Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

mwav log

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
petrofff
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 13 dub 2009 08:09

mwav log

#1 Příspěvek od petrofff »

Doporučeno projet MWAVem [C:] před přesunem obsahu na záložní medium
Kromě neskutečně dlouhé doby (>10hod) toho dost nalezl.
Řadě položek nerozumím - ale jde mi jen o závažnost/objekt nákazy, příp. další postup.
Minimálně 1 je falešný poplach ; jde o zálohu loaderu z USB flashky kolegy (zcela neškodný bat soubor) Jenže nevím kde má mwav vault - rád bych ho měl zpět
Také nircmd je označen jako škodlivý :)
U napadených uninstalerů - pokud se smažou, kt. nástroj doporučujete ke korektnímu+úplnému odinstalování ?
----
02 XII 2010 09:42:31 - Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
02 XII 2010 09:42:31 - Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
02 XII 2010 09:42:31 - Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
02 XII 2010 09:42:31 - Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
02 XII 2010 09:42:31 - Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run
02 XII 2010 09:42:31 - Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run
02 XII 2010 09:42:31 - Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
02 XII 2010 09:42:31 - Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
02 XII 2010 09:42:31 - Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
02 XII 2010 09:42:31 - Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
02 XII 2010 09:42:31 - Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
02 XII 2010 09:42:31 - Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
02 XII 2010 09:42:31 - Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
02 XII 2010 09:42:31 - Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
02 XII 2010 09:42:31 - Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup
02 XII 2010 09:42:31 - Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
02 XII 2010 09:42:31 - Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
02 XII 2010 09:42:31 - Scanning HKCR\txtfile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\comfile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\exefile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\dllfile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\batfile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\piffile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\scrfile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\scrfile\shell\config\command
02 XII 2010 09:42:31 - Scanning HKCR\regfile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\htmlfile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\htafile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\jsfile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\jsefile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\vbsfile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\vbefile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\wshfile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\wsffile\shell\open\command
02 XII 2010 09:42:31 - Scanning HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\command
02 XII 2010 09:42:32 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
02 XII 2010 09:42:32 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
02 XII 2010 09:42:32 - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
02 XII 2010 09:42:32 - ***** Scanning System32 Folders *****
02 XII 2010 09:42:32 - Scanning C:\WINDOWS Directory
02 XII 2010 09:42:43 - Scanning C:\WINDOWS\system32 Directory

02 XII 2010 09:44:45 - Scanning C:\Temp Directory
02 XII 2010 09:45:01 - ***** Scanning Drive C:\ *****
02 XII 2010 23:29:44 - ***** Checking for specific ITW Viruses *****

02 XII 2010 23:29:45 - ***** Scanning complete. *****
02 XII 2010 23:29:45 - Total Objects Scanned: 346487
02 XII 2010 23:29:45 - Total Critical Objects: 70
02 XII 2010 23:29:45 - Total Disinfected Objects: 0
02 XII 2010 23:29:45 - Total Objects Renamed: 9
02 XII 2010 23:29:45 - Total Deleted Objects: 61
02 XII 2010 23:29:45 - Total Errors: 4
02 XII 2010 23:29:45 - Time Elapsed: 10:38:25
02 XII 2010 23:29:45 - Virus Database Date: 02 Dec 2010
02 XII 2010 23:29:45 - Virus Database Count: 6342990

02 XII 2010 23:29:45 - Scan Completed.

Invalid Entry DllName = appmgmts.dll (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}). Action Taken: Deleting Registry Key {c6dc5466-785a-11d2-84d0-00c04fb169f7}.
Object "Conducent FlexPak Spyware/Adware" found in File System! Action Taken: File Deleted.
Object "Spyware.NetScreenWatch Spyware/Adware" found in File System! Action Taken: File Deleted.
Object "Fix Tool Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Popcornnet/movieland Spyware/Adware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Popcornnet/movieland Spyware/Adware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "istbar Spyware/Adware" found in File System! Action Taken: File Deleted.
Object "cws.loadbat Browser Hijacker" found in File System! Action Taken: File Deleted.
Object "cws.loadbat Browser Hijacker" found in File System! Action Taken: File Deleted.
Object "Privacy Center Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Windows Police PRO Corrupted Adware/Spyware" found in File System! Action Taken: File Deleted.
Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "RegSort Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.
Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.
Object "Orifice2K.plugin Trojan" found in File System! Action Taken: Entries Removed.
File C:\WINDOWS\NIRCMD.exe infected by "Malware.Win32 (ES)" Virus! Action Taken: File Renamed.
File C:\Documents and Settings\All Users\Data aplikací\TrackMania\Cache\13C402EE2BD8F641C4DC061B39428B44_ChallengeMusics%5cTrance1.mux infected by "Trojan.Script.473635 (DB)" Virus! Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Data aplikací\TrackMania\Cache\13C402EE2BD8F641C4DC061B39428B44_Skins%5cAny%5cAdvertisement%5cpoOTunten.bik infected by "Trojan.Script.473635 (DB)" Virus! Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Data aplikací\TrackMania\Cache\13C402EE2BD8F641C4DC061B39428B44_Skins%5cAny%5cAdvertisement%5crechtspoOT.bik infected by "Trojan.Script.473635 (DB)" Virus! Action Taken: File Deleted.
File C:\Documents and Settings\All Users\Data aplikací\TrackMania\Cache\13C402EE2BD8F641C4DC061B39428B44_Skins%5cAny%5cAdvertisement%5cthriller.bik infected by "Trojan.Script.473635 (DB)" Virus! Action Taken: File Deleted.
File C:\Dok\CD_DVD_images\WinAmp\Pluginy\Obecné\Winamp_Toolbar_Deskband.exe infected by "Trojan.Generic.79588 (DB)" Virus! Action Taken: File Renamed.
File C:\Program Files\CowBall\Uninstall.exe infected by "Gen:Packer.Krunchy.A.ceY@aeCezaei (DB)" Virus! Action Taken: File Renamed.
File C:\Program Files\SlySoft\CloneCD\regkey.exe infected by "Trojan.Generic.1607580 (DB)" Virus! Action Taken: File Renamed.
File C:\VerTerm\n.pif infected by "Malware.Win32 (ES)" Virus! Action Taken: File Deleted.
File C:\VerTerm\NirCmd.cfexe infected by "Malware.Win32 (ES)" Virus! Action Taken: File Renamed.
File C:\VerTerm\NircmdB.exe infected by "Malware.Win32 (ES)" Virus! Action Taken: File Renamed.

PS.
Tak jsem zjistil, že podrobné popisy jsou v 2. logu:
010 09:37:21 - Offending file found: C:\Dok\Síťová schránka\#Export-Import\USB po DEFRAG\profile\mail\load.bat
02 XII 2010 09:37:21 - System found infected with cws.loadbat Browser Hijacker (load.bat)! Action taken: File Deleted.
02 XII 2010 09:37:21 - Object "cws.loadbat Browser Hijacker" found in File System! Action Taken: File Deleted.

Ve složce c:\temp je nějaký archiv: pinfect.zip Ale nejde otevřít (non valid)

Navíc skoro všechny [Object "Windows Police PRO...] byly obrázky xx.gif z několika doprovodných CD ke knihám, a to jen proto, že se jmenovaly T2,I1,H1,W4 apod :boxed: .
Jestli to nepůjde vrátit, tak tento AV ztrácí veškerý půvab...
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119426
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: mwav log

#2 Příspěvek od Rudy »

Tyto objekty byly smazány. Můžete se pokusit je obnovit pomocí programu Piriform Recuva: http://www.stahuj.centrum.cz/utility_a_ ... at/recuva/ .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“