Nejde odstranit vir pomocí NOD32

rezab · Příspěvekod **rezab** » 06 zář 2006 12:13

nod mi několoikrát za den hlásí vir,našel jsem zde podobné téma ale soubor který bych měl smazat ne,Prosím o pomoc.Dík.

Logfile of HijackThis v1.99.1
Scan saved at 12:11:41, on 6.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\lada\Plocha\hj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O2 - BHO: (no name) - {365A4F43-2BBD-4A28-932F-0B049C41FDF3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout položku pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout všechny položky pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9135846411
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0947438296
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

/přesunuto + změna nadpisu
/mikel

Reklama

Příspěvekod **mikel** » 06 zář 2006 12:24

Takže fixni v Hijacku:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O2 - BHO: (no name) - {365A4F43-2BBD-4A28-932F-0B049C41FDF3} - (no file)
O3 - Toolbar: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} -
O20 - Winlogon Notify: winzwr32 - C:\WINDOWS\SYSTEM32\winzwr32.dll

Ten červený soubor je trojan! Vypni Obnovení systému v (Tento počítač/Vlastnosti) a zapni si zobrazování skrytých souborů. Pak ho najdi na disku a smaž. Pomocí CCleaneru vyčisti disk a restartuj.
Dej sem nový log a pro jistotu udělej ještě log z MWAV.

rezab · Příspěvekod **rezab** » 06 zář 2006 13:14

fixnul jsem ho a přesto nejde smazat. A po chvilce je tam zpět.

Logfile of HijackThis v1.99.1
Scan saved at 13:06:07, on 6.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lada\Plocha\hj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout položku pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout všechny položky pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9135846411
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0947438296
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Baron Prášil · Příspěvekod **Baron Prášil** » 06 zář 2006 13:53

log je ok

nainstaluj firewall
http://viry.cz/forum/viewtopic.php?t=6523&sid=b27266dd4215bd5df55a2fb226c523ee

a udělej ten MWAV

Luboš · Příspěvekod **Luboš** » 06 zář 2006 14:01

Zkus ho odstranit jiným antivirovým nebo antispywarovým programem. Zkus Ewido Antispyware nebo Trend Micro antivirus stránky.

Příspěvekod **mikel** » 06 zář 2006 16:29

rezab píše:fixnul jsem ho a přesto nejde smazat. A po chvilce je tam zpět.

Zkus to teda v nouzovém režimu - klávesa F8 při bootování, vybrat Stav nouze.

rezab · Příspěvekod **rezab** » 06 zář 2006 17:08

Ani v nouzovým to nejde smazat C:\WINDOWS\system32\winzwr32.dll
:evil:

Logfile of HijackThis v1.99.1
Scan saved at 17:00:34, on 6.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lada\Plocha\hj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout položku pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout všechny položky pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

Wed Sep 06 17:01:24 2006 => **********************************************************
Wed Sep 06 17:01:24 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Wed Sep 06 17:01:24 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Wed Sep 06 17:01:24 2006 => **********************************************************
Wed Sep 06 17:01:24 2006 => Source: C:\DOCUME~1\lada\Plocha\STAHOV~1\mwav.exe
Wed Sep 06 17:01:24 2006 => Version 8.5.2 (C:\DOCUME~1\lada\LOCALS~1\Temp\mexe.com)
Wed Sep 06 17:01:24 2006 => Log File: C:\DOCUME~1\lada\LOCALS~1\Temp\MWAV.LOG
Wed Sep 06 17:01:24 2006 => Last Scan Date and Time: 06.09.2006 16:47:18
Wed Sep 06 17:01:24 2006 => MWAV Registered: FALSE.
Wed Sep 06 17:01:24 2006 => User Account: lada
Wed Sep 06 17:01:24 2006 => OS Type: Windows Workstation
Wed Sep 06 17:01:24 2006 => OS: Windows XP
Wed Sep 06 17:01:24 2006 => Ver: Service Pack 2 (Build 2600)
Wed Sep 06 17:01:24 2006 => Windows Root Folder: C:\WINDOWS
Wed Sep 06 17:01:24 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Wed Sep 06 17:01:24 2006 => Local Fixed Drives: c:\
Wed Sep 06 17:01:24 2006 => MWAV Mode: Only Scan files.

Wed Sep 06 17:01:30 2006 => **********************************************************
Wed Sep 06 17:01:30 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Wed Sep 06 17:01:30 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Wed Sep 06 17:01:30 2006 =>
Wed Sep 06 17:01:30 2006 => Support: support@mwti.net
Wed Sep 06 17:01:30 2006 => Web: http://www.mwti.net
Wed Sep 06 17:01:30 2006 => **********************************************************
Wed Sep 06 17:01:30 2006 => Version 8.5.2 (C:\DOCUME~1\lada\LOCALS~1\Temp\mexe.com)
Wed Sep 06 17:01:30 2006 => Log File: C:\DOCUME~1\lada\LOCALS~1\Temp\MWAV.LOG
Wed Sep 06 17:01:30 2006 => User Account: lada
Wed Sep 06 17:01:30 2006 => Windows Root Folder: C:\WINDOWS
Wed Sep 06 17:01:30 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Wed Sep 06 17:01:30 2006 => OS: Windows XP
Wed Sep 06 17:01:30 2006 => Ver: Service Pack 2 (Build 2600)
Wed Sep 06 17:01:31 2006 => Latest Date of files inside MWAV: 05 Sep 2006 09:21:04.

Wed Sep 06 17:01:31 2006 => Options Selected by User:
Wed Sep 06 17:01:31 2006 => Memory Check: Enabled
Wed Sep 06 17:01:31 2006 => Registry Check: Enabled
Wed Sep 06 17:01:31 2006 => StartUp Folder Check: Enabled
Wed Sep 06 17:01:31 2006 => System Folder Check: Enabled
Wed Sep 06 17:01:31 2006 => System Area Check: Disabled
Wed Sep 06 17:01:31 2006 => Services Check: Enabled
Wed Sep 06 17:01:31 2006 => Drive Check Option Disabled
Wed Sep 06 17:01:31 2006 => Folder Check: Disabled

Wed Sep 06 17:01:32 2006 => ***** Scanning Memory Files *****
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\System32\smss.exe
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\system32\ntdll.dll
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\system32\basesrv.dll
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\system32\winsrv.dll
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\system32\GDI32.dll
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\system32\USER32.dll
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\system32\sxs.dll
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Wed Sep 06 17:01:32 2006 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\VERSION.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\USERENV.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\Secur32.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Wed Sep 06 17:01:33 2006 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\ODBC32.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\odbcint.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\sfc.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\ole32.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\WINSCARD.DLL
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\uxtheme.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\WINMM.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\Ati2evxx.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\rsaenh.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\cscdll.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Wed Sep 06 17:01:34 2006 => Scanning File C:\WINDOWS\system32\MPR.dll
Wed Sep 06 17:01:35 2006 => Scanning File C:\WINDOWS\system32\WgaLogon.dll
Wed Sep 06 17:01:35 2006 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Wed Sep 06 17:01:35 2006 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Wed Sep 06 17:01:35 2006 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Wed Sep 06 17:01:35 2006 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Wed Sep 06 17:01:35 2006 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Wed Sep 06 17:01:35 2006 => Scanning File C:\WINDOWS\system32\COMRes.dll
Wed Sep 06 17:01:35 2006 => Scanning File C:\WINDOWS\system32\WINHTTP.dll
Wed Sep 06 17:01:35 2006 => Scanning File C:\WINDOWS\system32\winzwr32.dll
Wed Sep 06 17:01:36 2006 => File C:\WINDOWS\system32\winzwr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.

Wed Sep 06 17:01:36 2006 => Scanning File C:\WINDOWS\system32\RASAPI32.dll
Wed Sep 06 17:01:36 2006 => Scanning File C:\WINDOWS\system32\rasman.dll
Wed Sep 06 17:01:36 2006 => Scanning File C:\WINDOWS\system32\TAPI32.dll
Wed Sep 06 17:01:36 2006 => Scanning File C:\WINDOWS\system32\rtutils.dll
Wed Sep 06 17:01:36 2006 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Wed Sep 06 17:01:36 2006 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Wed Sep 06 17:01:36 2006 => Scanning File C:\WINDOWS\system32\cscui.dll
Wed Sep 06 17:01:36 2006 => Scanning File C:\WINDOWS\system32\xpsp2res.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\wdmaud.drv
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\msacm32.drv
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\midimap.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\services.exe
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\ShimEng.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\eventlog.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\lsass.exe
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\msprivs.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\kerberos.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\netlogon.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\w32time.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\schannel.dll
Wed Sep 06 17:01:37 2006 => Scanning File C:\WINDOWS\system32\wdigest.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\scecli.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\ipsecsvc.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\oakley.DLL
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\WINIPSEC.DLL
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\imon.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\WSOCK32.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\PROGRA~1\Eset\pr_imon.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\mswsock.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\hnetcfg.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\pstorsvc.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\psbase.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\dssenh.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\Ati2evxx.exe
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\Ati2edxx.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Sep 06 17:01:38 2006 => Scanning File c:\windows\system32\rpcss.dll
Wed Sep 06 17:01:38 2006 => Scanning File c:\windows\system32\termsrv.dll
Wed Sep 06 17:01:38 2006 => Scanning File c:\windows\system32\ICAAPI.dll
Wed Sep 06 17:01:38 2006 => Scanning File c:\windows\system32\mstlsapi.dll
Wed Sep 06 17:01:38 2006 => Scanning File c:\windows\system32\ACTIVEDS.dll
Wed Sep 06 17:01:38 2006 => Scanning File c:\windows\system32\adsldpc.dll
Wed Sep 06 17:01:38 2006 => Scanning File c:\windows\system32\ATL.DLL
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\System32\winrnr.dll
Wed Sep 06 17:01:38 2006 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\dhcpcsvc.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\wzcsvc.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\WMI.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\ESENT.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\irmon.dll
Wed Sep 06 17:01:39 2006 => Scanning File C:\WINDOWS\System32\rastls.dll
Wed Sep 06 17:01:39 2006 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll
Wed Sep 06 17:01:39 2006 => Scanning File C:\WINDOWS\system32\WININET.dll
Wed Sep 06 17:01:39 2006 => Scanning File C:\WINDOWS\System32\MPRAPI.dll
Wed Sep 06 17:01:39 2006 => Scanning File C:\WINDOWS\System32\raschap.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\schedsvc.dll
Wed Sep 06 17:01:39 2006 => Scanning File C:\WINDOWS\System32\MSIDLE.DLL
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\audiosrv.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\wkssvc.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\qmgr.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\SHFOLDER.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\cryptsvc.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\certcli.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\dmserver.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\ersvc.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\es.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\srvsvc.dll
Wed Sep 06 17:01:39 2006 => Scanning File c:\windows\system32\netman.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\netshell.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\credui.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\WZCSAPI.DLL
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\seclogon.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\sens.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\srsvc.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\POWRPROF.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\trkwks.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Wed Sep 06 17:01:40 2006 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\wuauserv.dll
Wed Sep 06 17:01:40 2006 => Scanning File C:\WINDOWS\system32\wuaueng.dll
Wed Sep 06 17:01:40 2006 => Scanning File C:\WINDOWS\System32\ADVPACK.dll
Wed Sep 06 17:01:40 2006 => Scanning File C:\WINDOWS\System32\Cabinet.dll
Wed Sep 06 17:01:40 2006 => Scanning File C:\WINDOWS\System32\mspatcha.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\browser.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\wscsvc.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\msi.dll
Wed Sep 06 17:01:40 2006 => Scanning File C:\WINDOWS\System32\wbem\wbemcomn.dll
Wed Sep 06 17:01:40 2006 => Scanning File c:\windows\system32\ipnathlp.dll
Wed Sep 06 17:01:40 2006 => Scanning File C:\WINDOWS\system32\comsvcs.dll
Wed Sep 06 17:01:40 2006 => Scanning File C:\WINDOWS\system32\colbact.DLL
Wed Sep 06 17:01:40 2006 => Scanning File C:\WINDOWS\system32\MTXCLU.DLL
Wed Sep 06 17:01:40 2006 => Scanning File C:\WINDOWS\System32\CLUSAPI.DLL
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\RESUTILS.DLL
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\Wbem\wbemcore.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\Wbem\esscli.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\Wbem\FastProx.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\wbem\wbemsvc.dll
Wed Sep 06 17:01:41 2006 => Scanning File c:\windows\system32\tapisrv.dll
Wed Sep 06 17:01:41 2006 => Scanning File c:\windows\system32\rasmans.dll
Wed Sep 06 17:01:41 2006 => Scanning File c:\windows\system32\netcfgx.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\upnp.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\SSDPAPI.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\rastapi.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\unimdm.tsp
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\uniplat.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\kmddsp.tsp
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\ndptsp.tsp
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\ipconf.tsp
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\h323.tsp
Wed Sep 06 17:01:41 2006 => Scanning File C:\WINDOWS\System32\hidphone.tsp
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\System32\HID.DLL
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\System32\rasppp.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\System32\ntlsapi.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\System32\RASDLG.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\System32\wups.dll
Wed Sep 06 17:01:42 2006 => Scanning File c:\windows\system32\dnsrslvr.dll
Wed Sep 06 17:01:42 2006 => Scanning File c:\windows\system32\lmhsvc.dll
Wed Sep 06 17:01:42 2006 => Scanning File c:\windows\system32\webclnt.dll
Wed Sep 06 17:01:42 2006 => Scanning File c:\windows\system32\regsvc.dll
Wed Sep 06 17:01:42 2006 => Scanning File c:\windows\system32\ssdpsrv.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\system32\MSCTF.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\Explorer.EXE
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\System32\themeui.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\System32\MSIMG32.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\PROGRA~1\WINDOW~2\wmpband.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\System32\msutb.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\system32\LINKINFO.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\system32\urlmon.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\system32\MLANG.dll
Wed Sep 06 17:01:42 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\System32\stobject.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\System32\BatMeter.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\System32\drprov.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\System32\NETRAP.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\System32\davclnt.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\system32\browselc.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.DLL
Wed Sep 06 17:01:43 2006 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\system32\olepro32.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\PROGRA~1\Java\JRE15~1.0_0\bin\ssv.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\PROGRA~1\FlashGet\jccatch.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\system32\DUSER.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\PROGRA~1\MICROS~2\OFFICE11\msohev.dll
Wed Sep 06 17:01:43 2006 => Scanning File C:\WINDOWS\system32\shdoclc.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\SPOOLSS.DLL
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\localspl.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\cnbjmon.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\CNMLM3w.DLL
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\mdimon.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\pjlmon.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\tcpmon.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\usbmon.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD3w.DLL
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\win32spl.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\inetpp.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atiptaxx.exe
Wed Sep 06 17:01:44 2006 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atipdsxx.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\ATRPUIXX.CSY
Wed Sep 06 17:01:44 2006 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atipdxxx.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\WINDOWS\system32\DINPUT8.dll
Wed Sep 06 17:01:44 2006 => Scanning File C:\PROGRA~1\Eset\nod32kui.exe
Wed Sep 06 17:01:45 2006 => Scanning File C:\WINDOWS\system32\MFC42u.DLL
Wed Sep 06 17:01:45 2006 => Scanning File C:\WINDOWS\system32\MFC42LOC.DLL
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\nod32rui.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\pu_amon.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\pr_amon.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\pu_dmon.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\pr_dmon.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\pu_emon.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\pr_emon.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\pu_imon.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\pu_nod32.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\pr_nod32.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\pu_upd.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Eset\pr_upd.dll
Wed Sep 06 17:01:45 2006 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Wed Sep 06 17:01:45 2006 => Scanning File C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
Wed Sep 06 17:01:46 2006 => Scanning File C:\WINDOWS\system32\RICHED32.DLL
Wed Sep 06 17:01:46 2006 => Scanning File C:\WINDOWS\system32\RICHED20.dll
Wed Sep 06 17:01:46 2006 => Scanning File C:\PROGRA~1\Eset\nod32krn.exe
Wed Sep 06 17:01:46 2006 => Scanning File C:\PROGRA~1\Eset\nod32krr.dll
Wed Sep 06 17:01:46 2006 => Scanning File C:\PROGRA~1\Eset\ps_amon.dll
Wed Sep 06 17:01:46 2006 => Scanning File C:\PROGRA~1\Eset\ps_dmon.dll
Wed Sep 06 17:01:46 2006 => Scanning File C:\PROGRA~1\Eset\ps_emon.dll
Wed Sep 06 17:01:46 2006 => Scanning File C:\PROGRA~1\Eset\ps_nod32.dll
Wed Sep 06 17:01:46 2006 => Scanning File C:\PROGRA~1\Eset\ps_upd.dll
Wed Sep 06 17:01:46 2006 => Scanning File C:\WINDOWS\System32\wbem\wbemprox.dll
Wed Sep 06 17:01:46 2006 => Scanning File C:\WINDOWS\system32\wdfmgr.exe
Wed Sep 06 17:01:46 2006 => Scanning File C:\WINDOWS\System32\alg.exe
Wed Sep 06 17:01:46 2006 => Scanning File C:\PROGRA~1\MOZILL~1\firefox.exe
Wed Sep 06 17:01:48 2006 => Scanning File C:\PROGRA~1\MOZILL~1\js3250.dll
Wed Sep 06 17:01:48 2006 => Scanning File C:\PROGRA~1\MOZILL~1\nspr4.dll
Wed Sep 06 17:01:48 2006 => Scanning File C:\PROGRA~1\MOZILL~1\XPCOM_~1.DLL
Wed Sep 06 17:01:48 2006 => Scanning File C:\PROGRA~1\MOZILL~1\plc4.dll
Wed Sep 06 17:01:48 2006 => Scanning File C:\PROGRA~1\MOZILL~1\plds4.dll
Wed Sep 06 17:01:48 2006 => Scanning File C:\PROGRA~1\MOZILL~1\smime3.dll
Wed Sep 06 17:01:49 2006 => Scanning File C:\PROGRA~1\MOZILL~1\nss3.dll
Wed Sep 06 17:01:49 2006 => Scanning File C:\PROGRA~1\MOZILL~1\softokn3.dll
Wed Sep 06 17:01:49 2006 => Scanning File C:\PROGRA~1\MOZILL~1\ssl3.dll
Wed Sep 06 17:01:49 2006 => Scanning File C:\PROGRA~1\MOZILL~1\XPCOM_~2.DLL
Wed Sep 06 17:01:49 2006 => Scanning File C:\PROGRA~1\MOZILL~1\COMPON~1\jar50.dll
Wed Sep 06 17:01:49 2006 => Scanning File C:\PROGRA~1\MOZILL~1\EXTENS~1\TALKBA~1.ORG\COMPON~1\QFASER~1.DLL
Wed Sep 06 17:01:49 2006 => Scanning File C:\PROGRA~1\MOZILL~1\EXTENS~1\TALKBA~1.ORG\COMPON~1\FULLSOFT.DLL
Wed Sep 06 17:01:49 2006 => Scanning File C:\WINDOWS\System32\msimtf.dll
Wed Sep 06 17:01:49 2006 => Scanning File C:\WINDOWS\system32\IMM32.DLL
Wed Sep 06 17:01:49 2006 => Scanning File C:\PROGRA~1\MOZILL~1\nssckbi.dll
Wed Sep 06 17:01:49 2006 => Scanning File C:\WINDOWS\system32\sensapi.dll
Wed Sep 06 17:01:49 2006 => Scanning File C:\DOCUME~1\lada\LOCALS~1\Temp\mexe.com
Wed Sep 06 17:01:50 2006 => Scanning File C:\DOCUME~1\lada\LOCALS~1\Temp\msvlclnt.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\DOCUME~1\lada\LOCALS~1\Temp\kavssdi.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\DOCUME~1\lada\LOCALS~1\Temp\kavssd.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\DOCUME~1\lada\LOCALS~1\Temp\kavssi.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\DOCUME~1\lada\LOCALS~1\Temp\ipc.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\DOCUME~1\lada\LOCALS~1\Temp\PSAPI.DLL
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\VDMDBG.DLL
Wed Sep 06 17:01:50 2006 => Scanning File C:\DOCUME~1\lada\LOCALS~1\Temp\kavss.exe
Wed Sep 06 17:01:50 2006 => Scanning File C:\DOCUME~1\lada\LOCALS~1\Temp\kavss.dll

Wed Sep 06 17:01:50 2006 => ***** Scanning Registry Files *****

Wed Sep 06 17:01:50 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Wed Sep 06 17:01:50 2006 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8259 kb > 3072 kb...
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Wed Sep 06 17:01:50 2006 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8259 kb > 3072 kb...
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\System32\stobject.dll

Wed Sep 06 17:01:50 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Wed Sep 06 17:01:50 2006 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Wed Sep 06 17:01:50 2006 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Wed Sep 06 17:01:50 2006 => Scanning File C:\PROGRA~1\ICQTOO~1\toolbaru.dll

Wed Sep 06 17:01:50 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Wed Sep 06 17:01:50 2006 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.DLL
Wed Sep 06 17:01:50 2006 => {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Wed Sep 06 17:01:50 2006 => {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\PROGRA~1\Java\JRE15~1.0_0\bin\ssv.dll
Wed Sep 06 17:01:50 2006 => {A5366673-E8CA-11D3-9CD9-0090271D075B} = C:\PROGRA~1\FlashGet\jccatch.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\PROGRA~1\FlashGet\jccatch.dll

Wed Sep 06 17:01:50 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\System32\browseui.dll

Wed Sep 06 17:01:50 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\mmsys.cpl
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\icmui.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\rshx32.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\docprop.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\System32\themeui.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\deskadp.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\deskmon.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\dssec.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\SlayerXP.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\shscrap.dll
Wed Sep 06 17:01:50 2006 => Scanning File C:\WINDOWS\system32\diskcopy.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\ntlanui2.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\icmui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\icmui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\printui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\dskquoui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\syncui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\hticons.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\fontext.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\icmui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\rshx32.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\deskperf.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\cryptext.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\cryptext.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\wiashext.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\wiashext.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\wiashext.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\wiashext.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\wiashext.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\remotepg.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\wuaucpl.cpl
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\wshext.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\PROGRA~1\COMMON~1\System\OLEDB~1\oledb32.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\mstask.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\mstask.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\mstask.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shmedia.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\browseui.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\sendmail.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\sendmail.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\occache.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Sep 06 17:01:51 2006 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\msieftp.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\docprop2.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\dsquery.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\dsquery.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\dsquery.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\dsquery.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\mydocs.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\mydocs.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\mydocs.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\cscui.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\cscui.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\cscui.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\msagent\agentpsh.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\dfsshlex.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\photowiz.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\mmcshext.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\cabview.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\PROGRA~1\OUTLOO~1\wabfind.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\twext.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\twext.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\System32\extmgr.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\Audiodev.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\Audiodev.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\PROGRA~1\TUNEUP~1\sdshelex.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\mscoree.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\dfshim.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\WINDOWS\system32\dfshim.dll
Wed Sep 06 17:01:52 2006 => Scanning File C:\PROGRA~1\ICQLite\ICQLIT~1.DLL
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\browseui.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\PROGRA~1\WinRAR\rarext.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\cdfview.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\cdfview.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\cdfview.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\cdfview.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\cdfview.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\PROGRA~1\MICROS~2\OFFICE11\msohev.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Wed Sep 06 17:01:53 2006 => Scanning File C:\PROGRA~1\Eset\nodshex.dll

Wed Sep 06 17:01:53 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Wed Sep 06 17:01:53 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\Explorer.exe
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\userinit.exe
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\gptext.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\fdeploy.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\dskquota.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\gptext.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\gptext.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\iedkcs32.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\scecli.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\iedkcs32.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\scecli.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\appmgmts.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\gptext.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\Ati2evxx.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\crypt32.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\cryptnet.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\cscdll.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\sclgntfy.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\WgaLogon.dll
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\winzwr32.dll
Wed Sep 06 17:01:53 2006 => File C:\WINDOWS\system32\winzwr32.dll infected by "Packed.Win32.Klone.g" Virus! Action Taken: No Action Taken.

Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\wlnotify.dll

Wed Sep 06 17:01:53 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Wed Sep 06 17:01:53 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Wed Sep 06 17:01:53 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Wed Sep 06 17:01:53 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\drwtsn32.exe

Wed Sep 06 17:01:53 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\system32\ntsd.exe

Wed Sep 06 17:01:53 2006 => Scanning HKCU\Control Panel\Desktop
Wed Sep 06 17:01:53 2006 => Scanning File C:\WINDOWS\System32\hcplzen.scr

Wed Sep 06 17:01:54 2006 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\ntvdm.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\ntvdm.exe

Wed Sep 06 17:01:54 2006 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\inf\unregmp2.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\RunDLL32.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\rundll32.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\rundll32.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\rundll32.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\ie4uinit.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\Rundll32.exe

Wed Sep 06 17:01:54 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Wed Sep 06 17:01:54 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Wed Sep 06 17:01:54 2006 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run

Wed Sep 06 17:01:54 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run

Wed Sep 06 17:01:54 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Sep 06 17:01:54 2006 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atiptaxx.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\PROGRA~1\D-Tools\daemon.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\PROGRA~1\Eset\nod32kui.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\PROGRA~1\ICQLite\ICQLite.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe

Wed Sep 06 17:01:54 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Sep 06 17:01:54 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Wed Sep 06 17:01:54 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Wed Sep 06 17:01:54 2006 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Wed Sep 06 17:01:54 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Sep 06 17:01:54 2006 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Wed Sep 06 17:01:54 2006 => Scanning File C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe

Wed Sep 06 17:01:55 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Sep 06 17:01:55 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Wed Sep 06 17:01:55 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Wed Sep 06 17:01:55 2006 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup

Wed Sep 06 17:01:55 2006 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Sep 06 17:01:55 2006 => Scanning File C:\WINDOWS\System32\CTFMON.EXE

Wed Sep 06 17:01:55 2006 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Sep 06 17:01:55 2006 => Scanning HKCR\txtfile\shell\open\command

Wed Sep 06 17:01:55 2006 => Scanning HKCR\comfile\shell\open\command

Wed Sep 06 17:01:55 2006 => Scanning HKCR\exefile\shell\open\command

Wed Sep 06 17:01:55 2006 => Scanning HKCR\dllfile\shell\open\command

Wed Sep 06 17:01:55 2006 => Scanning HKCR\batfile\shell\open\command

Wed Sep 06 17:01:55 2006 => Scanning HKCR\piffile\shell\open\command

Wed Sep 06 17:01:55 2006 => Scanning HKCR\scrfile\shell\open\command

Wed Sep 06 17:01:55 2006 => Scanning HKCR\scrfile\shell\config\command

Wed Sep 06 17:01:55 2006 => Scanning HKCR\regfile\shell\open\command

Wed Sep 06 17:01:55 2006 => Scanning HKCR\htmlfile\shell\open\command
Wed Sep 06 17:01:55 2006 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe

Wed Sep 06 17:01:55 2006 => Scanning HKCR\htafile\shell\open\command
Wed Sep 06 17:01:55 2006 => Scanning File C:\WINDOWS\System32\mshta.exe

Wed Sep 06 17:01:55 2006 => Scanning HKCR\jsfile\shell\open\command
Wed Sep 06 17:01:55 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Sep 06 17:01:55 2006 => Scanning HKCR\jsefile\shell\open\command
Wed Sep 06 17:01:55 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Sep 06 17:01:55 2006 => Scanning HKCR\vbsfile\shell\open\command
Wed Sep 06 17:01:55 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Sep 06 17:01:55 2006 => Scanning HKCR\vbefile\shell\open\command
Wed Sep 06 17:01:55 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Sep 06 17:01:55 2006 => Scanning HKCR\wshfile\shell\open\command
Wed Sep 06 17:01:55 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Sep 06 17:01:55 2006 => Scanning HKCR\wsffile\shell\open\command
Wed Sep 06 17:01:55 2006 => Scanning File C:\WINDOWS\System32\WScript.exe

Wed Sep 06 17:01:55 2006 => ***** Scanning StartUp Folders *****

Wed Sep 06 17:01:55 2006 => ***** Scanning C:\Documents and Settings\lada\Nabídka Start\Programy\Po spuštění Folder *****
Wed Sep 06 17:01:55 2006 => Scanning Folder: C:\Documents and Settings\lada\Nabídka Start\Programy\Po spuštění\*.*
Wed Sep 06 17:01:55 2006 => Scanning File C:\Documents and Settings\lada\Nabídka Start\Programy\Po spuštění\desktop.ini [**]

Wed Sep 06 17:03:08 2006 => ***** Scanning C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění Folder *****
Wed Sep 06 17:03:08 2006 => Scanning Folder: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\*.*
Wed Sep 06 17:03:08 2006 => Scanning File C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\desktop.ini [**]

Wed Sep 06 17:03:08 2006 => ***** Scanning Service Files *****
Wed Sep 06 17:03:08 2006 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
Wed Sep 06 17:03:08 2006 => Scanning File C:\PROGRA~1\COMMON~1\ADOBES~1\Service\ADOBEL~1.EXE
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\System32\alg.exe
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\amdk7.sys
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\AMON.SYS
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
Wed Sep 06 17:03:08 2006 => Scanning File C:\WINDOWS\system32\Ati2evxx.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\ati2sgag.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\cisvc.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\System32\dllhost.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\d347bus.sys
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\Drivers\d347prt.sys
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:09 2006 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\services.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\fdc.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\fetnd5.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriverT.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\Drivers\ifpusb.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\imapi.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\System32\imapi.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\irda.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:10 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\MA-620.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\System32\msdtc.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\System32\msiexec.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\netdde.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\netdde.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\System32\lsass.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\PROGRA~1\Eset\nod32krn.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\System32\lsass.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\services.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\System32\lsass.exe
Wed Sep 06 17:03:11 2006 => Scanning File C:\WINDOWS\system32\DRIVERS\ra

sakiri · Příspěvekod **sakiri** » 06 zář 2006 17:58

jen tak četl jsi návod

ale teď k věci:
stáhni si Killbox a spusť jej
do volného řádku zkopíruj tenhle tučnej text:
C:\WINDOWS\system32\winzwr32.dll

a zaškrtni Delete on Reboot a Unregister .dll Before Deleting

restartuje se ti Pc a pak řekni jestli to pomohlo

rezab · Příspěvekod **rezab** » 06 zář 2006 18:15

Jo vypadá to že jo.Dík moc.

Logfile of HijackThis v1.99.1
Scan saved at 18:13:35, on 6.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lada\Plocha\hj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout položku pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout všechny položky pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

rezab · Příspěvekod **rezab** » 06 zář 2006 19:08

Pomocí Killboxu odstraněno.Dík všem.

sakiri · Příspěvekod **sakiri** » 06 zář 2006 19:18

log není celý
ale hlavní je že ten šmejd je pryč

Příspěvekod **mikel** » 06 zář 2006 19:41

Přesně tak. Tento log z MWAV nejde zkontrolovat. Přečti si ten návod ještě jednou a dej ho sem správně.

Nejde odstranit vir pomocí NOD32

Nejde odstranit vir pomocí NOD32

Kdo je online