Logfile of HijackThis v1.99.1
Scan saved at 7:46:39, on 31.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\PCard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Jarmila\LOCALS~1\Temp\winlogon.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\Temp\vir\vcleaner.exe
c:\Temp\vir\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uedit32.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Jarmila\LOCALS~1\Temp\winlogon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C43BBFA2-8175-4D51-9DB0-A4A5931618F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCED9691-7DAA-4DC7-9FE6-2F7B3B0222C9}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E22774F0-5625-4C42-8D73-FBCE5E3CF687}: NameServer = 212.47.1.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PSecret - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Prosim o kontrolu logu ( VYŘEŠENO) Vyřešeno
Prosim o kontrolu logu ( VYŘEŠENO) Vyřešeno
Naposledy upravil(a) tomas_ch dne 01 zář 2007 23:46, celkem upraveno 1 x.
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
ukonči v taskmanageru
srvany.exe
winlogon.exe(budou tam dva-jeden by měl jít ukončit-ten špatnej)
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Jarmila\LOCALS~1\Temp\winlogon.exe
PSecret
tuto službu zastav a typ spuštění dej na zakázáno.
služby spustíš napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
použij Avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35
a tento skript
Files to delete:
C:\WINDOWS\srvany.exe
C:\DOCUME~1\Jarmila\LOCALS~1\Temp\winlogon.exe
po restartu pošli log z Avengera,kterej ti to vyplivne a novej log z hijackthis+něco k problému kterej máš.
srvany.exe
winlogon.exe(budou tam dva-jeden by měl jít ukončit-ten špatnej)
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Jarmila\LOCALS~1\Temp\winlogon.exe
PSecret
tuto službu zastav a typ spuštění dej na zakázáno.
služby spustíš napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
použij Avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35
a tento skript
Files to delete:
C:\WINDOWS\srvany.exe
C:\DOCUME~1\Jarmila\LOCALS~1\Temp\winlogon.exe
po restartu pošli log z Avengera,kterej ti to vyplivne a novej log z hijackthis+něco k problému kterej máš.
jedna se notes, ktery delsi dobu nebyl pripojenej na internet, vcera dopoledne po pripojeni na net se uplne pomatl, odebralo to tiskarnu, nova tiskarna nejde nainstalovat, po prikazu vypnout se restartuje s modrou varovnou obrazovkou na konci, pri projeti avg free to naslo asi 10 druhu trojskych koni, ktere se asi stale mnozi, ted je odpojeny od netu, pisu z jineho pc...
po restartu nelze najit avenger.txt
Logfile of HijackThis v1.99.1
Scan saved at 12:35:35, on 31.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\PCard.exe
C:\WINDOWS\System32\svchost.exe
c:\Temp\vir\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uedit32.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C43BBFA2-8175-4D51-9DB0-A4A5931618F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E22774F0-5625-4C42-8D73-FBCE5E3CF687}: NameServer = 212.47.1.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PSecret - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
po restartu nelze najit avenger.txt
Logfile of HijackThis v1.99.1
Scan saved at 12:35:35, on 31.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\PCard.exe
C:\WINDOWS\System32\svchost.exe
c:\Temp\vir\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uedit32.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C43BBFA2-8175-4D51-9DB0-A4A5931618F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E22774F0-5625-4C42-8D73-FBCE5E3CF687}: NameServer = 212.47.1.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PSecret - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Re: Prosim o kontrolu logu
vse funguje, mel jsem tcpip.sys v karantene, akorat se stale nemohu zbavit trojskych koni a viru
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
Stáhni si SDFix
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj pokud by ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt (nezapomeň sem zkopírovat jeho obsah) + nový HJT log.
+udělej log z programu MWAV a pošli podle návodu
a spusť ho,vybalí se do vlastní složky (bude asi na C:\SDfix).
Poté restartuj PC do nouzového režimu.Otevři složku kde je vybalený SDFix a spusť soubor RunThis.bat a stiskni Y pro zahájení čistícího procesu.
Pro dokončení bude třeba stisknout libovolnou klávesu a počítač se restartuje.
Při nabíhání operačního systému budeš muset po vyzvání stisknout libovolnou klávesu pro vstup do do Win.
Po naběhnutí OS by ti měl zobrazit výpis SDFixu tak ho sem zkopíruj pokud by ti nevyběhne tak je umístěný ve své vlastní složce jako Report.txt (nezapomeň sem zkopírovat jeho obsah) + nový HJT log.
+udělej log z programu MWAV a pošli podle návodu
zatim zasilam log sdfix
SDFix: Version 1.101
Run by Jarmila on p 31.08.2007 at 16:08
Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix
Safe Mode:
Checking Services:
Name:
FCI
kprof
poof
SysLibrary
ImagePath:
C:\WINDOWS\system32\svchost.exe:ext.exe
\??\C:\WINDOWS\system32\kprof
\??\C:\WINDOWS\system32\poof
\??\C:\WINDOWS\system32\DefLib.sys
FCI - Deleted
kprof - Deleted
poof - Deleted
SysLibrary - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service asc3550u - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\__ARGO~1.TMP - Deleted
C:\Documents and Settings\Jarmila\spooldr.ini - Deleted
C:\DOCUME~1\Jarmila\LOCALS~1\Temp\winlogon.exe - Deleted
C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\WINDOWS\\spooldr.exe"="C:\\WINDOWS\\spooldr.exe:*:Enabled:enable"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Staopra\Dozorźˇ rada\po VH - Praha\~WRL3150.tmp
C:\Documents and Settings\Staopra\Dozorźˇ rada\po VH - Praha\~WRL3632.tmp
C:\Documents and Settings\Staopra\Jarmi\PadevŘtov \~WRL4099.tmp
C:\Documents and Settings\Staopra\Kolovraty\Smlouva o n jmu bytu\~WRL2019.tmp
C:\Documents and Settings\Staopra\Kolovraty\Smlouva o n jmu bytu\~WRL2730.tmp
C:\Documents and Settings\Staopra\Kolovraty\Smlouva o n jmu bytu\~WRL2986.tmp
C:\Documents and Settings\Staopra\Kolovraty\Smlouva o n jmu bytu\~WRL3833.tmp
C:\Documents and Settings\Staopra\odolen voda\~WRL2253.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Garsonky\Hěnov + Mach\~WRL2072.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Garsonky\Vilˇmkovi\~WRL1730.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Mezonetov‚ byty\Hol nkovi\~WRL1551.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Mezonetov‚ byty\Hol nkovi\~WRL2236.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Mezonetov‚ byty\Hol nkovi\~WRL2666.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Mezonetov‚ byty\Hol nkovi\~WRL3645.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Mezonetov‚ byty\Hol nkovi\~WRL3924.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL0003.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL0024.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL0436.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL1535.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL1756.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL2502.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL2859.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Vyrobni_reditel\~WRL1268.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Vyrobni_reditel\~WRL1570.tmp
C:\Documents and Settings\Staopra\Valna_hromada\VH_05.10.2005\~WRL0066.tmp
C:\Documents and Settings\Staopra\Valna_hromada\VH_05.10.2005\~WRL0786.tmp
C:\Documents and Settings\Staopra\Valna_hromada\VH_05.10.2005\~WRL1116.tmp
C:\Documents and Settings\Staopra\Valna_hromada\VH_05.10.2005\~WRL3063.tmp
C:\Documents and Settings\Staopra\Valna_hromada\VH_05.10.2005\~WRL3412.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL0003.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL0024.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL0436.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL1535.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL1756.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL2502.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL2859.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Vyrobni_reditel\~WRL1268.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Vyrobni_reditel\~WRL1570.tmp
C:\Program Files\InterActual\InterActual Player\iti1.tmp
Finished
hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 16:27:30, on 31.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\PCard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\Temp\vir\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C43BBFA2-8175-4D51-9DB0-A4A5931618F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCED9691-7DAA-4DC7-9FE6-2F7B3B0222C9}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E22774F0-5625-4C42-8D73-FBCE5E3CF687}: NameServer = 212.47.1.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PSecret - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
mwav zatim bezi
diky moc
SDFix: Version 1.101
Run by Jarmila on p 31.08.2007 at 16:08
Microsoft Windows XP [Verze 5.1.2600]
Running From: c:\SDFix
Safe Mode:
Checking Services:
Name:
FCI
kprof
poof
SysLibrary
ImagePath:
C:\WINDOWS\system32\svchost.exe:ext.exe
\??\C:\WINDOWS\system32\kprof
\??\C:\WINDOWS\system32\poof
\??\C:\WINDOWS\system32\DefLib.sys
FCI - Deleted
kprof - Deleted
poof - Deleted
SysLibrary - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service asc3550u - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\__ARGO~1.TMP - Deleted
C:\Documents and Settings\Jarmila\spooldr.ini - Deleted
C:\DOCUME~1\Jarmila\LOCALS~1\Temp\winlogon.exe - Deleted
C:\WINDOWS\regedit.com - Deleted
C:\WINDOWS\system32\svcp.csv - Deleted
C:\WINDOWS\system32\winsub.xml - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Program Files\\ICQLite\\ICQLite.exe"="C:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\WINDOWS\\spooldr.exe"="C:\\WINDOWS\\spooldr.exe:*:Enabled:enable"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Staopra\Dozorźˇ rada\po VH - Praha\~WRL3150.tmp
C:\Documents and Settings\Staopra\Dozorźˇ rada\po VH - Praha\~WRL3632.tmp
C:\Documents and Settings\Staopra\Jarmi\PadevŘtov \~WRL4099.tmp
C:\Documents and Settings\Staopra\Kolovraty\Smlouva o n jmu bytu\~WRL2019.tmp
C:\Documents and Settings\Staopra\Kolovraty\Smlouva o n jmu bytu\~WRL2730.tmp
C:\Documents and Settings\Staopra\Kolovraty\Smlouva o n jmu bytu\~WRL2986.tmp
C:\Documents and Settings\Staopra\Kolovraty\Smlouva o n jmu bytu\~WRL3833.tmp
C:\Documents and Settings\Staopra\odolen voda\~WRL2253.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Garsonky\Hěnov + Mach\~WRL2072.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Garsonky\Vilˇmkovi\~WRL1730.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Mezonetov‚ byty\Hol nkovi\~WRL1551.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Mezonetov‚ byty\Hol nkovi\~WRL2236.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Mezonetov‚ byty\Hol nkovi\~WRL2666.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Mezonetov‚ byty\Hol nkovi\~WRL3645.tmp
C:\Documents and Settings\Staopra\Polyfunkcni_dum\Kupnˇ smlouvy\Mezonetov‚ byty\Hol nkovi\~WRL3924.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL0003.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL0024.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL0436.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL1535.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL1756.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL2502.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Slaź lek\~WRL2859.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Vyrobni_reditel\~WRL1268.tmp
C:\Documents and Settings\Staopra\starsi_dokumenty\Vyrobni_reditel\~WRL1570.tmp
C:\Documents and Settings\Staopra\Valna_hromada\VH_05.10.2005\~WRL0066.tmp
C:\Documents and Settings\Staopra\Valna_hromada\VH_05.10.2005\~WRL0786.tmp
C:\Documents and Settings\Staopra\Valna_hromada\VH_05.10.2005\~WRL1116.tmp
C:\Documents and Settings\Staopra\Valna_hromada\VH_05.10.2005\~WRL3063.tmp
C:\Documents and Settings\Staopra\Valna_hromada\VH_05.10.2005\~WRL3412.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL0003.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL0024.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL0436.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL1535.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL1756.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL2502.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Slaź lek\~WRL2859.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Vyrobni_reditel\~WRL1268.tmp
C:\Documents and Settings\Staopra\zaloha\Dokumenty\Vyrobni_reditel\~WRL1570.tmp
C:\Program Files\InterActual\InterActual Player\iti1.tmp
Finished
hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 16:27:30, on 31.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\PCard.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
c:\Temp\vir\hijackthis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C43BBFA2-8175-4D51-9DB0-A4A5931618F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCED9691-7DAA-4DC7-9FE6-2F7B3B0222C9}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E22774F0-5625-4C42-8D73-FBCE5E3CF687}: NameServer = 212.47.1.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PSecret - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
mwav zatim bezi
diky moc
MWAV log
Fri Aug 31 16:29:48 2007 => System found infected with gain.gator Spyware/Adware ({21ffb6c0-0da1-11d5-a9d5-00500413153c})! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\tbon !!!
Fri Aug 31 16:29:51 2007 => Objekt "spyshield Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKLM\Software\altnet !!!
Fri Aug 31 16:29:51 2007 => Objekt "topsearch Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKLM\Software\kazaa !!!
Fri Aug 31 16:29:51 2007 => Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKLM\Software\need2find !!!
Fri Aug 31 16:29:51 2007 => Objekt "need2findbar Toolbar" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKCU\Software\instafink !!!
Fri Aug 31 16:29:51 2007 => Objekt "instafinder Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKCU\Software\ist !!!
Fri Aug 31 16:29:51 2007 => Objekt "istbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKCU\Software\kazaa !!!
Fri Aug 31 16:29:51 2007 => Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKCU\Software\need2find !!!
Fri Aug 31 16:29:51 2007 => Objekt "need2findbar Toolbar" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:52 2007 => Offending Key found: HKCU\\msiede1egate.application.2 !!!
Fri Aug 31 16:29:52 2007 => Objekt "need2findbar Toolbar" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:53 2007 => Offending file found: C:\WINDOWS\instsrv.exe
Fri Aug 31 16:29:53 2007 => System found infected with ezula Spyware/Adware (instsrv.exe)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:29:53 2007 => Offending file found: C:\WINDOWS\smdat32a.sys
Fri Aug 31 16:29:53 2007 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:29:53 2007 => Offending Folder found: C:\WINDOWS\TEMP\altnet
Fri Aug 31 16:29:53 2007 => Objekt "topsearch Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:54 2007 => Offending Folder found: C:\Program Files\instafink
Fri Aug 31 16:29:54 2007 => Objekt "instafinder Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:54 2007 => Offending Folder found: C:\Program Files\kazaa
Fri Aug 31 16:29:54 2007 => Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:54 2007 => Offending Folder found: C:\Program Files\need2find
Fri Aug 31 16:29:54 2007 => Objekt "need2findbar Toolbar" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:54 2007 => Offending Folder found: C:\DOCUME~1\Jarmila\LOCALS~1\Temp\spedia
Fri Aug 31 16:29:54 2007 => Objekt "istbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:58 2007 => Offending Folder found: C:\Documents and Settings\Jarmila\Local Settings\temp\spedia
Fri Aug 31 16:29:58 2007 => Objekt "istbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:59 2007 => Offending Folder found: C:\Documents and Settings\All Users\Data aplikací\cyberlink\powerdvd\ipower\images\hd
Fri Aug 31 16:29:59 2007 => Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:01 2007 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:01 2007 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:01 2007 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:01 2007 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:02 2007 => Offending file found: C:\WINDOWS\system32\unrar.dll
Fri Aug 31 16:30:02 2007 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:02 2007 => Offending file found: C:\PROGRA~1\NEED2F~1\bar\history\search
Fri Aug 31 16:30:02 2007 => System found infected with need2findbar Toolbar (C:\PROGRA~1\NEED2F~1\bar\history\search)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Checking MountPoints2 Registry Key...
Fri Aug 31 16:30:07 2007 => Checking CLSID Reference Entries...
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\ADM25.ADM25.1" odkazuje na neplatný objekt "{1D3BCE37-7834-4579-8169-E67681420A98}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\ADM4.ADM4.1" odkazuje na neplatný objekt "{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\Alg.AlgSetup" odkazuje na neplatný objekt "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\Alg.AlgSetup.1" odkazuje na neplatný objekt "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\ComPlusMetaData.MsCorHost" odkazuje na neplatný objekt "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\ComPlusMetaData.MsCorHost.2" odkazuje na neplatný objekt "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:08 2007 => Záznam "HKCR\ICQPhone.SipxPhoneManager" odkazuje na neplatný objekt "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:08 2007 => Záznam "HKCR\MailFileAtt" odkazuje na neplatný objekt "{00020D05-0000-0000-C000-000000000046}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:09 2007 => Záznam "HKCR\mapifvbx.object" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:09 2007 => Záznam "HKCR\mapifvbx.object.1" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\Plenoptic.Plenoptic" odkazuje na neplatný objekt "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\Plenoptic.Plenoptic.1" odkazuje na neplatný objekt "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\RTCCore.RTCClient" odkazuje na neplatný objekt "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\RTCCore.RTCClient.1" odkazuje na neplatný objekt "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\SPhoneParser.FoundSkypeNumber" odkazuje na neplatný objekt "{E40A96CC-4A5B-47F4-9957-87CDED1DFF45}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\SPhoneParser.FoundSkypeNumber.1" odkazuje na neplatný objekt "{E40A96CC-4A5B-47F4-9957-87CDED1DFF45}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\SymWriter.pdb" odkazuje na neplatný objekt "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Záznam "HKCR\WMPPublsihCntr.WMPPublsihCntr" odkazuje na neplatný objekt "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Záznam "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" odkazuje na neplatný objekt "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Záznam "HKCR\WMPShell.HWEventHandler" odkazuje na neplatný objekt "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Záznam "HKCR\WMPShell.HWEventHandler.1" odkazuje na neplatný objekt "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Checking Module Usage Entries...
Fri Aug 31 16:30:11 2007 => Checking User Trusted External App Entries...
Fri Aug 31 16:30:11 2007 => Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\Progra~1\Adobe\Acrobat 5.0\Reader\AcroRd32.exe". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Checking Shared DLL Entries...
Fri Aug 31 16:30:12 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\System32\DIMM.DLL". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:13 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:13 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:14 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\pxsfs.dll". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:15 2007 => Checking Installer Entries...
Fri Aug 31 16:30:15 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Common Files\Symantec Shared\Script Blocking\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\AutoCAD 2002 Cz\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\AutoCAD 2002 Cz\Support\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\AutoCAD 2002 Cz\Fonts\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\AutoCAD 2002 Cz\language\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\AutoCAD 2002 Cz\language\errtxt\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Common Files\Symantec Shared\SPManifests\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Nokia\Nokia PC Suite 5\Lang\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Nokia\Nokia PC Suite 5\Components\PhoneBrowserComponents\Lang\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc\Encoding\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Checking Shared Tools Entries...
Fri Aug 31 16:30:16 2007 => Checking File Extension Entries...
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".2008supplies[1]". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cue". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%C1%C8v%02%CBDx%2A5%0D%82t%3E%82%B1%D14%F3u%D6rv%14%3DD%3C%120Q1K%80%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8%9F%A4%0". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dbd". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".DIA". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".DIX". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".frm". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".IN". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ipv". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".lz". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mdb". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".MDI". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rar". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".srt". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Checking Application Cache Entries...
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "M886903". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:35:43 2007 => ***** Kontrola pro specifické ITW viry *****
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Welchia ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru LovGate ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru CodeRed ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru OpaServ ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Sobig.e ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Winupie ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Swen ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru JS.Fortnight ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Novarg ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Pagabot ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Parite.b ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Parite.a ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Adware.SeekSeek ...
Fri Aug 31 16:35:43 2007 => ***** Test dokončen, kontrolu proveďte na http://www.viry.cz. *****
Fri Aug 31 16:35:43 2007 => Testovaných objektů: 30484
Fri Aug 31 16:35:43 2007 => Kritických objektů: 25
Fri Aug 31 16:35:43 2007 => Celkem vyléčených objektů: 0
Fri Aug 31 16:35:43 2007 => Celkem přejmenováno: 0
Fri Aug 31 16:35:43 2007 => Smazaných objektů: 0
Fri Aug 31 16:35:43 2007 => Celkem chyb: 56
Fri Aug 31 16:35:43 2007 => Uplynulý čas: 00:07:12
Fri Aug 31 16:35:43 2007 => Datum vydání databáze: 8/27/2007
Fri Aug 31 16:35:43 2007 => Verze virové databáze: 391873
Fri Aug 31 16:35:43 2007 => Test je dokončen, kontrolu lze provést na http://www.viry.cz.
Fri Aug 31 16:29:48 2007 => System found infected with gain.gator Spyware/Adware ({21ffb6c0-0da1-11d5-a9d5-00500413153c})! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\tbon !!!
Fri Aug 31 16:29:51 2007 => Objekt "spyshield Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKLM\Software\altnet !!!
Fri Aug 31 16:29:51 2007 => Objekt "topsearch Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKLM\Software\kazaa !!!
Fri Aug 31 16:29:51 2007 => Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKLM\Software\need2find !!!
Fri Aug 31 16:29:51 2007 => Objekt "need2findbar Toolbar" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKCU\Software\instafink !!!
Fri Aug 31 16:29:51 2007 => Objekt "instafinder Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKCU\Software\ist !!!
Fri Aug 31 16:29:51 2007 => Objekt "istbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKCU\Software\kazaa !!!
Fri Aug 31 16:29:51 2007 => Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:51 2007 => Offending Key found: HKCU\Software\need2find !!!
Fri Aug 31 16:29:51 2007 => Objekt "need2findbar Toolbar" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:52 2007 => Offending Key found: HKCU\\msiede1egate.application.2 !!!
Fri Aug 31 16:29:52 2007 => Objekt "need2findbar Toolbar" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:53 2007 => Offending file found: C:\WINDOWS\instsrv.exe
Fri Aug 31 16:29:53 2007 => System found infected with ezula Spyware/Adware (instsrv.exe)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:29:53 2007 => Offending file found: C:\WINDOWS\smdat32a.sys
Fri Aug 31 16:29:53 2007 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:29:53 2007 => Offending Folder found: C:\WINDOWS\TEMP\altnet
Fri Aug 31 16:29:53 2007 => Objekt "topsearch Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:54 2007 => Offending Folder found: C:\Program Files\instafink
Fri Aug 31 16:29:54 2007 => Objekt "instafinder Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:54 2007 => Offending Folder found: C:\Program Files\kazaa
Fri Aug 31 16:29:54 2007 => Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:54 2007 => Offending Folder found: C:\Program Files\need2find
Fri Aug 31 16:29:54 2007 => Objekt "need2findbar Toolbar" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:54 2007 => Offending Folder found: C:\DOCUME~1\Jarmila\LOCALS~1\Temp\spedia
Fri Aug 31 16:29:54 2007 => Objekt "istbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:58 2007 => Offending Folder found: C:\Documents and Settings\Jarmila\Local Settings\temp\spedia
Fri Aug 31 16:29:58 2007 => Objekt "istbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:29:59 2007 => Offending Folder found: C:\Documents and Settings\All Users\Data aplikací\cyberlink\powerdvd\ipower\images\hd
Fri Aug 31 16:29:59 2007 => Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:01 2007 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:01 2007 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:01 2007 => System found infected with altnetbde Spyware/Adware (adm.exe)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:01 2007 => System found infected with altnetbde Spyware/Adware (altnet signing module.exe)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:02 2007 => Offending file found: C:\WINDOWS\system32\unrar.dll
Fri Aug 31 16:30:02 2007 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:02 2007 => Offending file found: C:\PROGRA~1\NEED2F~1\bar\history\search
Fri Aug 31 16:30:02 2007 => System found infected with need2findbar Toolbar (C:\PROGRA~1\NEED2F~1\bar\history\search)! Action taken: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Checking MountPoints2 Registry Key...
Fri Aug 31 16:30:07 2007 => Checking CLSID Reference Entries...
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\ADM25.ADM25.1" odkazuje na neplatný objekt "{1D3BCE37-7834-4579-8169-E67681420A98}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\ADM4.ADM4.1" odkazuje na neplatný objekt "{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\Alg.AlgSetup" odkazuje na neplatný objekt "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\Alg.AlgSetup.1" odkazuje na neplatný objekt "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\ComPlusMetaData.MsCorHost" odkazuje na neplatný objekt "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:07 2007 => Záznam "HKCR\ComPlusMetaData.MsCorHost.2" odkazuje na neplatný objekt "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:08 2007 => Záznam "HKCR\ICQPhone.SipxPhoneManager" odkazuje na neplatný objekt "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:08 2007 => Záznam "HKCR\MailFileAtt" odkazuje na neplatný objekt "{00020D05-0000-0000-C000-000000000046}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:09 2007 => Záznam "HKCR\mapifvbx.object" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:09 2007 => Záznam "HKCR\mapifvbx.object.1" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\Plenoptic.Plenoptic" odkazuje na neplatný objekt "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\Plenoptic.Plenoptic.1" odkazuje na neplatný objekt "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\RTCCore.RTCClient" odkazuje na neplatný objekt "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\RTCCore.RTCClient.1" odkazuje na neplatný objekt "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\SPhoneParser.FoundSkypeNumber" odkazuje na neplatný objekt "{E40A96CC-4A5B-47F4-9957-87CDED1DFF45}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\SPhoneParser.FoundSkypeNumber.1" odkazuje na neplatný objekt "{E40A96CC-4A5B-47F4-9957-87CDED1DFF45}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:10 2007 => Záznam "HKCR\SymWriter.pdb" odkazuje na neplatný objekt "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Záznam "HKCR\WMPPublsihCntr.WMPPublsihCntr" odkazuje na neplatný objekt "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Záznam "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" odkazuje na neplatný objekt "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Záznam "HKCR\WMPShell.HWEventHandler" odkazuje na neplatný objekt "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Záznam "HKCR\WMPShell.HWEventHandler.1" odkazuje na neplatný objekt "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Checking Module Usage Entries...
Fri Aug 31 16:30:11 2007 => Checking User Trusted External App Entries...
Fri Aug 31 16:30:11 2007 => Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\Progra~1\Adobe\Acrobat 5.0\Reader\AcroRd32.exe". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:11 2007 => Checking Shared DLL Entries...
Fri Aug 31 16:30:12 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\System32\DIMM.DLL". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:13 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:13 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:14 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\pxsfs.dll". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:15 2007 => Checking Installer Entries...
Fri Aug 31 16:30:15 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Common Files\Symantec Shared\Script Blocking\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\AutoCAD 2002 Cz\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\AutoCAD 2002 Cz\Support\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\AutoCAD 2002 Cz\Fonts\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\AutoCAD 2002 Cz\language\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\AutoCAD 2002 Cz\language\errtxt\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Common Files\Symantec Shared\SPManifests\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Nokia\Nokia PC Suite 5\Lang\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Nokia\Nokia PC Suite 5\Components\PhoneBrowserComponents\Lang\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc\Encoding\". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Checking Shared Tools Entries...
Fri Aug 31 16:30:16 2007 => Checking File Extension Entries...
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".2008supplies[1]". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cue". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".cz/getAttachment?session=%C1%C8v%02%CBDx%2A5%0D%82t%3E%82%B1%D14%F3u%D6rv%14%3DD%3C%120Q1K%80%24f%D4%F04%C1%DD%F0%1AI%E8tb%E9p%06G%A6%9D%BDH%3A%FA%DAI%1D%3F%0E%F0%ED%F9%C3%1BK%DD%DC%FE%1A%E8%9F%A4%0". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".dbd". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".DIA". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".DIX". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".frm". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".IN". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".ipv". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".lz". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".mdb". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".MDI". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rar". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".srt". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:30:16 2007 => Checking Application Cache Entries...
Fri Aug 31 16:30:16 2007 => Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "M886903". Provedené akce: Nic nebylo provedeno.
Fri Aug 31 16:35:43 2007 => ***** Kontrola pro specifické ITW viry *****
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Welchia ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru LovGate ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru CodeRed ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru OpaServ ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Sobig.e ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Winupie ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Swen ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru JS.Fortnight ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Novarg ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Pagabot ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Parite.b ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Parite.a ...
Fri Aug 31 16:35:43 2007 => Kontrola na přítomnost viru Adware.SeekSeek ...
Fri Aug 31 16:35:43 2007 => ***** Test dokončen, kontrolu proveďte na http://www.viry.cz. *****
Fri Aug 31 16:35:43 2007 => Testovaných objektů: 30484
Fri Aug 31 16:35:43 2007 => Kritických objektů: 25
Fri Aug 31 16:35:43 2007 => Celkem vyléčených objektů: 0
Fri Aug 31 16:35:43 2007 => Celkem přejmenováno: 0
Fri Aug 31 16:35:43 2007 => Smazaných objektů: 0
Fri Aug 31 16:35:43 2007 => Celkem chyb: 56
Fri Aug 31 16:35:43 2007 => Uplynulý čas: 00:07:12
Fri Aug 31 16:35:43 2007 => Datum vydání databáze: 8/27/2007
Fri Aug 31 16:35:43 2007 => Verze virové databáze: 391873
Fri Aug 31 16:35:43 2007 => Test je dokončen, kontrolu lze provést na http://www.viry.cz.
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
pořád ti běží ta šmejdská služba PSecret.nejde zastavit?
zkus to znova nebo napiš kde je problém.
nainstaluj firewall
vyber si tady,doporučuju ZoneAlarm nebo Comodo
použij znova avenger
a skript
Files to delete:
C:\WINDOWS\instsrv.exe
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\system32\unrar.dll
C:\PROGRA~1\NEED2F~1\bar\history\search
Folders to delete:
C:\WINDOWS\TEMP\altnet
C:\Program Files\instafink
C:\Program Files\kazaa
C:\Program Files\need2find
C:\DOCUME~1\Jarmila\LOCALS~1\Temp\spedia
C:\Documents and Settings\Jarmila\Local Settings\temp\spedia
C:\Documents and Settings\All Users\Data aplikací\cyberlink\powerdvd\ipower\images\hd
a pošli skript z avengera-měl by bejt na C:\ a novej hijackthis
zkus to znova nebo napiš kde je problém.
nainstaluj firewall
vyber si tady,doporučuju ZoneAlarm nebo Comodo
použij znova avenger
a skript
Files to delete:
C:\WINDOWS\instsrv.exe
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\system32\unrar.dll
C:\PROGRA~1\NEED2F~1\bar\history\search
Folders to delete:
C:\WINDOWS\TEMP\altnet
C:\Program Files\instafink
C:\Program Files\kazaa
C:\Program Files\need2find
C:\DOCUME~1\Jarmila\LOCALS~1\Temp\spedia
C:\Documents and Settings\Jarmila\Local Settings\temp\spedia
C:\Documents and Settings\All Users\Data aplikací\cyberlink\powerdvd\ipower\images\hd
a pošli skript z avengera-měl by bejt na C:\ a novej hijackthis
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sbqrrfvl
*******************
Script file located at: \??\C:\WINDOWS\jmurshfu.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\instsrv.exe deleted successfully.
File C:\WINDOWS\smdat32a.sys deleted successfully.
File C:\WINDOWS\system32\unrar.dll deleted successfully.
File C:\PROGRA~1\NEED2F~1\bar\history\search deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qegbnatq
*******************
Script file located at: \??\C:\WINDOWS\rdxyyfiv.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\WINDOWS\TEMP\altnet deleted successfully.
Folder C:\Program Files\instafink deleted successfully.
Folder C:\Program Files\kazaa deleted successfully.
Folder C:\Program Files\need2find deleted successfully.
Folder C:\DOCUME~1\Jarmila\LOCALS~1\Temp\spedia deleted successfully.
Folder C:\Documents and Settings\Jarmila\Local Settings\temp\spedia not found!
Deletion of folder C:\Documents and Settings\Jarmila\Local Settings\temp\spedia failed!
Could not process line:
C:\Documents and Settings\Jarmila\Local Settings\temp\spedia
Status: 0xc0000034
Folder C:\Documents and Settings\All Users\Data aplikací\cyberlink\powerdvd\ipower\images\hd deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 9:52:07, on 1.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\PCard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
F:\vir\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C43BBFA2-8175-4D51-9DB0-A4A5931618F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCED9691-7DAA-4DC7-9FE6-2F7B3B0222C9}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E22774F0-5625-4C42-8D73-FBCE5E3CF687}: NameServer = 212.47.1.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PSecret - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\sbqrrfvl
*******************
Script file located at: \??\C:\WINDOWS\jmurshfu.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\instsrv.exe deleted successfully.
File C:\WINDOWS\smdat32a.sys deleted successfully.
File C:\WINDOWS\system32\unrar.dll deleted successfully.
File C:\PROGRA~1\NEED2F~1\bar\history\search deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qegbnatq
*******************
Script file located at: \??\C:\WINDOWS\rdxyyfiv.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\WINDOWS\TEMP\altnet deleted successfully.
Folder C:\Program Files\instafink deleted successfully.
Folder C:\Program Files\kazaa deleted successfully.
Folder C:\Program Files\need2find deleted successfully.
Folder C:\DOCUME~1\Jarmila\LOCALS~1\Temp\spedia deleted successfully.
Folder C:\Documents and Settings\Jarmila\Local Settings\temp\spedia not found!
Deletion of folder C:\Documents and Settings\Jarmila\Local Settings\temp\spedia failed!
Could not process line:
C:\Documents and Settings\Jarmila\Local Settings\temp\spedia
Status: 0xc0000034
Folder C:\Documents and Settings\All Users\Data aplikací\cyberlink\powerdvd\ipower\images\hd deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of HijackThis v1.99.1
Scan saved at 9:52:07, on 1.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\srvany.exe
C:\WINDOWS\PCard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
F:\vir\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.1:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C43BBFA2-8175-4D51-9DB0-A4A5931618F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCED9691-7DAA-4DC7-9FE6-2F7B3B0222C9}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{E22774F0-5625-4C42-8D73-FBCE5E3CF687}: NameServer = 212.47.1.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PSecret - Unknown owner - C:\WINDOWS\srvany.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 9 hostů