MWAW .NET Framework Vyřešeno

[peacoq]

W Vista Bus 32 bit English SP2
AMD Turion Dual Core
Standartne zabezpecen: Avira 9, Spybot-Tea Timer (Firewall je tovarni (ZoneAlarm odinstalovan), protoze s posledni verzi Aviry dela problem, stejne jako TeaTimer, ktery je pri testu nutne deaktivovat a nebo antivir spoustet v Nouzovem rezimu),
Pravidelne cisten: Ccleaner (vzdy pred zavrenim PC), Spybot (obcasne, naposledy v utery bez zaznamu), SAS (podle nutnosti, jinak 1krat mesicne).
.
Ahoj
Pocitac nejak selhal, nedelal nic neobvykleho, ale pred par dny pri kazdem zapnuti zacal hlasit, ze ...nemuze rozpoznat nabijecku, klikni F2 SetUp, nebo F12 BootMenu, nebo cokoli k pokracovani. Kdyz se klikne Esc, tak se objevi hlaska, ...klikni na cokoli pro Boot CD/DVD, ale system najel a fungoval bez problemu, Skype, ICQ, YouTube, prehravani videa/hudby, atd., ...ale...
pri poslednim testu Aviry v Nouzovem rezimu bez nalezu (Malwarebytes take bez nalezu), pri opetovnem zapnuti vyskocilo hlaseni:
The instruction at 0x004b22f referenced memory at 0x00000000. The memory could not be read.

A i kdyz vse opet fungovalo, jak ma, tak spodni lista vypadala jako u XP, a pri prenastaveni vzhledu se neobjevila moznost W Vista Aero (pouze W Standart, W Basic, Aero proste nebylo v nabidce vzhledu), a na liste chybely ovladace zvuku (neco je tedy vystrelilo ovladace), a byl problem pripojit se k netu (na po-treti nabehlo wi-fi), a to se vzdy opakovane objevovalo ono hlaseni o 'nabijece' a 'chybejici casti'.
Nicmene i po preinstalaci se stale objevuje to hlaseni o nabijecce.

Protoze k tomu byla prilezitost, OS jsem na disku C: reinstaloval; 75 aktualizaci, SP1+2, vse probyhalo bez problemu a nyni vse funguje (net, skype, icq, you-tube, prehravani, stahovani) ...ale...
Microsoft .NET Framework 3.5 SP1 (instalovany pres automaticke aktualizace) v MWAW vykazuje divne zaznamy, coz by snad nemelo, i kdyby se jednalo o starsi zaznam, kdyz se system preinstaloval, (a nebo je to nove?),...
.
Prosim o kontrolu - MWAW, HJT (MBAM, Avira bez zaznamu):
(Dekuji)

...///...
Nastaveni testu, MWAW verze 11.0.60 Updated
Virus Database Count
- Memory/Services
- Registry
- StartUp Folders
- System Folders
- Scan Spyware
- Drive - All Local Drive
- Folder C:\WIndows - Include Sub-direstory
- Program Files
(tj. mimo polozky Scan All Files, uplny test)
.
Total Critical Objects: ....1
Total Errors: ..............17
.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\vsavb7rt.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.enterpriseservices.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.configuration.install.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.vsa.vb.codedomprocessor.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\wminet_utils.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\microsoft.jscript.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\diasymreader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\iehost.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Windows\Microsoft.NET\Framework\v1.0.3705\system.data.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\PX Storage Engine\pxwma.dll". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".enc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".old". Action Taken: No Action Taken.

...///...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:24, on 02/08/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\V0250Mon.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\conime.exe
C:\totalcmd\TOTALCMD.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5485 bytes
...///...

Malwarebytes' Anti-Malware 1.39
Database version: 2547
Windows 6.0.6002 Service Pack 2

02/08/2009 19:49:18
mbam-log-2009-08-02 (19-49-18).txt

Scan type: Quick Scan
Objects scanned: 79129
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
.

[Reklama]

[Owner]

The instruction at 0x004b22f referenced memory at 0x00000000. The memory could not be read.

Toto mi zavání nějakou chybou ramky. Zkus projet paměť memtestem alespoň párkrát.
EDIT: Také jsem usuzoval dle blbnutí BIOSU.

[peacoq]

Jenze to pisi, ze jse to uz preinstaloval, a nyni toto hlaseni uz nevyskakuje.
MemTest 3.8 jel pred tim, nez jsem to vcera zacal preinstalovavat a nic nenasel. Jel pres 2 hodiny, na x-stovek procent.

Zde je jeste zaznam Ccleaneru - Registry, se zaznamy .NET Framework, a je tam jeste netradicne plno Skype (pred preinstalaci byvaly zaznamy registru ciste)/
a tady je kratce o tom, ze se jiz verze 1.0 istaluje s Micr.update ...a ja mam v pC
C:\Windows\Microsoft.NET\Framework ..zapis verzi 1.0 az 3.6 (kde kde MWAW i Ccleaneru se jadna o zapisy spojene s 1.0)

[Marek Minkes]

Nevim cim to je ale nedavno jsem si stahl skype a taky mi CCleaner nasel v registu spoustu Skype chyb ale procistil jsem to a okay

[peacoq]

Ok, dik za postreh (ale stezeni zustavaji nalezy v MWAW).
U toho Skype to asi budou tou novou verzi, protoze ja na obou PC mel ty starsi. Az nyni, kdyz se preinstalovaval tento PC, tak se tam dalo SKP 4.1, ...taky mas tuto verzi?, u ktere se jednalo o poustu zapis v Ccleaneru?

[Marek Minkes]

Ano jedna se o tu novou verzi toho Skypu u te stare verze jsem vubec zadny bordel v registru nemel A ted nevim o jakou poustu v zapisu CCleaner

[peacoq]

No ...jakou spoustu?, ...vidis na fotce. Nez se naistalovala tato nova verze, tak nebyli v ragistrech zadne zapisy.

[Damned]

Jakou máš verzi Frameworku?

"refers to invalid object" odkazuje na neplatný/poškozený objekt. Mrkni do složky "C:\Windows\Microsoft.NET\Framework\v1.0.3705\" zda tam máš ty objekty. (vsavb7rt.dll...atd) pokud ti aktualizace tyto objekty smazala, zůstal jen zápis v registru (v HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls) , případně nové soubory byly přeregistrovány.

Poslední dvě jsou přípony, které nejsou přidruženy. Jediná chyba tam je ten "grokster", napiš sem název klíče, ve kterém je (je to vlogu hned u "grokster"), může to být totiž jen zapsaná položka antiviru.

[peacoq]

Diky, diky ...to je slozitosti
Jsem hledal k cemu je to .NET Framework uz posledne, ale to s tim zadny problem nebyl a tak sem to tam nachal (videl jsem, ze to lide odinstalvavaji z Mozilly http://channel9.msdn.com/forums/Coffeeh ... Assistant/),...
takze, v danne pod-slozce
C:Windows\Misrosoft.NET\Framework je x-verzi 1.0 -az- 3.5, a verze v.1.3705 nebsahuje zmineny udaj (vsavb7rt.dll...atd) a obsahuje pouze;
installutil.exe.config / mscormmc.cfg / mscormmc.dll / regsvcs.exe.config (nic vice).
.
Porad, prosim, lame kde ma najit ..."grokster", napiš sem název klíče, ve kterém je (je to vlogu hned u "grokster"), může to být totiž jen zapsaná položka antiviru.... nejak to prehlizim, protze to nevidim, a nebo se divam spatna

[Damned]

Otevři si MWAV log a najdi Object "grokster Spyware/Adware" někde nad tím nebo pod tím bude název klíče.

[peacoq]

JoJo, Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
...toto je ve vyslednem logu, ale v tom celem logu, kde jsou cisla klicu, to nemuzu najit. Je to strasne moc dlouhe :( jeslti by slo priblizne specifkovat, kde asi, Je mozne, ze to tam neni, ja to prijizdim tam a zpet, a mam z toho zmatek, ale stale to nevidim.

[Damned]

Úpravy-->> Najít!