prosim odborniky o zhodnoceni logu.
Osobne vzdy nema zadnou predstavu
jak nalozit s nalezy MWAW/u. Kompl nevykazuje zadny problem a je to prevence z duvodu, ze do PC je casto pripojeno x-flashek, na ktere se pretahuji data. Dva nalezy se opakuji, dva jsou nove - registry CLSID, a jakysi nerad na obrazku.jpg (?).
Dekuji
.
Malwarebytes Full Scan (disky C/D)
- bez nalezu
.
MWAW verze 11.0.60 Updated
- mimo polozku Scan All Files, uplny test - disk C/D - 2 hodiny :-)
Total Critical Objects: ....4
Total Errors: ..............2
.
Object "CoreGuardAntivirus2009 Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "TitanShield Antispyware Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
.
> 2 nalezy, ktere se opakuji:
- Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
02 Dec 2009 02:13:00 - Offending Key found: HKCR\Magnet !!!
02 Dec 2009 02:13:00 - Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
(jakysi zmateny zapis HKCR\Magnet, ktery ovsem ale obsahuje polozku prinalezijici k C:\ProgramFiles\uTorrent\utorrent.exe)
.
- Object "TitanShield Antispyware Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
02 Dec 2009 02:13:02 - Offending Folder found: C:\Users\Dell\AppData\Local\VirtualStore\Program Files\SopCast\adv
02 Dec 2009 02:13:02 - Object "TitanShield Antispyware Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
(SopCast je program ke sledovani interentove TV a soucasne umoznujici sledovani TV v okne Mozilly)
.
> nove 2 nalezy:
- Object "CoreGuardAntivirus2009 Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
02 Dec 2009 02:12:58 - System found infected with CoreGuardAntivirus2009 Corrupted Adware/Spyware (HKEY_CLASSES_ROOT\clsid\{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: No Action Taken.
.
- Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken.
02 Dec 2009 02:13:07 - Offending file found: C:\Users\Dell\Pictures\PTR_chat\w3.jpg
02 Dec 2009 02:13:07 - System found infected with Windows Police PRO Corrupted Adware/Spyware (w3.jpg)! Action taken: No Action Taken.
.
> ERROR/s (take se opakuji):
- 02 Dec 2009 03:10:47 - ERROR!!! Invalid Entry VIDC.I420 = msh263.drv (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32). No Action Taken.
- 02 Dec 2009 03:11:02 - ERROR!!! Invalid Entry \SystemRoot\system32\drivers\blbdrive.sys in HKLM\SYSTEM\CurrentControlSet\Services\blbdrive. Action Taken: No Action Taken.
.
.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:16:54, on 02/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Windows\V0250Mon.exe
C:\Windows\sttray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: ÿþ127.0.0.1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0250Mon.exe] C:\Windows\V0250Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = ?
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Free\nmsaccessu.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5799 bytes
