabinet.dll
c:\zipitpro\gate.exe
c:\zipitpro\help\all_actions.htm
c:\zipitpro\help\index.htm
c:\zipitpro\help\index_menu.htm
c:\zipitpro\help\keyboard_layout.htm
c:\zipitpro\help\license.htm
c:\zipitpro\help\what_is_an_archive.htm
c:\zipitpro\help\what_is_zipitfast.htm
c:\zipitpro\help\zipitfast.htm
c:\zipitpro\irunin.ini
c:\zipitpro\skinz\default\skin.ini
c:\zipitpro\skinz\speeditup\skin.ini
c:\zipitpro\skinz\windowsxp\skin.ini
c:\zipitpro\thank.exe
c:\zipitpro\unace.dll
c:\zipitpro\unrar.dll
c:\zipitpro\zipitfast.exe
c:\zipitpro\zshellad.dll
c:\zipitpro\zshellex.dll
commonprograms+\zipitfast pro 3.0\history.lnk
commonprograms+\zipitfast pro 3.0\readme.txt.lnk
commonprograms+\zipitfast pro 3.0\zipitfast pro.lnk
desktopdir+\kill annoying popup ads.lnk
desktopdir+\zipitfast pro.lnk
ethereal.exe-1c148eef.pf
irsetup.exe-0de0091d.pf
iun6002.exe
mergecalic.exe-1c19a61e.pf
profilepath+\local settings\temp\irsetup.exe
profilepath+\local settings\temp\irsetup.ini
rundll32.exe-268bff96.pf
showbehind.exe-198e0a77.pf
thank.exe-15644fe3.pf
zipit3[1].exe-2c928677.pf
zipitpro.txt
Opět to bude jediný soubor. Takže až to najdeš smaž to a měl bys mít čistý komp.
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
U většiny z nich máš napsanou cestu - např:
c:\zipitpro\help\keyboard_layout.htm
a tam bys jej měl najít
programfilesdir+\bonzibuddy\msagent.exe - tohle by mělo být ve složce C:\ProgramFiles\Bonzibuddy
startupfolder = Nabídka Start \Programy
systemroot = C:\Windows
desktopdir = adresář Plocha - nebo plocha jako taková
profilepath = Složka Document And Settings
commonprograms = C:\ProgramFiles\CommonFiles
Na ostatní využij nabídku start - hledat
Registry vyhledávej přes Nabídku Stare - Spustit. Do okénka napiš regedit a dej OK. Potom můžeš pomocí CTRL+F vyhledat ty záznamy v registru a odmazat je. Ale jen ty hodnoty v pravém okně, tzn - v levém okně budeš mít strom s klíčem a v pravém hodnotu na smazání
Například pro klíč:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run bonzibuddy
bude v levém okně:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
v pravém okně bude:
bonzibuddy ......
a to smažeš.
Pokud si ale nejsi jistý, raději to nedělej. Nevhodným zásahem do registrů by sis mohl zcela zničit systém. Ty záznamy Mwavu už nejsou až tak škodlivé. Postačí, když se podíváš jen po těch souborech. Už jsem ti psal, že se jedná jen o dva nebo tři soubory nebo klíče, takže bych to klidně nechal být.
c:\zipitpro\help\keyboard_layout.htm
a tam bys jej měl najít
programfilesdir+\bonzibuddy\msagent.exe - tohle by mělo být ve složce C:\ProgramFiles\Bonzibuddy
startupfolder = Nabídka Start \Programy
systemroot = C:\Windows
desktopdir = adresář Plocha - nebo plocha jako taková
profilepath = Složka Document And Settings
commonprograms = C:\ProgramFiles\CommonFiles
Na ostatní využij nabídku start - hledat
Registry vyhledávej přes Nabídku Stare - Spustit. Do okénka napiš regedit a dej OK. Potom můžeš pomocí CTRL+F vyhledat ty záznamy v registru a odmazat je. Ale jen ty hodnoty v pravém okně, tzn - v levém okně budeš mít strom s klíčem a v pravém hodnotu na smazání
Například pro klíč:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run bonzibuddy
bude v levém okně:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
v pravém okně bude:
bonzibuddy ......
a to smažeš.
Pokud si ale nejsi jistý, raději to nedělej. Nevhodným zásahem do registrů by sis mohl zcela zničit systém. Ty záznamy Mwavu už nejsou až tak škodlivé. Postačí, když se podíváš jen po těch souborech. Už jsem ti psal, že se jedná jen o dva nebo tři soubory nebo klíče, takže bych to klidně nechal být.
Tak opravdu! Vsechny vyse zminovane soubory asi uz neexistuji!
Je mozne, ze si je killbox ulozil do nejake "karanteny"? Protoze mi je NOD32 (ktery mi sel jiz nainstalovat) nasel na miste zobrazenem na obrazku nize! Nevim jestli je mam dat lecit NOD32 (ktery to stejne asi nebude umet), abych nejak nenarusil praci killboxu! Nebo snad Kaspersky?
Je to normalni ze ty viry zustaly v seznamu programu po spusteni? viz nize
Jakym zpusobem odstrani killbox soubor kdyz dam mozost "Standart File Kill". A je mozno odstranit (mozna i s restartem) vice souboru najednou?
obrazek: http://img291.imageshack.us/my.php?image=infan0.jpg
Promin za tu smrst otazek...
Je mozne, ze si je killbox ulozil do nejake "karanteny"? Protoze mi je NOD32 (ktery mi sel jiz nainstalovat) nasel na miste zobrazenem na obrazku nize! Nevim jestli je mam dat lecit NOD32 (ktery to stejne asi nebude umet), abych nejak nenarusil praci killboxu! Nebo snad Kaspersky?
Je to normalni ze ty viry zustaly v seznamu programu po spusteni? viz nize
Jakym zpusobem odstrani killbox soubor kdyz dam mozost "Standart File Kill". A je mozno odstranit (mozna i s restartem) vice souboru najednou?
obrazek: http://img291.imageshack.us/my.php?image=infan0.jpg
Promin za tu smrst otazek...
-
mijaja
- Tvůrce článků
-
Level 6.5
- Příspěvky: 4136
- Registrován: září 05
- Bydliště: Zlín
- Pohlaví:
- Stav:
Offline
- Kontakt:
Tak po pořádku
To co je v karanténě Killboxu můžeš zlikvidovat i s ním a tím pádem ani NOD, ani v hledáčku už se to nebude hlásit. Jen potom vysyp koš, aby to tam ještě někde nefigurovalo.
V tom msconfigu zruš ty zatržítka u těch tří souborů. Systém je při startu hledá a to by nemusel. A zruš i ten NeroCkeck.exe. To je zbytečnost.
Z těch souborů nebo klíčů jsi něco našel?
To co je v karanténě Killboxu můžeš zlikvidovat i s ním a tím pádem ani NOD, ani v hledáčku už se to nebude hlásit. Jen potom vysyp koš, aby to tam ještě někde nefigurovalo.
V tom msconfigu zruš ty zatržítka u těch tří souborů. Systém je při startu hledá a to by nemusel. A zruš i ten NeroCkeck.exe. To je zbytečnost.
Z těch souborů nebo klíčů jsi něco našel?
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů