Od určité doby mám hodně zpomalény PC.Když si zapnu správce úloh systému tak mě proces tcpsvcs.exe bere 80-99% výkonu CPU.Posílam hijackthis.JSEM TU POPRVÉ(PROSÍM O TRPĚLIVOST).
Logfile of HijackThis v1.99.1
Scan saved at 9:23:48, on 29.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Documents and Settings\lukas\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54D7269-6E16-4F8D-AC9B-A38F22C525A0}: NameServer = 62.240.161.226,62.240.161.227
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Moc prosim o kontrolu logu
Máš tam vira.
v HJT fixni:
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
+ ten červeně označený soubor najdi smaž ho pro lepší nalezení si zapni zobrazvat skryté a systémové soubory.
A restartuj PC po restartu PC sem dej nový log na kontrolu.
v HJT fixni:
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
+ ten červeně označený soubor najdi smaž ho pro lepší nalezení si zapni zobrazvat skryté a systémové soubory.
A restartuj PC po restartu PC sem dej nový log na kontrolu.
Určitě si oskenuj na Jottiscanu http://virusscan.jotti.org/ tyto soubory
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
Toto je spyware vypni a smaž. Chtělo by to projet nějakým prográmkem na mallware, třeba EMCO mallware bouncer nebo něco podobného.
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
Toto je spyware vypni a smaž. Chtělo by to projet nějakým prográmkem na mallware, třeba EMCO mallware bouncer nebo něco podobného.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Ten první soubor co uvedl sakiri je Worm..Brontok /Rontokbro záleží na označení antivirové firmy.
Soubor Ctfmon.exe aktivuje procesor pro zadávání textu (TIP) pomocí alternativního vstupu uživatele a panel jazyků sady Microsoft Office a při jeho odebrání může dojít problematickému chování aplikací sady Office.
Ten poslední by měl být v pořádku ale zkus ho radši otestovat.
Soubor Ctfmon.exe aktivuje procesor pro zadávání textu (TIP) pomocí alternativního vstupu uživatele a panel jazyků sady Microsoft Office a při jeho odebrání může dojít problematickému chování aplikací sady Office.
Ten poslední by měl být v pořádku ale zkus ho radši otestovat.
Děkuji všem za rychlou odpověď.
Sakiri:
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
v HJT jsem to fixnul
smss.exe NEJDE SMAZAT:1,C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe (tu není)
2,C:\WINDOWS\system32 (zde se nachází)
3,OKNA hlásí (smss.exe nelze odstranit přístup byl odepřen....)
4,Správce úloh systému(abych ho vypnul) hlásí Jedná se o kritický systémový proces
Pavetta:
oskenoval jsem na Jottiscanu http://virusscan.jotti.org/(vše OK,smss nenalezen)
Vše jsem HJT fixnul
vsnpstd2.exe to by měl byt program na web kameru(Nevím jestli po smazání půjde)
Přikládám log z HJT(po fixnutí v HJT,ale nic jsem nesmazal).Co bych měl udělat??
Logfile of HijackThis v1.99.1
Scan saved at 13:31:09, on 29.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\lukas\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54D7269-6E16-4F8D-AC9B-A38F22C525A0}: NameServer = 62.240.161.226,62.240.161.227
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Sakiri:
O4 - HKCU\..\Run: [Tok-Cirrhatus] "C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
v HJT jsem to fixnul
smss.exe NEJDE SMAZAT:1,C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe (tu není)
2,C:\WINDOWS\system32 (zde se nachází)
3,OKNA hlásí (smss.exe nelze odstranit přístup byl odepřen....)
4,Správce úloh systému(abych ho vypnul) hlásí Jedná se o kritický systémový proces
Pavetta:
oskenoval jsem na Jottiscanu http://virusscan.jotti.org/(vše OK,smss nenalezen)
Vše jsem HJT fixnul
vsnpstd2.exe to by měl byt program na web kameru(Nevím jestli po smazání půjde)
Přikládám log z HJT(po fixnutí v HJT,ale nic jsem nesmazal).Co bych měl udělat??
Logfile of HijackThis v1.99.1
Scan saved at 13:31:09, on 29.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\lukas\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54D7269-6E16-4F8D-AC9B-A38F22C525A0}: NameServer = 62.240.161.226,62.240.161.227
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\smss.exe smazat nesmíš! Je to právě systémový proces, bez kterého by ti nefungovaly wokna.
C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe je zřejmě skrytý a proto jsi ho nenašel. Nejlepší bude, pokud na jeho smazání použiješ Killbox.
C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe je zřejmě skrytý a proto jsi ho nenašel. Nejlepší bude, pokud na jeho smazání použiješ Killbox.
Znáte pravidla?
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!
Tipy a triky ve Windows XP
Návody: HijackThis, MWAV, CCleaner (THX to mijaja)
Problémy, které chcete vyřešit pište sem do fóra. Neposílejte je emailem ani po ICQ!
mikel:
Prosím tě nevím jak se s tím kilboxem dělá.Zkusil jsem a tohle je výsledek:
Pocket Killbox version 2.0.0.648
Running on Windows XP as lukas(Administrator)
was started @ pátek, prosinec 29, 2006, 5:14 PM
# 1 [Files to Delete]
Path = C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
*This file does not seem to exist
# 2 [Files to Delete]
Path = C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
*This file does not seem to exist
# 3 [End Process]
Path =
Could not End Task on
# 4 [Delete on Reboot]
Path = C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:28:09 PM
Killbox Closed(Exit) @ 5:28:27 PM
__________________________________________________
Posílám i log z HJT
Logfile of HijackThis v1.99.1
Scan saved at 17:47:29, on 29.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\lukas\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54D7269-6E16-4F8D-AC9B-A38F22C525A0}: NameServer = 62.240.161.226,62.240.161.227
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Prosím tě nevím jak se s tím kilboxem dělá.Zkusil jsem a tohle je výsledek:
Pocket Killbox version 2.0.0.648
Running on Windows XP as lukas(Administrator)
was started @ pátek, prosinec 29, 2006, 5:14 PM
# 1 [Files to Delete]
Path = C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
*This file does not seem to exist
# 2 [Files to Delete]
Path = C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
*This file does not seem to exist
# 3 [End Process]
Path =
Could not End Task on
# 4 [Delete on Reboot]
Path = C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:28:09 PM
Killbox Closed(Exit) @ 5:28:27 PM
__________________________________________________
Posílám i log z HJT
Logfile of HijackThis v1.99.1
Scan saved at 17:47:29, on 29.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\lukas\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B54D7269-6E16-4F8D-AC9B-A38F22C525A0}: NameServer = 62.240.161.226,62.240.161.227
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
zkusíme to jinak.
Stáhni si Avenger a spusť ho pod účtem administrátora.
Zvol možnost-Input script manually a klikni na ikonku lupy vyskočí ti prázdné okno kam zkopíruj ten tučně označený text:
Files to delete:
C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
Pak klikni na Done.
Poté klikni na ikonku semafory.Vyskočí ti hláška kde odklikni Yes poté další kde odklikni také Yes.
PC se restartuje po restartu by ti měl vyskočit výpis Avengeru tak ho sem zkopíruj.
Stáhni si Avenger a spusť ho pod účtem administrátora.
Zvol možnost-Input script manually a klikni na ikonku lupy vyskočí ti prázdné okno kam zkopíruj ten tučně označený text:
Files to delete:
C:\Documents and Settings\lukas\Local Settings\Data aplikací\smss.exe
Pak klikni na Done.
Poté klikni na ikonku semafory.Vyskočí ti hláška kde odklikni Yes poté další kde odklikni také Yes.
PC se restartuje po restartu by ti měl vyskočit výpis Avengeru tak ho sem zkopíruj.
sakiri
Udělal jsem to podle tebe ale vyskytl se problém.
Po semaforech jsem dal ANO.Avenger napsal tohle:
Error selected file does not appear to be a valid script
Potom jsem dal OK
Press OK to log error and continue or cancel to abort
A další
Error code 1813..
Boužel neumím anglicky...Hold dnes je špatný den..
Dík za odpověď
Udělal jsem to podle tebe ale vyskytl se problém.
Po semaforech jsem dal ANO.Avenger napsal tohle:
Error selected file does not appear to be a valid script
Potom jsem dal OK
Press OK to log error and continue or cancel to abort
A další
Error code 1813..
Boužel neumím anglicky...Hold dnes je špatný den..
Dík za odpověď
Jestě jsem zkusil mwav je to dlouhý výpis(zkrácený na klíčové slovo taken) 
Fri Dec 29 18:36:16 2006 => Total Objects Scanned: 29184
Fri Dec 29 18:36:16 2006 => Total Critical Objects: 14
Fri Dec 29 18:36:16 2006 => Total Disinfected Objects: 0
Fri Dec 29 18:36:16 2006 => Total Objects Renamed: 0
Fri Dec 29 18:36:16 2006 => Total Deleted Objects: 0
Fri Dec 29 18:36:16 2006 => Total Errors: 81
Fri Dec 29 18:36:16 2006 => Time Elapsed: 00:05:34
Fri Dec 29 18:36:16 2006 => Virus Database Date: 12/29/2006
Fri Dec 29 18:36:16 2006 => Virus Database Count: 254976
Fri Dec 29 18:36:16 2006 => Scan Completed.
Fri Dec 29 18:31:54 2006 => Offending Key found: HKLM\Software\magnet !!!
Fri Dec 29 18:31:57 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:31:58 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch !!!
Fri Dec 29 18:31:58 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:31:59 2006 => Offending Key found: HKCU\\magnet !!!
Fri Dec 29 18:31:59 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:31:59 2006 => Offending Key found: HKLM\System\CurrentControlSet\Services\iprip !!!
Fri Dec 29 18:31:59 2006 => Object "linkmedia Trojan" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:31:59 2006 => Offending Key found: HKLM\System\ControlSet001\Services\iprip !!!
Fri Dec 29 18:31:59 2006 => Object "linkmedia Trojan" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:00 2006 => Offending Key found: HKLM\System\ControlSet002\Services\iprip !!!
Fri Dec 29 18:32:00 2006 => Object "linkmedia Trojan" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:05 2006 => Offending file found: C:\Documents and Settings\lukas\Plocha\programy\toolbar.lnk
Fri Dec 29 18:32:05 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Fri Dec 29 18:32:06 2006 => Offending file found: C:\Documents and Settings\lukas\Dokumenty\obrázky\about.brontok.a.html
Fri Dec 29 18:32:06 2006 => System found infected with about.brontok.a Trojan (about.brontok.a.html)! Action taken: No Action Taken.
Fri Dec 29 18:32:06 2006 => Offending Folder found: C:\Documents and Settings\lukas\Local Settings\data aplikací\loc.mail.bron.tok
Fri Dec 29 18:32:06 2006 => Object "w32.rontokbro.d@mm Worm" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:06 2006 => Offending Folder found: C:\Documents and Settings\lukas\Local Settings\data aplikací\ok-sendmail-bron-tok
Fri Dec 29 18:32:06 2006 => Object "w32.rontokbro.d@mm Worm" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:11 2006 => Offending Folder found: C:\Documents and Settings\lukas\Local Settings\Data aplikací\loc.mail.bron.tok
Fri Dec 29 18:32:11 2006 => Object "w32.rontokbro.d@mm Worm" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:11 2006 => Offending Folder found: C:\Documents and Settings\lukas\Local Settings\Data aplikací\ok-sendmail-bron-tok
Fri Dec 29 18:32:11 2006 => Object "w32.rontokbro.d@mm Worm" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:11 2006 => Offending file found: C:\Documents and Settings\lukas\Dokumenty\Obrázky\about.brontok.a.html
Fri Dec 29 18:32:11 2006 => System found infected with about.brontok.a Trojan (about.brontok.a.html)! Action taken: No Action Taken.
Fri Dec 29 18:32:12 2006 => Offending file found: C:\Documents and Settings\lukas\Dokumenty\obrázky\about.brontok.a.html
Fri Dec 29 18:32:12 2006 => System found infected with about.brontok.a Trojan (about.brontok.a.html)! Action taken: No Action Taken.
Fri Dec 29 18:32:19 2006 => Checking CLSID Reference Entries...
Fri Dec 29 18:32:21 2006 => Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.
Fri Dec 29 18:32:21 2006 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Fri Dec 29 18:32:21 2006 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Fri Dec 29 18:32:21 2006 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Fri Dec 29 18:32:23 2006 => Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken.
Fri Dec 29 18:32:25 2006 => Checking Module Usage Entries...
Fri Dec 29 18:32:25 2006 => Checking User Trusted External App Entries...
Fri Dec 29 18:32:25 2006 => Checking Shared DLL Entries...
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\NeroCsy.txt". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\NeroDeu.txt". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroBackItUp_deu.chm". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroBackItUp_eng.chm". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp-CSY.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp-DEU.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\NeroCoverDesigner_deu.chm". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\NeroCoverDesigner_eng.chm". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\Templates\Data.nct". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\Drivers\imagesrv.sys". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxinsi64.exe". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxcpyi64.exe". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\\BackItUp-Deu.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\\BackItUp-Jpn.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Checking Installer Entries...
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Norton AntiVirus\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\SPBBC\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Firaxis Games\Sid Meier's Pirates!\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Firaxis Games\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\Football Manager 2005\data\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\Football Manager 2005\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\Football Manager 2005\data\languages\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\Children of the Nile\documents\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\SilentHunterIII\data\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\SilentHunterIII\data\Menu\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\SilentHunterIII\data\Menu\Gui\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\SilentHunterIII\data\Menu\MouseCurs\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Ubisoft\Silent Hunter III\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Checking Shared Tools Entries...
Fri Dec 29 18:32:28 2006 => Checking File Extension Entries...
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BWI". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BWS". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/pub/aec/". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dctmp". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".e_e". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".FPK". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lang". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".md0". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mdf". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mds". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".old". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ref". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Checking Application Cache Entries...
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Freelancer 1.0". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hitman: Contracts". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ICQ". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}". Action Taken: No Action Taken.
Fri Dec 29 18:36:16 2006 => Total Objects Scanned: 29184
Fri Dec 29 18:36:16 2006 => Total Critical Objects: 14
Fri Dec 29 18:36:16 2006 => Total Disinfected Objects: 0
Fri Dec 29 18:36:16 2006 => Total Objects Renamed: 0
Fri Dec 29 18:36:16 2006 => Total Deleted Objects: 0
Fri Dec 29 18:36:16 2006 => Total Errors: 81
Fri Dec 29 18:36:16 2006 => Time Elapsed: 00:05:34
Fri Dec 29 18:36:16 2006 => Virus Database Date: 12/29/2006
Fri Dec 29 18:36:16 2006 => Virus Database Count: 254976
Fri Dec 29 18:36:16 2006 => Scan Completed.
Fri Dec 29 18:31:54 2006 => Offending Key found: HKLM\Software\magnet !!!
Fri Dec 29 18:31:57 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:31:58 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch !!!
Fri Dec 29 18:31:58 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:31:59 2006 => Offending Key found: HKCU\\magnet !!!
Fri Dec 29 18:31:59 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:31:59 2006 => Offending Key found: HKLM\System\CurrentControlSet\Services\iprip !!!
Fri Dec 29 18:31:59 2006 => Object "linkmedia Trojan" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:31:59 2006 => Offending Key found: HKLM\System\ControlSet001\Services\iprip !!!
Fri Dec 29 18:31:59 2006 => Object "linkmedia Trojan" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:00 2006 => Offending Key found: HKLM\System\ControlSet002\Services\iprip !!!
Fri Dec 29 18:32:00 2006 => Object "linkmedia Trojan" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:05 2006 => Offending file found: C:\Documents and Settings\lukas\Plocha\programy\toolbar.lnk
Fri Dec 29 18:32:05 2006 => System found infected with whenu.desktop toolbar Spyware/Adware (toolbar.lnk)! Action taken: No Action Taken.
Fri Dec 29 18:32:06 2006 => Offending file found: C:\Documents and Settings\lukas\Dokumenty\obrázky\about.brontok.a.html
Fri Dec 29 18:32:06 2006 => System found infected with about.brontok.a Trojan (about.brontok.a.html)! Action taken: No Action Taken.
Fri Dec 29 18:32:06 2006 => Offending Folder found: C:\Documents and Settings\lukas\Local Settings\data aplikací\loc.mail.bron.tok
Fri Dec 29 18:32:06 2006 => Object "w32.rontokbro.d@mm Worm" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:06 2006 => Offending Folder found: C:\Documents and Settings\lukas\Local Settings\data aplikací\ok-sendmail-bron-tok
Fri Dec 29 18:32:06 2006 => Object "w32.rontokbro.d@mm Worm" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:11 2006 => Offending Folder found: C:\Documents and Settings\lukas\Local Settings\Data aplikací\loc.mail.bron.tok
Fri Dec 29 18:32:11 2006 => Object "w32.rontokbro.d@mm Worm" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:11 2006 => Offending Folder found: C:\Documents and Settings\lukas\Local Settings\Data aplikací\ok-sendmail-bron-tok
Fri Dec 29 18:32:11 2006 => Object "w32.rontokbro.d@mm Worm" found in File System! Action Taken: No Action Taken.
Fri Dec 29 18:32:11 2006 => Offending file found: C:\Documents and Settings\lukas\Dokumenty\Obrázky\about.brontok.a.html
Fri Dec 29 18:32:11 2006 => System found infected with about.brontok.a Trojan (about.brontok.a.html)! Action taken: No Action Taken.
Fri Dec 29 18:32:12 2006 => Offending file found: C:\Documents and Settings\lukas\Dokumenty\obrázky\about.brontok.a.html
Fri Dec 29 18:32:12 2006 => System found infected with about.brontok.a Trojan (about.brontok.a.html)! Action taken: No Action Taken.
Fri Dec 29 18:32:19 2006 => Checking CLSID Reference Entries...
Fri Dec 29 18:32:21 2006 => Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.
Fri Dec 29 18:32:21 2006 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Fri Dec 29 18:32:21 2006 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Fri Dec 29 18:32:21 2006 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Fri Dec 29 18:32:23 2006 => Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken.
Fri Dec 29 18:32:25 2006 => Checking Module Usage Entries...
Fri Dec 29 18:32:25 2006 => Checking User Trusted External App Entries...
Fri Dec 29 18:32:25 2006 => Checking Shared DLL Entries...
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\NeroCsy.txt". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\NeroDeu.txt". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroBackItUp_deu.chm". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroBackItUp_eng.chm". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp-CSY.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp-DEU.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\NeroCoverDesigner_deu.chm". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\NeroCoverDesigner_eng.chm". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\covered-csy.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\Templates\Data.nct". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\Drivers\imagesrv.sys". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxinsi64.exe". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxcpyi64.exe". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\\BackItUp-Deu.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:26 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Nero\Nero 7\Nero BackItUp\\BackItUp-Jpn.nls". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: No Action Taken.
Fri Dec 29 18:32:27 2006 => Checking Installer Entries...
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Norton AntiVirus\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\SPBBC\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Firaxis Games\Sid Meier's Pirates!\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Firaxis Games\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\Football Manager 2005\data\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\Football Manager 2005\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\Football Manager 2005\data\languages\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\Children of the Nile\documents\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\SilentHunterIII\data\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\SilentHunterIII\data\Menu\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\SilentHunterIII\data\Menu\Gui\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "D:\!!HRY!!\SilentHunterIII\data\Menu\MouseCurs\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Ubisoft\Silent Hunter III\". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Checking Shared Tools Entries...
Fri Dec 29 18:32:28 2006 => Checking File Extension Entries...
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BWI". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BWS". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/pub/aec/". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dctmp". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".e_e". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".FPK". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".lang". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".md0". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mdf". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mds". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".old". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ref". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Checking Application Cache Entries...
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Freelancer 1.0". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Hitman: Contracts". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ICQ". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}". Action Taken: No Action Taken.
Fri Dec 29 18:32:28 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "InstallShield_{9720C029-0C2C-4D1E-9DE0-E89971C4C8C7}". Action Taken: No Action Taken.
HKLM\Software\magnet
HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch
HKCU\magnet
HKLM\System\CurrentControlSet\Services\iprip
HKLM\System\ControlSet001\Services\iprip
HKLM\System\ControlSet002\Services\iprip
C:\Documents and Settings\lukas\Plocha\programy\toolbar.lnk
C:\Documents and Settings\lukas\Dokumenty\obrázky\about.brontok.a.html
C:\Documents and Settings\lukas\Local Settings\data aplikací\loc.mail.bron.tok
C:\Documents and Settings\lukas\Local Settings\data aplikací\ok-sendmail-bron-tok
Ty červeně označené soubory najdi a smaž je Pro lepší zobrazení si zapni zobrazovat skryté a systémové soubory.
Pak udělej nový scan a vlož sem upravený log z MWAV.Před scanem klikni na tlačítko Clear log a Update.
HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenusearch
HKCU\magnet
HKLM\System\CurrentControlSet\Services\iprip
HKLM\System\ControlSet001\Services\iprip
HKLM\System\ControlSet002\Services\iprip
C:\Documents and Settings\lukas\Plocha\programy\toolbar.lnk
C:\Documents and Settings\lukas\Dokumenty\obrázky\about.brontok.a.html
C:\Documents and Settings\lukas\Local Settings\data aplikací\loc.mail.bron.tok
C:\Documents and Settings\lukas\Local Settings\data aplikací\ok-sendmail-bron-tok
Ty červeně označené soubory najdi a smaž je Pro lepší zobrazení si zapni zobrazovat skryté a systémové soubory.
Pak udělej nový scan a vlož sem upravený log z MWAV.Před scanem klikni na tlačítko Clear log a Update.
Kdo je online
Uživatelé prohlížející si toto fórum: Karrex a 87 hostů