Stránka 1 z 1
Log z MWAV
Napsal: 03 říj 2006 17:22
od Alarma
Dobrý den prosím o zkontrolování, nevím co s tím, jestli tam je něco nebezpečného a čím to když tak zničit, děkuji.
Sun Sep 17 21:47:28 2006 => Scanning File C:\WINDOWS\system32\netware.drv
Sun Sep 17 21:48:04 2006 => Scanning File C:\DOCUME~1\LUBOŠ\LOCALS~1\Temp\Spyware.sdb
Mon Sep 18 21:34:12 2006 => Scanning File C:\WINDOWS\system32\netware.drv
Mon Sep 18 21:34:57 2006 => Scanning File C:\DOCUME~1\LUBOŠ\LOCALS~1\Temp\Spyware.sdb
Tue Oct 03 17:06:49 2006 => Scanning File C:\WINDOWS\system32\netware.drv
Tue Oct 03 17:07:40 2006 => Scanning File C:\DOCUME~1\LUBOŠ\LOCALS~1\Temp\Spyware.sdb
Tue Oct 03 17:07:43 2006 => Scanning File C:\DOCUME~1\LUBOŠ\LOCALS~1\Temp\FtpTempF\riskware.avc
Tue Oct 03 17:07:44 2006 => Scanning File C:\DOCUME~1\LUBOŠ\LOCALS~1\Temp\riskware.avc
Tue Oct 03 17:07:40 2006 => Scanning File C:\DOCUME~1\LUBOŠ\LOCALS~1\Temp\virus.avi
Tue Oct 03 17:06:33 2006 => System found infected with virusburst Trojan (C:\WINDOWS\vb.ini)! Action taken: No Action Taken.
Tue Oct 03 17:06:25 2006 => Scanning File C:\WINDOWS\system32\drivers\WmVirHid.sys
Tue Oct 03 17:03:47 2006 => Scanning File C:\DOCUME~1\LUBOŠ\LOCALS~1\Temp\virus.avi
Mon Sep 18 21:34:57 2006 => Scanning File C:\DOCUME~1\LUBOŠ\LOCALS~1\Temp\virus.avi
Mon Sep 18 21:33:55 2006 => Scanning File C:\WINDOWS\system32\drivers\WmVirHid.sys
Mon Sep 18 21:33:02 2006 => Scanning File C:\DOCUME~1\LUBOŠ\LOCALS~1\Temp\virus.avi
Sun Sep 17 21:48:04 2006 => Scanning File C:\DOCUME~1\LUBOŠ\LOCALS~1\Temp\virus.avi
Sun Sep 17 21:47:11 2006 => Scanning File C:\WINDOWS\system32\drivers\WmVirHid.sys
Sun Sep 17 21:45:59 2006 => Scanning File C:\DOCUME~1\LUBOŠ\LOCALS~1\Temp\virus.avi
Tue Oct 03 17:07:45 2006 => Checking for Adware.SeekSeek Virus...
Tue Oct 03 17:07:45 2006 => ***** Scanning complete. *****
Tue Oct 03 17:07:45 2006 => Total Objects Scanned: 20303
Tue Oct 03 17:07:45 2006 => Total Critical Objects: 2
Tue Oct 03 17:07:45 2006 => Total Disinfected Objects: 0
Tue Oct 03 17:07:45 2006 => Total Objects Renamed: 0
Tue Oct 03 17:07:45 2006 => Total Deleted Objects: 0
Tue Oct 03 17:07:45 2006 => Total Errors: 23
Tue Oct 03 17:07:45 2006 => Time Elapsed: 00:01:41
Tue Oct 03 17:07:45 2006 => Virus Database Date: 10/3/2006
Tue Oct 03 17:07:45 2006 => Virus Database Count: 228490
Tue Oct 03 17:07:45 2006 => Scan Completed.
Napsal: 03 říj 2006 18:05
od mikel
Z toho tvého logu je důležitý jenom jeden řádek:
Tue Oct 03 17:06:33 2006 => System found infected with virusburst Trojan (C:\WINDOWS\vb.ini)! Action taken: No Action Taken.
Najdi a smaž soubor C:\WINDOWS\vb.ini
Ale podle závěrečné tabulky máš mít 2 kritické objekty, kdežto tohle je jen jeden. Musíš v logu najít ten zbývající. Nejrychlejší bude hledání podle "Action taken".
Log z MWAV
Napsal: 03 říj 2006 18:37
od Alarma
No smazal sem ten vb.ini a projel sem to znovu a tohle mi našlo teda, nevím přesně co sem tu měl všechno dát
Sun Sep 17 21:47:18 2006 => Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.
Sun Sep 17 21:47:18 2006 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Sun Sep 17 21:47:18 2006 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Sun Sep 17 21:47:18 2006 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Sun Sep 17 21:47:19 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken.
Sun Sep 17 21:47:19 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
Sun Sep 17 21:47:19 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".chp". Action Taken: No Action Taken.
Mon Sep 18 21:34:01 2006 => Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.
Mon Sep 18 21:34:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken.
Mon Sep 18 21:34:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Action Taken: No Action Taken.
Mon Sep 18 21:34:02 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
Tue Oct 03 17:06:33 2006 => Offending file found: C:\WINDOWS\vb.ini
Tue Oct 03 17:06:33 2006 => System found infected with virusburst Trojan (C:\WINDOWS\vb.ini)! Action taken: No Action Taken.
Tue Oct 03 17:06:35 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken.
Tue Oct 03 17:06:35 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\WinDVD.exe" refers to invalid object "C:\Program Files\MSI\MSIDVD\WinDVD.exe". Action Taken: No Action Taken.
Tue Oct 03 18:10:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken.
Tue Oct 03 18:10:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\system32\cmmgr32.exe". Action Taken: No Action Taken.
Tue Oct 03 18:10:04 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\WinDVD.exe" refers to invalid object "C:\Program Files\MSI\MSIDVD\WinDVD.exe". Action Taken: No Action Taken.
Tue Oct 03 18:27:24 2006 => Scanning Folder: C:\DOCUME~1\LUBOŠ\LOCALS~1\TEMPOR~1\Content.IE5\Q8DCTVBS\*.*
Tue Oct 03 18:27:25 2006 => Scanning Folder: C:\DOCUME~1\LUBOŠ\LOCALS~1\TEMPOR~1\Content.IE5\802FHHWB\*.*
Tue Oct 03 18:27:25 2006 => ***** Checking for specific ITW Viruses *****
Tue Oct 03 18:27:25 2006 => Checking for Welchia Virus...
Tue Oct 03 18:27:25 2006 => Checking for LovGate Virus...
Tue Oct 03 18:27:25 2006 => Checking for CodeRed Virus...
Tue Oct 03 18:27:25 2006 => Checking for OpaServ Virus...
Tue Oct 03 18:27:25 2006 => Checking for Sobig.e Virus...
Tue Oct 03 18:27:25 2006 => Checking for Winupie Virus...
Tue Oct 03 18:27:25 2006 => Checking for Swen Virus...
Tue Oct 03 18:27:25 2006 => Checking for JS.Fortnight Virus...
Tue Oct 03 18:27:25 2006 => Checking for Novarg Virus...
Tue Oct 03 18:27:25 2006 => Checking for Pagabot Virus...
Tue Oct 03 18:27:25 2006 => Checking for Parite.b Virus...
Tue Oct 03 18:27:25 2006 => Checking for Parite.a Virus...
Tue Oct 03 18:27:25 2006 => Checking for Adware.SeekSeek Virus...
Tue Oct 03 18:27:25 2006 => ***** Scanning complete. *****
Tue Oct 03 18:27:25 2006 => Total Objects Scanned: 20450
Tue Oct 03 18:27:25 2006 => Total Critical Objects: 1
Tue Oct 03 18:27:25 2006 => Total Disinfected Objects: 0
Tue Oct 03 18:27:25 2006 => Total Objects Renamed: 0
Tue Oct 03 18:27:25 2006 => Total Deleted Objects: 0
Tue Oct 03 18:27:25 2006 => Total Errors: 23
Tue Oct 03 18:27:25 2006 => Time Elapsed: 00:01:09
Tue Oct 03 18:27:25 2006 => Virus Database Date: 10/3/2006
Tue Oct 03 18:27:25 2006 => Virus Database Count: 228525
Tue Oct 03 18:27:25 2006 => Scan Completed.
Napsal: 03 říj 2006 21:11
od fredik
Zkus si Pc pročistit programem
Ccleaner
Jediné co máš v tom logu je ten
Tue Oct 03 17:06:33 2006 => System found infected with virusburst Trojan (C:\WINDOWS\vb.ini)! Action taken: No Action Taken. ale ten je i v předchozím logu a už si říkal že si ho vymazal.
Máš tam různé datumy z předchozích kontrol např:
Sun Sep 17 21:47:18 2006
Mon Sep 18 21:34:02 2006
Tue Oct 03 17:06:33 2006
Tue Oct 03 17:06:35 2006
Tue Oct 03 18:10:04 2006
pak v tom vzniká zmatek
Udělej znovu scan ale před jeho spuštěním zmáčkni tlačítko
Clear Log a vlož sem jeho výsledek
Jestli nevíš přesně co sem máš dat tak se podívej sem do
návodu:
Log z MWAV
Napsal: 03 říj 2006 22:02
od Alarma
Tak sem to projel tím CCLEANER, vyčistil sem log a projel to znovu, zde výsledek..
Tue Oct 03 21:52:51 2006 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Tue Oct 03 21:53:48 2006 => Virus Database Date: 10/3/2006
Tue Oct 03 21:53:48 2006 => Virus Database Count: 228601
Tue Oct 03 21:53:48 2006 => Scan Completed.
Total Objects Scanned: 20114
Total Critical Objects: 1
Napsal: 03 říj 2006 23:54
od mikel
V předcházejícím řádku k tomuhle by měla být cesta infikované položky. Zkus ho najít.
Log z MWAV
Napsal: 04 říj 2006 16:06
od Alarma
takže ten předřádek je...
Wed Oct 04 15:56:30 2006 => Offending Key found: HKLM\Software\microsoft\downloadmanager !!!
Wed Oct 04 15:56:35 2006 => Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
, hledal sem podle "Action Taken"
Wed Oct 04 15:57:24 2006 => ***** Scanning complete. *****
Wed Oct 04 15:57:24 2006 => Total Objects Scanned: 20062
Wed Oct 04 15:57:24 2006 => Total Critical Objects: 1
Wed Oct 04 15:57:24 2006 => Total Disinfected Objects: 0
Wed Oct 04 15:57:24 2006 => Total Objects Renamed: 0
Wed Oct 04 15:57:25 2006 => Total Deleted Objects: 0
Wed Oct 04 15:57:25 2006 => Total Errors: 6
Wed Oct 04 15:57:25 2006 => Time Elapsed: 00:01:10
Wed Oct 04 15:57:25 2006 => Virus Database Date: 10/4/2006
Wed Oct 04 15:57:25 2006 => Virus Database Count: 228727
Wed Oct 04 15:57:25 2006 => Scan Completed.
Napsal: 04 říj 2006 17:10
od mikel
Tak vidíš, máme to.
V editoru registrů (Start/Spustit/regedit) smnaž červený klíč:
HOT_KEY_LOCAL_MACHINE\Software\microsoft\
downloadmanager