MWAV log

[Mlejnek]

Prosím o kontrolu MWAV logu a radu co dál.

2x Mon Dec 11 22:24:40 2006 => Scanning File C:\Documents and Settings\Jan Mlejnek\Plocha\security\SmitfraudFix\Reboot.exe
Mon Dec 11 22:24:45 2006 => File C:\Documents and Settings\Jan Mlejnek\Plocha\security\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: No Action Taken.

Mon Dec 11 22:25:05 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusavemsg !!!
Mon Dec 11 22:25:05 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Dec 11 22:25:05 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusearch !!!
Mon Dec 11 22:25:05 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Dec 11 22:25:05 2006 => Offending Key found: HKLM\Software\magnet !!!
Mon Dec 11 22:25:05 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Dec 11 22:25:05 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\whenu !!!
Mon Dec 11 22:25:05 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Dec 11 22:25:05 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\whenusearch !!!
Mon Dec 11 22:25:05 2006 => Object "whenu/search Spyware/Adware" found in File System! Action Taken: No Action Taken.

Mon Dec 11 22:25:06 2006 => Offending Key found: HKCU\\magnet !!!
Mon Dec 11 22:25:06 2006 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Předem děkuji

C:\DOCUME~1\JANMLE~1\LOCALS~1\Temp\Spyware.sdb
C:\DOCUME~1\JANMLE~1\LOCALS~1\Temp\virus.avi
Entry "HKCR\ActMsg.Session" refers to invalid object "{3FA7DEB3-6438-101B-ACC1-00AA00423326}". Action Taken: No Action Taken.

Mon Dec 11 22:27:10 2006 => Total Objects Scanned: 23636
Mon Dec 11 22:27:10 2006 => Total Critical Objects: 8
Mon Dec 11 22:27:10 2006 => Total Disinfected Objects: 0
Mon Dec 11 22:27:10 2006 => Total Objects Renamed: 0
Mon Dec 11 22:27:10 2006 => Total Deleted Objects: 0
Mon Dec 11 22:27:10 2006 => Total Errors: 301
Mon Dec 11 22:27:10 2006 => Time Elapsed: 00:03:17
Mon Dec 11 22:27:10 2006 => Virus Database Date: 12/11/2006
Mon Dec 11 22:27:10 2006 => Virus Database Count: 250038



nevím jestli ty soubory co jsem dle návodu vyhledal jsou ty správné- zobrazuje se mi jich tam hodně

Celý log mi to nechce pustit ani v příloze- nepovolená přípona txt

/Už to tam máš
/mijaja

[Reklama]

[mijaja]

Takže:

Nabídka Start>>Spustit- do okénka napiš regedit a zmáčkni Enter nebo OK.
V editoru registrů vyhledej v levém okně tyto MODRÉ klíče, klikni na ně a když se ti v pravém okně otevřou, najdi tyto hodnoty ČERVENÉ a smaž je.

HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusavemsg
HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusearch
HKLM\Software\magnet
HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\whenu
HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\whenusearch
HKCU\\magnet

Spusť Ccleaner a dej vyčistit windows, aplikace i registry. Potom nakoukni do složek Temp a Temporary Internet Files ve všech profilech Documents and Settings a Windows, jestli jsou prázdné a vysyp koš.

Pokud se ti to podaří vymazat a nejsou ještě drženy v System Volume Information, (Obnova systému) měl bys mít čistý komp.

[Mlejnek]

Díky za rady.

Udělal jsem vše podle návodu, vypadá to, že komp je čistý, ale nelze stále odstranit tu ikonu v ovládacích panelech.

Pro jistotu ještě přikládám Log

Díky

Logfile of HijackThis v1.99.1
Scan saved at 20:04:06, on 13.12.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\rnamfler\naofsvc.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\program files\rnamfler\naomf.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\lxcgcoms.exe
c:\program files\rnamfler\radprcmp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\GTRAN\GTDialer X\GTDialer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\JANMLE~1\LOCALS~1\Temp\Dočasný adresář 1 pro hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [wrna3ls] C:\program files\rnamfler\naomf.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47D712A3-5434-431B-AAEE-0EDFF9679DE7}: NameServer = 160.218.10.200 160.218.43.200
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LXCGCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCGserv.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe

[mijaja]

Log už vypadá dobře, jen teď mi vypadlo, jaká ikona ti tam zůstala?

[Mlejnek]

Ikona WinAntiVirus Pro 2006

[mijaja]

No a čím myslíš ty ovládací panely? Tray systém vedle hodin, nebo ty klasické, přes nabídku start, kde je systém, síťové připojení, možnosti internetu atd?

[Mlejnek]

Ty klasické, přes nabídku start.

Ještě se objevil další problém se spouštěním MWAV.
Po spuštění se zobrazí intalační okno a pak hlášení o problému a nebo vůbec nic.
Nejde spustit ani ten co jsem stáhl aktuální verzi na www:mwti.net
Nebo se MWAV musí spouštět pouze z nouzového režimu?
Pak mi ale nepůjde udělat aktualizace.
TENTO PROBLÉM MÁM OD SAMÉHO ZAČÁTKU