Trojan-gen a Win 32: backdoor

Sekce věnovaná virům a jiným škodlivým kódům, rovněž ale nástrojům, kterým se lze proti nim bránit…

Moderátoři: Mods_senior, Security team

Odpovědět
hlustvisihak
nováček
Příspěvky: 4
Registrován: listopad 06
Pohlaví: Nespecifikováno
Stav:
Offline

Trojan-gen a Win 32: backdoor

Příspěvekod hlustvisihak » 25 lis 2006 23:47

AHoj

mám problém s virem Win32:Trojan-gen co mi hlásí Avast. Nemůžu se ho zbacit, vždycky po připojení na net se mi do počítače znova stáhne soubor mal.exe a mal[1].exe a zátěž procesoru a outstream vyběhne na maximum a po chvíli dojde k resetu. Zároveň mi teď mwav hlásí vir Backdoor.Win32.SdBot.aad. Vůbec nevím co s tím. Házím se m log z HijackThis a MWAVu


Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 23:40:26, on 25.11.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Tsubaru\Plocha\Moje\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Generic Host Process for Win32 Service - Unknown owner - C:\WINNT\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



MWAV:

Sat Nov 25 23:04:35 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sat Nov 25 23:04:57 2006 => ERROR!!! Invalid Entry Rahananis = ebouhibep.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Sat Nov 25 23:09:56 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sat Nov 25 23:10:28 2006 => ERROR!!! Invalid Entry Rahananis = ebouhibep.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Sat Nov 25 23:23:58 2006 => File C:\Documents and Settings\Tsubaru\Plocha\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Sat Nov 25 23:24:14 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sat Nov 25 23:24:26 2006 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
Sat Nov 25 23:24:26 2006 => System found infected with mybar Spyware/Adware ({0494d0d1-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with emedia codec Browser Hijacker ({6bf52a52-394a-11d3-b153-00c04f79faa6})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with emedia codec Browser Hijacker ({6bf52a52-394a-11d3-b153-00c04f79faa6})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with myway Spyware/Adware ({0494d0d4-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sat Nov 25 23:24:29 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\p2p networking !!!
Sat Nov 25 23:24:29 2006 => Object "p2p networking Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:29 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\st6unst #1 !!!
Sat Nov 25 23:24:29 2006 => Object "spyware.screenview Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:30 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\st6unst #1 !!!
Sat Nov 25 23:24:30 2006 => Object "spyware.screenview Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 25 23:24:30 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:30 2006 => Offending Key found: HKLM\Software\magnet !!!
Sat Nov 25 23:24:30 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:30 2006 => Offending Key found: HKLM\Software\myway !!!
Sat Nov 25 23:24:30 2006 => Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:30 2006 => Offending Key found: HKLM\Software\perfectnav !!!
Sat Nov 25 23:24:30 2006 => Object "perfectnav Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:30 2006 => Offending Key found: HKCU\Software\kazaa !!!
Sat Nov 25 23:24:30 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 25 23:24:30 2006 => Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 25 23:24:30 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 25 23:24:31 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 25 23:24:32 2006 => Offending Key found: HKLM\System\ControlSet001\Services\EventLog\Application\iexplore !!!
Sat Nov 25 23:24:32 2006 => Object "searchseekfind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:32 2006 => Offending Key found: HKLM\System\ControlSet002\Services\EventLog\Application\iexplore !!!
Sat Nov 25 23:24:32 2006 => Object "searchseekfind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:33 2006 => Offending file found: C:\WINNT\gpinstall.exe
Sat Nov 25 23:24:33 2006 => System found infected with conducent flexpak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.

Sat Nov 25 23:24:33 2006 => Offending file found: C:\WINNT\smdat32a.sys
Sat Nov 25 23:24:33 2006 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.

Sat Nov 25 23:24:34 2006 => Offending Folder found: C:\Program Files\myway
Sat Nov 25 23:24:34 2006 => Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:39 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\programy\limewire\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\programy\bitcomet\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\programy\rivatuner v2.0 rc 15.8\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\programy\mv2player\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\Programy\limewire\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\Programy\bitcomet\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\Programy\rivatuner v2.0 rc 15.8\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:41 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\Programy\mv2player\uninstall.lnk
Sat Nov 25 23:24:41 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:42 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\programy\video\ac3filter\uninstall.lnk
Sat Nov 25 23:24:42 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:42 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\programy\video\ffdshow\uninstall.lnk
Sat Nov 25 23:24:42 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:43 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\programy\mediakey\uninstall.lnk
Sat Nov 25 23:24:43 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:43 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\programy\trust\trust wb-1200p mini webcam\uninstall.lnk
Sat Nov 25 23:24:43 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:43 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\programy\arcsoft videoimpression 1.6\uninstall.lnk
Sat Nov 25 23:24:43 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:43 2006 => Offending Folder found: C:\Documents and Settings\All Users\Data aplikací\cyberlink\powerdvd\ipower\images\hd
Sat Nov 25 23:24:43 2006 => Object "wareout Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:43 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\video\ac3filter\uninstall.lnk
Sat Nov 25 23:24:43 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:44 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\video\ffdshow\uninstall.lnk
Sat Nov 25 23:24:44 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:44 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\mediakey\uninstall.lnk
Sat Nov 25 23:24:44 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:44 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\trust\trust wb-1200p mini webcam\uninstall.lnk
Sat Nov 25 23:24:44 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:44 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\arcsoft videoimpression 1.6\uninstall.lnk
Sat Nov 25 23:24:44 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:46 2006 => Offending file found: C:\WINNT\svchost.exe
Sat Nov 25 23:24:46 2006 => System found infected with cws.smartsearch Browser Hijacker (C:\WINNT\svchost.exe)! Action taken: No Action Taken.

Sat Nov 25 23:24:46 2006 => Offending file found: C:\WINNT\setup1.exe
Sat Nov 25 23:24:46 2006 => System found infected with spyware.screenview Spyware/Adware (C:\WINNT\setup1.exe)! Action taken: No Action Taken.

Sat Nov 25 23:24:46 2006 => Offending file found: C:\WINNT\st6unst.exe
Sat Nov 25 23:24:46 2006 => System found infected with spyware.screenview Spyware/Adware (C:\WINNT\st6unst.exe)! Action taken: No Action Taken.

Sat Nov 25 23:24:52 2006 => Checking CLSID Reference Entries...
Sat Nov 25 23:24:54 2006 => Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.

Sat Nov 25 23:24:55 2006 => Entry "HKCR\Microsoft.DirectSoundCaptureAecDMO.1" refers to invalid object "{1C22C56D-9879-4F5B-A389-27996DDC2810}". Action Taken: No Action Taken.

Sat Nov 25 23:24:55 2006 => Entry "HKCR\Microsoft.DirectSoundCaptureAgcDMO.1" refers to invalid object "{950E55B9-877C-4C67-BE08-E47B5611130A}". Action Taken: No Action Taken.

Sat Nov 25 23:24:55 2006 => Entry "HKCR\Microsoft.DirectSoundCaptureNoiseSuppressDMO.1" refers to invalid object "{5AB0882E-7274-4516-877D-4EEE99BA4FD0}". Action Taken: No Action Taken.

Sat Nov 25 23:24:56 2006 => Checking Module Usage Entries...
Sat Nov 25 23:24:56 2006 => Checking User Trusted External App Entries...
Sat Nov 25 23:24:56 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""E:\data\cdw32.exe"". Action Taken: No Action Taken.

Sat Nov 25 23:24:57 2006 => Checking Shared DLL Entries...
Sat Nov 25 23:24:57 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.

Sat Nov 25 23:24:57 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\pxwma.dll". Action Taken: No Action Taken.

Sat Nov 25 23:24:57 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\joele29_WinAdCtlInstPack.exe". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Checking Installer Entries...
Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Levels\Fort\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Levels\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Profiles\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Profiles\player\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Profiles\player\default\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Profiles\player\default\savegames\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\Declarations\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\Declarations\CGPShaders\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\Declarations\CGPShaders\Cache\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\Declarations\CGVShaders\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\Declarations\CGVShaders\Cache\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Levels\Research\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Ubisoft\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\trainZ\world\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\trainZ\cache\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\trainZ\cache\BookMarks\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\trainZ\cache\internet\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\trainZ\settings\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\System\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\Help\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\Maps\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\System\save\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\System\pb\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\Briefings\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Aspyr\MTX MotoTrax Demo\Game\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Aspyr\MTX MotoTrax Demo\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Aspyr\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\VUGames\Leisure Suit Larry - Magna Cum Laude Demo\Data\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\VUGames\SWAT 4 Single Player Demo\Content\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\VUGames\SWAT 4 Single Player Demo\Content\System\". Action Taken: No Action Taken.

Sat Nov 25 23:25:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Opera\program\". Action Taken: No Action Taken.

Sat Nov 25 23:25:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Opera\program\plugins\". Action Taken: No Action Taken.

Sat Nov 25 23:25:00 2006 => Checking Shared Tools Entries...
Sat Nov 25 23:25:00 2006 => Checking File Extension Entries...
Sat Nov 25 23:25:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bif". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cdp". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfg". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cpt". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".d2i". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".d2s". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".d2x". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".diz". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gp3". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gvp". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ide". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".idx". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFO". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".imp". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".java". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lng". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".m4a". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".manifest". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mtt". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".org". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".psn". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".psv". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pwp". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ram". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sim". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sl3". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sps". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".swc". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TMP". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".up2". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "._67cefa1a097f9bf61b68cd40788881a7". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "._6a527d9579ab7b86f35346556c5ff643". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "._d50df7699c13fc9c32ac81b7d9974f97". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Checking Application Cache Entries...
Sat Nov 25 23:25:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Advanced WMA Workshop_is1". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AltnetDM". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Anti-keylogger 6.0". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Archangel". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Arkanoid 3". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Call of Duty - United Offensive Single Player Demo". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX 5.0.2 Bundle". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX Codec". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX Player". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Doom 3 (TM) Demo". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Flashpoint". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Half-Life: Counter-Strike". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hitman: Contracts demo". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{00DA8C65-97F4-48D8-8D74-C16C6FC2B777}". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{2F7655DD-793E-40C6-B348-DE67C109F6FF}". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{3F27743D-4A09-425C-B671-ED69341CBA5D}". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IsoBuster_is1". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826232". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828749". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840987". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841356". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841533". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841872". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842526". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB870669". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB871250". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB873333". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB873339". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB885250". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB885835". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB885836". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB888113". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB890859". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB891781". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB893066". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB893086". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mafia Game". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA Display Driver". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "P2P Networking". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Painkiller SP Demo 2". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "POD-Bot 2.5". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Revenant". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Sierra Utilities". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TorrenTopia Client". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "UT2003Demo". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "UT2004-Demo". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "vgxupdate". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{09920072-6923-4E37-A150-5C6A3092DB7E}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0A053D60-9267-11D5-8A2B-0050DA8B7D89}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2C9BF728-DFE5-4A12-A34D-6059E42AE4C3}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{337B5336-A953-4C81-95B5-B4F8DA7FA189}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{61A14C75-E6D3-48E0-00A4-451C1BBBAA31}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{719561BE-48AD-48DA-9959-3FBBFB10E29D}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8F2F6F0B-B43B-4A64-B137-8E0CE3F76F5F}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{909F8EBC-EC7F-48FF-0085-475D818F0F31}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{929C29A0-E9C3-11D5-BA55-00C0CA129740}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A99968BE-C155-474C-0089-33239DEE1CE2}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CA4CA71B-6700-45C2-87DC-77E97FCA37EF}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EB3CEC18-A1C4-4909-8FE2-0C30D7A07E32}". Action Taken: No Action Taken.

Sat Nov 25 23:25:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FDF3A1E0-186A-11D5-0089-C400C04FAE70}". Action Taken: No Action Taken.
Sat Nov 25 23:25:26 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sat Nov 25 23:25:27 2006 => File C:\WINNT\eraseme_30080.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sat Nov 25 23:29:14 2006 => File C:\DOCUME~1\Tsubaru\LOCALS~1\TEMPOR~1\Content.IE5\M5JGH4N6\SmitfraudFix[1].zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.



Sat Nov 25 23:30:11 2006 => ***** Scanning complete. *****

Sat Nov 25 23:30:11 2006 => Total Objects Scanned: 31812
Sat Nov 25 23:30:11 2006 => Total Critical Objects: 52
Sat Nov 25 23:30:11 2006 => Total Disinfected Objects: 0
Sat Nov 25 23:30:12 2006 => Total Objects Renamed: 0
Sat Nov 25 23:30:12 2006 => Total Deleted Objects: 0
Sat Nov 25 23:30:12 2006 => Total Errors: 165
Sat Nov 25 23:30:12 2006 => Time Elapsed: 00:20:39
Sat Nov 25 23:30:12 2006 => Virus Database Date: 11/25/2006
Sat Nov 25 23:30:12 2006 => Virus Database Count: 245599

Sat Nov 25 23:30:12 2006 => Scan Completed.
Nahoru
Reklama
Top
Uživatelský avatar
Guivan5
Level 2.5
Level 2.5
Příspěvky: 251
Registrován: září 06
Bydliště: Praha 8
Pohlaví: Nespecifikováno
Stav:
Offline
Kontakt:
Kontaktovat uživatele Guivan5

Příspěvekod Guivan5 » 26 lis 2006 09:50

panebože :shock: ty máš doslova přes*anej počítač omg!!! takže z toho logu z mwav, hledat mazat, a projeď počítač normálním antivirem hloubkovou kontrolu, tim bys měl něco vymazat.
HDD 250 GB, ATI Radeon X1550 512 MB, 1024 MB RAM, Intel Pentium D820 2,8Ghz...
Windows XP Media Center Edition SP2, Spyware Terminator, NOD32 2.7, Zone Alarm
HiJackThis, CCleaner, MWAV,Jottiscan, KillBox, VirusTotall
TweakUI
Nahoru
hlustvisihak
nováček
Příspěvky: 4
Registrován: listopad 06
Pohlaví: Nespecifikováno
Stav:
Offline

Příspěvekod hlustvisihak » 26 lis 2006 09:55

OK, už to mažu, ale co mám udělat s tím virem v svchostovi? BTW Avast mi hlásí naprosto čistej počítač i při kontrole v nouzovým režimu.
Nahoru
Uživatelský avatar
fredik
člen Security týmu
Master Level 7
Master Level 7
Příspěvky: 4680
Registrován: červenec 06
Pohlaví: Muž
Stav:
Offline

Příspěvekod fredik » 26 lis 2006 10:42

Stáhni si Ccleaner a pročisti s ním Pc.

Tuhle službu zastav ve Službách systému Windows:
nabídka Start -> Spustit - do okénka napiš services.msc a zmáčkni OK. (měla by se jmenovat Generic Host Process for Win32 Service)

O23 - Service: Generic Host Process for Win32 Service - Unknown owner - C:\WINNT\svchost.exe

označíš příslušný řádek a pravým myšítkem přepni na Vlastnosti a v roletce Typ spouštění dej zakázáno.

Pak najdi na disku a smaž červeně označené soubory, možná bude potřeba aby si jej našel si zapnout zobrazení skrytých souborů.

C:\WINNT\svchost.exe
C:\WINNT\eraseme_30080.exe
C:\WINNT\gpinstall.exe
C:\WINNT\smdat32a.sys
C:\Documents and Settings\All Users\Data aplikací\cyberlink\powerdvd\ipower\images\hd
C:\WINNT\setup1.ex
C:\WINNT\st6unst.exe
C:\Program Files\myway

Pak sem dej ještě nový log z Mwav.
Nahoru
hlustvisihak
nováček
Příspěvky: 4
Registrován: listopad 06
Pohlaví: Nespecifikováno
Stav:
Offline

Příspěvekod hlustvisihak » 26 lis 2006 15:15

Díky moc za rady a pomoc. Odstranil jsem všechno kromě svchosta, u kterého mi Total Commander hlásí ochranu proti přepisu. jiank tady jsou nové logy z HjT a MWAVu. Už to vypadá líp.

HjT:

Logfile of HijackThis v1.99.1
Scan saved at 15:09:36, on 26.11.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\Tsubaru\Plocha\Moje\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



MWAV:

Sun Nov 26 12:59:18 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sun Nov 26 13:29:57 2006 => File C:\Documents and Settings\Tsubaru\Plocha\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Sun Nov 26 13:30:16 2006 => File C:\Documents and Settings\Tsubaru\Plocha\SmitfraudFix\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Sun Nov 26 13:31:01 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sun Nov 26 13:31:47 2006 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
Sun Nov 26 13:31:47 2006 => System found infected with mybar Spyware/Adware ({0494d0d1-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sun Nov 26 13:31:48 2006 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sun Nov 26 13:31:48 2006 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken.
Sun Nov 26 13:31:48 2006 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sun Nov 26 13:31:49 2006 => System found infected with myway Spyware/Adware ({0494d0d4-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sun Nov 26 13:31:52 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\limewire !!!
Sun Nov 26 13:31:52 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:52 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!!
Sun Nov 26 13:31:52 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:53 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!
Sun Nov 26 13:31:53 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:53 2006 => Offending Key found: HKLM\Software\kazaa !!!
Sun Nov 26 13:31:53 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:54 2006 => Offending Key found: HKLM\Software\limewire !!!
Sun Nov 26 13:31:54 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:54 2006 => Offending Key found: HKLM\Software\magnet !!!
Sun Nov 26 13:31:54 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:55 2006 => Offending Key found: HKLM\Software\perfectnav !!!
Sun Nov 26 13:31:55 2006 => Object "perfectnav Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:55 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\altnet !!!
Sun Nov 26 13:31:56 2006 => Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:56 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\kazaa media desktop !!!
Sun Nov 26 13:31:56 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:56 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\limewire !!!
Sun Nov 26 13:31:57 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:57 2006 => Offending Key found: HKCU\\magnet !!!
Sun Nov 26 13:31:58 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:58 2006 => Offending Key found: HKLM\System\ControlSet001\Services\EventLog\Application\iexplore !!!
Sun Nov 26 13:31:59 2006 => Object "searchseekfind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:59 2006 => Offending Key found: HKLM\System\ControlSet002\Services\EventLog\Application\iexplore !!!
Sun Nov 26 13:31:59 2006 => Object "searchseekfind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:32:05 2006 => Offending Folder found: C:\Documents and Settings\Tsubaru\Nabídka Start\programy\limewire
Sun Nov 26 13:32:06 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:32:06 2006 => Offending Folder found: C:\Documents and Settings\Tsubaru\Nabídka Start\Programy\limewire
Sun Nov 26 13:32:06 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:32:09 2006 => Offending file found: C:\WINNT\svchost.exe
Sun Nov 26 13:32:09 2006 => System found infected with cws.smartsearch Browser Hijacker (C:\WINNT\svchost.exe)! Action taken: No Action Taken.
Sun Nov 26 13:32:18 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""E:\data\cdw32.exe"". Action Taken: No Action Taken.
Sun Nov 26 13:32:22 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{F7D1D93A-B17A-41F8-9070-0B2A544C6165}". Action Taken: No Action Taken.
Sun Nov 26 13:32:54 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.


Sun Nov 26 13:42:45 2006 => ***** Scanning complete. *****

Sun Nov 26 13:42:45 2006 => Total Objects Scanned: 30468
Sun Nov 26 13:42:46 2006 => Total Critical Objects: 27
Sun Nov 26 13:42:46 2006 => Total Disinfected Objects: 0
Sun Nov 26 13:42:46 2006 => Total Objects Renamed: 0
Sun Nov 26 13:42:46 2006 => Total Deleted Objects: 0
Sun Nov 26 13:42:46 2006 => Total Errors: 7
Sun Nov 26 13:42:47 2006 => Time Elapsed: 00:43:42
Sun Nov 26 13:42:47 2006 => Virus Database Date: 11/23/2006
Sun Nov 26 13:42:47 2006 => Virus Database Count: 244252

Sun Nov 26 13:42:47 2006 => Scan Completed.

Na můj vkus mi HjT ukazuje mockrát spuštěný svchost.
Nahoru
Uživatelský avatar
fredik
člen Security týmu
Master Level 7
Master Level 7
Příspěvky: 4680
Registrován: červenec 06
Pohlaví: Muž
Stav:
Offline

Příspěvekod fredik » 26 lis 2006 15:35

Stáhni si Killbox. Spusť Killbox a do okénka zkopíruj modře označený řádek (přetáhnout myší a CTRL+C a potom kurzor do okénka a dej CTRL+V).

C:\WINNT\svchost.exe

Nastav volby Delete On Reboot a stiskni červený kruh s křížem.Počítač bude chtít restart, tak jej povol a restartuj.

Na ten log pokud se ti na něj nikdo nepodívá se mrknu večer.

Proces svchost (je systémový - a bývá jich spuštěno vetšinou víc) má na starosti služby systému windows. Čím více spuštěných služeb, tím vícekrát spuštěný svchost a tím také jeho zabrání systémových prostředků.
Nahoru
hlustvisihak
nováček
Příspěvky: 4
Registrován: listopad 06
Pohlaví: Nespecifikováno
Stav:
Offline

Příspěvekod hlustvisihak » 27 lis 2006 18:51

OK, vir už MWAV nehlásí, jenom pár těch adwarů, těch už by mělo stačit zbavit se ručně, ne? Je už teď bezpečný připojit se na net? Jinak díky všem a za všechno, už jsem si nevěděl rady. Fakt díky... :bigups:
Nahoru
Odpovědět

Zpět na “Viry, antiviry, firewally…”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti