PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Trojan-gen a Win 32: backdoor

https://pc-help.cnews.cz/viewtopic.php?f=47&t=9665

Stránka 1 z 1

Trojan-gen a Win 32: backdoor

Napsal: 25 lis 2006 23:47
od hlustvisihak
AHoj

mám problém s virem Win32:Trojan-gen co mi hlásí Avast. Nemůžu se ho zbacit, vždycky po připojení na net se mi do počítače znova stáhne soubor mal.exe a mal[1].exe a zátěž procesoru a outstream vyběhne na maximum a po chvíli dojde k resetu. Zároveň mi teď mwav hlásí vir Backdoor.Win32.SdBot.aad. Vůbec nevím co s tím. Házím se m log z HijackThis a MWAVu


Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 23:40:26, on 25.11.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Documents and Settings\Tsubaru\Plocha\Moje\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MediaKey.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Generic Host Process for Win32 Service - Unknown owner - C:\WINNT\svchost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



MWAV:

Sat Nov 25 23:04:35 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sat Nov 25 23:04:57 2006 => ERROR!!! Invalid Entry Rahananis = ebouhibep.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Sat Nov 25 23:09:56 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sat Nov 25 23:10:28 2006 => ERROR!!! Invalid Entry Rahananis = ebouhibep.exe (in key .DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). No Action Taken.
Sat Nov 25 23:23:58 2006 => File C:\Documents and Settings\Tsubaru\Plocha\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Sat Nov 25 23:24:14 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sat Nov 25 23:24:26 2006 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
Sat Nov 25 23:24:26 2006 => System found infected with mybar Spyware/Adware ({0494d0d1-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with emedia codec Browser Hijacker ({6bf52a52-394a-11d3-b153-00c04f79faa6})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with emedia codec Browser Hijacker ({6bf52a52-394a-11d3-b153-00c04f79faa6})! Action taken: No Action Taken.
Sat Nov 25 23:24:27 2006 => System found infected with myway Spyware/Adware ({0494d0d4-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sat Nov 25 23:24:29 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\p2p networking !!!
Sat Nov 25 23:24:29 2006 => Object "p2p networking Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:29 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\st6unst #1 !!!
Sat Nov 25 23:24:29 2006 => Object "spyware.screenview Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:30 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\st6unst #1 !!!
Sat Nov 25 23:24:30 2006 => Object "spyware.screenview Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 25 23:24:30 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:30 2006 => Offending Key found: HKLM\Software\magnet !!!
Sat Nov 25 23:24:30 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:30 2006 => Offending Key found: HKLM\Software\myway !!!
Sat Nov 25 23:24:30 2006 => Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:30 2006 => Offending Key found: HKLM\Software\perfectnav !!!
Sat Nov 25 23:24:30 2006 => Object "perfectnav Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:30 2006 => Offending Key found: HKCU\Software\kazaa !!!
Sat Nov 25 23:24:30 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 25 23:24:30 2006 => Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 25 23:24:30 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 25 23:24:31 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Sat Nov 25 23:24:32 2006 => Offending Key found: HKLM\System\ControlSet001\Services\EventLog\Application\iexplore !!!
Sat Nov 25 23:24:32 2006 => Object "searchseekfind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:32 2006 => Offending Key found: HKLM\System\ControlSet002\Services\EventLog\Application\iexplore !!!
Sat Nov 25 23:24:32 2006 => Object "searchseekfind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:33 2006 => Offending file found: C:\WINNT\gpinstall.exe
Sat Nov 25 23:24:33 2006 => System found infected with conducent flexpak Spyware/Adware (gpinstall.exe)! Action taken: No Action Taken.

Sat Nov 25 23:24:33 2006 => Offending file found: C:\WINNT\smdat32a.sys
Sat Nov 25 23:24:33 2006 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.

Sat Nov 25 23:24:34 2006 => Offending Folder found: C:\Program Files\myway
Sat Nov 25 23:24:34 2006 => Object "my way speedbar Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:39 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\programy\limewire\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\programy\bitcomet\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\programy\rivatuner v2.0 rc 15.8\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\programy\mv2player\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\Programy\limewire\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\Programy\bitcomet\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:40 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\Programy\rivatuner v2.0 rc 15.8\uninstall.lnk
Sat Nov 25 23:24:40 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:41 2006 => Offending file found: C:\Documents and Settings\Tsubaru\Nabídka Start\Programy\mv2player\uninstall.lnk
Sat Nov 25 23:24:41 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:42 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\programy\video\ac3filter\uninstall.lnk
Sat Nov 25 23:24:42 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:42 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\programy\video\ffdshow\uninstall.lnk
Sat Nov 25 23:24:42 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:43 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\programy\mediakey\uninstall.lnk
Sat Nov 25 23:24:43 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:43 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\programy\trust\trust wb-1200p mini webcam\uninstall.lnk
Sat Nov 25 23:24:43 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:43 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\programy\arcsoft videoimpression 1.6\uninstall.lnk
Sat Nov 25 23:24:43 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:43 2006 => Offending Folder found: C:\Documents and Settings\All Users\Data aplikací\cyberlink\powerdvd\ipower\images\hd
Sat Nov 25 23:24:43 2006 => Object "wareout Adware" found in File System! Action Taken: No Action Taken.

Sat Nov 25 23:24:43 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\video\ac3filter\uninstall.lnk
Sat Nov 25 23:24:43 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:44 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\video\ffdshow\uninstall.lnk
Sat Nov 25 23:24:44 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:44 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\mediakey\uninstall.lnk
Sat Nov 25 23:24:44 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:44 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\trust\trust wb-1200p mini webcam\uninstall.lnk
Sat Nov 25 23:24:44 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:44 2006 => Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\arcsoft videoimpression 1.6\uninstall.lnk
Sat Nov 25 23:24:44 2006 => System found infected with trust cleaner Trojan (uninstall.lnk)! Action taken: No Action Taken.

Sat Nov 25 23:24:46 2006 => Offending file found: C:\WINNT\svchost.exe
Sat Nov 25 23:24:46 2006 => System found infected with cws.smartsearch Browser Hijacker (C:\WINNT\svchost.exe)! Action taken: No Action Taken.

Sat Nov 25 23:24:46 2006 => Offending file found: C:\WINNT\setup1.exe
Sat Nov 25 23:24:46 2006 => System found infected with spyware.screenview Spyware/Adware (C:\WINNT\setup1.exe)! Action taken: No Action Taken.

Sat Nov 25 23:24:46 2006 => Offending file found: C:\WINNT\st6unst.exe
Sat Nov 25 23:24:46 2006 => System found infected with spyware.screenview Spyware/Adware (C:\WINNT\st6unst.exe)! Action taken: No Action Taken.

Sat Nov 25 23:24:52 2006 => Checking CLSID Reference Entries...
Sat Nov 25 23:24:54 2006 => Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.

Sat Nov 25 23:24:55 2006 => Entry "HKCR\Microsoft.DirectSoundCaptureAecDMO.1" refers to invalid object "{1C22C56D-9879-4F5B-A389-27996DDC2810}". Action Taken: No Action Taken.

Sat Nov 25 23:24:55 2006 => Entry "HKCR\Microsoft.DirectSoundCaptureAgcDMO.1" refers to invalid object "{950E55B9-877C-4C67-BE08-E47B5611130A}". Action Taken: No Action Taken.

Sat Nov 25 23:24:55 2006 => Entry "HKCR\Microsoft.DirectSoundCaptureNoiseSuppressDMO.1" refers to invalid object "{5AB0882E-7274-4516-877D-4EEE99BA4FD0}". Action Taken: No Action Taken.

Sat Nov 25 23:24:56 2006 => Checking Module Usage Entries...
Sat Nov 25 23:24:56 2006 => Checking User Trusted External App Entries...
Sat Nov 25 23:24:56 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""E:\data\cdw32.exe"". Action Taken: No Action Taken.

Sat Nov 25 23:24:57 2006 => Checking Shared DLL Entries...
Sat Nov 25 23:24:57 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.

Sat Nov 25 23:24:57 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\pxwma.dll". Action Taken: No Action Taken.

Sat Nov 25 23:24:57 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINNT\system32\joele29_WinAdCtlInstPack.exe". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Checking Installer Entries...
Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Levels\Fort\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Levels\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Profiles\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Profiles\player\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Profiles\player\default\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Profiles\player\default\savegames\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\Declarations\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\Declarations\CGPShaders\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\Declarations\CGPShaders\Cache\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\Declarations\CGVShaders\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Shaders\HWScripts\Declarations\CGVShaders\Cache\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Far Cry\Levels\Research\". Action Taken: No Action Taken.

Sat Nov 25 23:24:58 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Ubisoft\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\trainZ\world\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\trainZ\cache\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\trainZ\cache\BookMarks\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\trainZ\cache\internet\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\trainZ\settings\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\System\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\Help\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\Maps\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\System\save\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\System\pb\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\America's Army\Briefings\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Aspyr\MTX MotoTrax Demo\Game\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Aspyr\MTX MotoTrax Demo\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\Aspyr\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\VUGames\Leisure Suit Larry - Magna Cum Laude Demo\Data\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\VUGames\SWAT 4 Single Player Demo\Content\". Action Taken: No Action Taken.

Sat Nov 25 23:24:59 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\Program Files\VUGames\SWAT 4 Single Player Demo\Content\System\". Action Taken: No Action Taken.

Sat Nov 25 23:25:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Opera\program\". Action Taken: No Action Taken.

Sat Nov 25 23:25:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Opera\program\plugins\". Action Taken: No Action Taken.

Sat Nov 25 23:25:00 2006 => Checking Shared Tools Entries...
Sat Nov 25 23:25:00 2006 => Checking File Extension Entries...
Sat Nov 25 23:25:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bif". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cdp". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cfg". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cpt". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".d2i". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".d2s". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".d2x". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".diz". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gp3". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gvp". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ide". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".idx". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".IFO". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".imp". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".java". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lng". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".m4a". Action Taken: No Action Taken.

Sat Nov 25 23:25:01 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".manifest". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mtt". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".org". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".psn". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".psv". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pwp". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ram". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sim". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sl3". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sps". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".swc". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TMP". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".up2". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "._67cefa1a097f9bf61b68cd40788881a7". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "._6a527d9579ab7b86f35346556c5ff643". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "._d50df7699c13fc9c32ac81b7d9974f97". Action Taken: No Action Taken.

Sat Nov 25 23:25:02 2006 => Checking Application Cache Entries...
Sat Nov 25 23:25:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Advanced WMA Workshop_is1". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AltnetDM". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Anti-keylogger 6.0". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Archangel". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Arkanoid 3". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Call of Duty - United Offensive Single Player Demo". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX 5.0.2 Bundle". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX Codec". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "DivX Player". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Doom 3 (TM) Demo". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Flashpoint". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Half-Life: Counter-Strike". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hitman: Contracts demo". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{00DA8C65-97F4-48D8-8D74-C16C6FC2B777}". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{2F7655DD-793E-40C6-B348-DE67C109F6FF}". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{3F27743D-4A09-425C-B671-ED69341CBA5D}". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "IsoBuster_is1". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.

Sat Nov 25 23:25:03 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB826232". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828749". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840987". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841356". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841533". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841872". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842526". Action Taken: No Action Taken.

Sat Nov 25 23:25:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB870669". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB871250". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB873333". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB873339". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB885250". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB885835". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB885836". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB888113". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB890859". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB891781". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB893066". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB893086". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mafia Game". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "NVIDIA Display Driver". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "P2P Networking". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Painkiller SP Demo 2". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "POD-Bot 2.5". Action Taken: No Action Taken.

Sat Nov 25 23:25:05 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Revenant". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Sierra Utilities". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "TorrenTopia Client". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "UT2003Demo". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "UT2004-Demo". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "vgxupdate". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{09920072-6923-4E37-A150-5C6A3092DB7E}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{0A053D60-9267-11D5-8A2B-0050DA8B7D89}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2C9BF728-DFE5-4A12-A34D-6059E42AE4C3}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{337B5336-A953-4C81-95B5-B4F8DA7FA189}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{61A14C75-E6D3-48E0-00A4-451C1BBBAA31}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{719561BE-48AD-48DA-9959-3FBBFB10E29D}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8E240C1C-25D0-4248-BC6C-ACC3472E35CE}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{8F2F6F0B-B43B-4A64-B137-8E0CE3F76F5F}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{909F8EBC-EC7F-48FF-0085-475D818F0F31}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{929C29A0-E9C3-11D5-BA55-00C0CA129740}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{A99968BE-C155-474C-0089-33239DEE1CE2}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CA4CA71B-6700-45C2-87DC-77E97FCA37EF}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}". Action Taken: No Action Taken.

Sat Nov 25 23:25:06 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EB3CEC18-A1C4-4909-8FE2-0C30D7A07E32}". Action Taken: No Action Taken.

Sat Nov 25 23:25:07 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{FDF3A1E0-186A-11D5-0089-C400C04FAE70}". Action Taken: No Action Taken.
Sat Nov 25 23:25:26 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sat Nov 25 23:25:27 2006 => File C:\WINNT\eraseme_30080.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sat Nov 25 23:29:14 2006 => File C:\DOCUME~1\Tsubaru\LOCALS~1\TEMPOR~1\Content.IE5\M5JGH4N6\SmitfraudFix[1].zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.



Sat Nov 25 23:30:11 2006 => ***** Scanning complete. *****

Sat Nov 25 23:30:11 2006 => Total Objects Scanned: 31812
Sat Nov 25 23:30:11 2006 => Total Critical Objects: 52
Sat Nov 25 23:30:11 2006 => Total Disinfected Objects: 0
Sat Nov 25 23:30:12 2006 => Total Objects Renamed: 0
Sat Nov 25 23:30:12 2006 => Total Deleted Objects: 0
Sat Nov 25 23:30:12 2006 => Total Errors: 165
Sat Nov 25 23:30:12 2006 => Time Elapsed: 00:20:39
Sat Nov 25 23:30:12 2006 => Virus Database Date: 11/25/2006
Sat Nov 25 23:30:12 2006 => Virus Database Count: 245599

Sat Nov 25 23:30:12 2006 => Scan Completed.

Napsal: 26 lis 2006 09:50
od Guivan5
panebože :shock: ty máš doslova přes*anej počítač omg!!! takže z toho logu z mwav, hledat mazat, a projeď počítač normálním antivirem hloubkovou kontrolu, tim bys měl něco vymazat.

Napsal: 26 lis 2006 09:55
od hlustvisihak
OK, už to mažu, ale co mám udělat s tím virem v svchostovi? BTW Avast mi hlásí naprosto čistej počítač i při kontrole v nouzovým režimu.

Napsal: 26 lis 2006 10:42
od fredik
Stáhni si Ccleaner a pročisti s ním Pc.

Tuhle službu zastav ve Službách systému Windows:
nabídka Start -> Spustit - do okénka napiš services.msc a zmáčkni OK. (měla by se jmenovat Generic Host Process for Win32 Service)

O23 - Service: Generic Host Process for Win32 Service - Unknown owner - C:\WINNT\svchost.exe

označíš příslušný řádek a pravým myšítkem přepni na Vlastnosti a v roletce Typ spouštění dej zakázáno.

Pak najdi na disku a smaž červeně označené soubory, možná bude potřeba aby si jej našel si zapnout zobrazení skrytých souborů.

C:\WINNT\svchost.exe
C:\WINNT\eraseme_30080.exe
C:\WINNT\gpinstall.exe
C:\WINNT\smdat32a.sys
C:\Documents and Settings\All Users\Data aplikací\cyberlink\powerdvd\ipower\images\hd
C:\WINNT\setup1.ex
C:\WINNT\st6unst.exe
C:\Program Files\myway

Pak sem dej ještě nový log z Mwav.

Napsal: 26 lis 2006 15:15
od hlustvisihak
Díky moc za rady a pomoc. Odstranil jsem všechno kromě svchosta, u kterého mi Total Commander hlásí ochranu proti přepisu. jiank tady jsou nové logy z HjT a MWAVu. Už to vypadá líp.

HjT:

Logfile of HijackThis v1.99.1
Scan saved at 15:09:36, on 26.11.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINNT\system32\taskmgr.exe
C:\Documents and Settings\Tsubaru\Plocha\Moje\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\AGNITUM\OUTPOS~1.0\outpost.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



MWAV:

Sun Nov 26 12:59:18 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sun Nov 26 13:29:57 2006 => File C:\Documents and Settings\Tsubaru\Plocha\SmitfraudFix.zip tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Sun Nov 26 13:30:16 2006 => File C:\Documents and Settings\Tsubaru\Plocha\SmitfraudFix\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.
Sun Nov 26 13:31:01 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.
Sun Nov 26 13:31:47 2006 => System found infected with mybar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
Sun Nov 26 13:31:47 2006 => System found infected with mybar Spyware/Adware ({0494d0d1-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sun Nov 26 13:31:48 2006 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sun Nov 26 13:31:48 2006 => System found infected with kazaa Spyware/Adware ({66fc8717-efa7-4546-8c4a-e224f3a80c76})! Action taken: No Action Taken.
Sun Nov 26 13:31:48 2006 => System found infected with mybar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sun Nov 26 13:31:49 2006 => System found infected with myway Spyware/Adware ({0494d0d4-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Sun Nov 26 13:31:52 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\limewire !!!
Sun Nov 26 13:31:52 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:52 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\limewire !!!
Sun Nov 26 13:31:52 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:53 2006 => Offending Key found: HKLM\Software\magnet\handlers\limewire !!!
Sun Nov 26 13:31:53 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:53 2006 => Offending Key found: HKLM\Software\kazaa !!!
Sun Nov 26 13:31:53 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:54 2006 => Offending Key found: HKLM\Software\limewire !!!
Sun Nov 26 13:31:54 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:54 2006 => Offending Key found: HKLM\Software\magnet !!!
Sun Nov 26 13:31:54 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:55 2006 => Offending Key found: HKLM\Software\perfectnav !!!
Sun Nov 26 13:31:55 2006 => Object "perfectnav Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:55 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\altnet !!!
Sun Nov 26 13:31:56 2006 => Object "topsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:56 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\kazaa media desktop !!!
Sun Nov 26 13:31:56 2006 => Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:56 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\limewire !!!
Sun Nov 26 13:31:57 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:57 2006 => Offending Key found: HKCU\\magnet !!!
Sun Nov 26 13:31:58 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:58 2006 => Offending Key found: HKLM\System\ControlSet001\Services\EventLog\Application\iexplore !!!
Sun Nov 26 13:31:59 2006 => Object "searchseekfind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:31:59 2006 => Offending Key found: HKLM\System\ControlSet002\Services\EventLog\Application\iexplore !!!
Sun Nov 26 13:31:59 2006 => Object "searchseekfind Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:32:05 2006 => Offending Folder found: C:\Documents and Settings\Tsubaru\Nabídka Start\programy\limewire
Sun Nov 26 13:32:06 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:32:06 2006 => Offending Folder found: C:\Documents and Settings\Tsubaru\Nabídka Start\Programy\limewire
Sun Nov 26 13:32:06 2006 => Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Nov 26 13:32:09 2006 => Offending file found: C:\WINNT\svchost.exe
Sun Nov 26 13:32:09 2006 => System found infected with cws.smartsearch Browser Hijacker (C:\WINNT\svchost.exe)! Action taken: No Action Taken.
Sun Nov 26 13:32:18 2006 => Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""E:\data\cdw32.exe"". Action Taken: No Action Taken.
Sun Nov 26 13:32:22 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{F7D1D93A-B17A-41F8-9070-0B2A544C6165}". Action Taken: No Action Taken.
Sun Nov 26 13:32:54 2006 => File C:\WINNT\svchost.exe infected by "Backdoor.Win32.SdBot.aad" Virus! Action Taken: No Action Taken.


Sun Nov 26 13:42:45 2006 => ***** Scanning complete. *****

Sun Nov 26 13:42:45 2006 => Total Objects Scanned: 30468
Sun Nov 26 13:42:46 2006 => Total Critical Objects: 27
Sun Nov 26 13:42:46 2006 => Total Disinfected Objects: 0
Sun Nov 26 13:42:46 2006 => Total Objects Renamed: 0
Sun Nov 26 13:42:46 2006 => Total Deleted Objects: 0
Sun Nov 26 13:42:46 2006 => Total Errors: 7
Sun Nov 26 13:42:47 2006 => Time Elapsed: 00:43:42
Sun Nov 26 13:42:47 2006 => Virus Database Date: 11/23/2006
Sun Nov 26 13:42:47 2006 => Virus Database Count: 244252

Sun Nov 26 13:42:47 2006 => Scan Completed.

Na můj vkus mi HjT ukazuje mockrát spuštěný svchost.

Napsal: 26 lis 2006 15:35
od fredik
Stáhni si Killbox. Spusť Killbox a do okénka zkopíruj modře označený řádek (přetáhnout myší a CTRL+C a potom kurzor do okénka a dej CTRL+V).

C:\WINNT\svchost.exe

Nastav volby Delete On Reboot a stiskni červený kruh s křížem.Počítač bude chtít restart, tak jej povol a restartuj.

Na ten log pokud se ti na něj nikdo nepodívá se mrknu večer.

Proces svchost (je systémový - a bývá jich spuštěno vetšinou víc) má na starosti služby systému windows. Čím více spuštěných služeb, tím vícekrát spuštěný svchost a tím také jeho zabrání systémových prostředků.

Napsal: 27 lis 2006 18:51
od hlustvisihak
OK, vir už MWAV nehlásí, jenom pár těch adwarů, těch už by mělo stačit zbavit se ručně, ne? Je už teď bezpečný připojit se na net? Jinak díky všem a za všechno, už jsem si nevěděl rady. Fakt díky... :bigups:
Časové pásmo: UTC+02:00
Stránka 1 z 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/