VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

MWAV

https://forum.viry.cz:443/viewtopic.php?t=104285

Stránka 1 z 1

MWAV

Napsal: 01 zář 2010 19:00
od Francouz
Hojda mozna je to spatne ze vkladam log z MWAV ale jinde jsem na to nenasel vlakno tak bych vas chtel pozadat o prekontrolovani s tim ze mam MWAV i s cleanem a mam pocit ze ty smejdiky jsem smaznul...
viz log: a opakovany scan trva jen 30sekund,prvopocatecny scan trval pres hodku?
01 IX 2010 18:32:06 - **********************************************************

01 IX 2010 18:32:06 - eScan Anti Virus & Spyware Toolkit Utility.

01 IX 2010 18:32:06 - Copyright © MicroWorld Technologies

01 IX 2010 18:32:06 - **********************************************************

01 IX 2010 18:32:06 - Source: E:\mwav.exe

01 IX 2010 18:32:06 - Version 12.0.55 (C:\DOCUMENTS AND SETTINGS\AA\LOCAL SETTINGS\TEMP\MEXETMP.EX~)

01 IX 2010 18:32:06 - Log File: C:\Documents and Settings\aa\Local Settings\temp\MWAV.LOG

01 IX 2010 18:32:06 - Last Scan Date and Time: 02.11.2009 13:50:32

01 IX 2010 18:32:06 - MWAV Registered: TRUE

01 IX 2010 18:32:06 - User Account: aa (Administrator Mode)

01 IX 2010 18:32:06 - OS Type: Windows Workstation

01 IX 2010 18:32:06 - OS: Windows XP [OS Install Date: 05 Sep 2008 12:31:34]

01 IX 2010 18:32:06 - Ver: Service Pack 3 (Build 2600)

01 IX 2010 18:32:06 - System Up Time: 1 Day, 13 Hours, 45 Minutes, 34 Seconds



01 IX 2010 18:32:06 - Windows Root Folder: C:\WINDOWS

01 IX 2010 18:32:06 - Windows Sys32 Folder: C:\WINDOWS\system32

01 IX 2010 18:32:06 - Interface0 NameServer: 85.92.58.185

01 IX 2010 18:32:06 - Local Fixed Drives: c:\,d:\,e:\

01 IX 2010 18:32:06 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

01 IX 2010 18:32:06 - [CREATED ZIP FILE: C:\Documents and Settings\aa\Local Settings\temp\pinfect.zip]



01 IX 2010 18:32:06 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******

01 IX 2010 18:32:08 - C:\WINDOWS\system32\akrip32.dll (32256), 17-Aug-2010, AKSoft, AKRip CD-DA Audio Extraction Library

01 IX 2010 18:32:08 - C:\WINDOWS\system32\AKRipAX.dll (151040), 17-Aug-2010, Eq2K, AKRipAX

01 IX 2010 18:32:08 - C:\WINDOWS\system32\D3DCompiler_42.dll (1974616), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\D3DCompiler_43.dll (2106216), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\d3dcsx_42.dll (5501792), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\d3dcsx_43.dll (1868128), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\d3dx10_42.dll (453456), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\d3dx10_43.dll (470880), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\d3dx11_42.dll (235344), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\d3dx11_43.dll (248672), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\D3DX9_42.dll (1892184), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\D3DX9_43.dll (1998168), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\TASKMGR.COM (137216), 01-Sep-2010, Microsoft Corporation, Microsoft(R) Windows (R) 2000 Operating System

01 IX 2010 18:32:08 - C:\WINDOWS\system32\wodfamop.dll (1496576), 02-Jun-2009 [H], Abrosoft, FantaMorph

01 IX 2010 18:32:08 - C:\WINDOWS\system32\X3DAudio1_7.dll (22360), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\xactengine3_5.dll (238936), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\xactengine3_6.dll (238936), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\xactengine3_7.dll (239960), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\XAPOFX1_4.dll (74072), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\XAPOFX1_5.dll (74072), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\XAudio2_5.dll (515416), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\XAudio2_6.dll (528216), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\XAudio2_7.dll (527192), 31-Aug-2010, Microsoft Corporation, Microsoft® DirectX for Windows®

01 IX 2010 18:32:08 - C:\WINDOWS\system32\drivers\AmdLLD.sys (34304), 29-Aug-2010, AMD, Inc., Low Level Device Driver

01 IX 2010 18:32:09 - C:\DOCUME~1\aa\LOCALS~1\Temp\BACKUP.42610413.mexe.com (2353736), 01-Sep-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

01 IX 2010 18:32:09 - C:\DOCUME~1\aa\LOCALS~1\Temp\bdc.exe (91904), 01-Sep-2010, MicroWorld Tech, eScan

01 IX 2010 18:32:09 - C:\DOCUME~1\aa\LOCALS~1\Temp\bdfltlib2k.dll (231944), 01-Sep-2010, MicroWorld Technologies Inc., eScan for Windows

01 IX 2010 18:32:10 - C:\DOCUME~1\aa\LOCALS~1\Temp\clean.bat (11), 01-Sep-2010 [Added C:\DOCUME~1\aa\LOCALS~1\Temp\clean.bat to ZIP FILE]

01 IX 2010 18:32:10 - C:\DOCUME~1\aa\LOCALS~1\Temp\DEVCON.EXE (61184), 01-Sep-2010, Microsoft Corporation, Microsoft® Windows® Operating System

01 IX 2010 18:32:10 - C:\DOCUME~1\aa\LOCALS~1\Temp\encdec.dll (120328), 01-Sep-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal

01 IX 2010 18:32:10 - C:\DOCUME~1\aa\LOCALS~1\Temp\erootdrv.sys (13832), 01-Sep-2010, MicroWorld Technologies Inc., eScan/MWAV

01 IX 2010 18:32:10 - C:\DOCUME~1\aa\LOCALS~1\Temp\gifanpr.htm (191), 31-Aug-2010 [Added C:\DOCUME~1\aa\LOCALS~1\Temp\gifanpr.htm to ZIP FILE]

01 IX 2010 18:32:10 - C:\DOCUME~1\aa\LOCALS~1\Temp\mexe.com (2505288), 01-Sep-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

01 IX 2010 18:32:10 - C:\DOCUME~1\aa\LOCALS~1\Temp\msvclnt.dll (236040), 01-Sep-2010, MicroWorld Technologies Inc., MailScan

01 IX 2010 18:32:11 - C:\DOCUME~1\aa\LOCALS~1\Temp\mwavdwnl.exe (934920), 01-Sep-2010, MicroWorld Technologies Inc., eScan

01 IX 2010 18:32:11 - C:\DOCUME~1\aa\LOCALS~1\Temp\MWAVSCAN.COM (2353736), 01-Sep-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)

01 IX 2010 18:32:11 - C:\DOCUME~1\aa\LOCALS~1\Temp\plugins.htm (3498), 01-Sep-2010 [Added C:\DOCUME~1\aa\LOCALS~1\Temp\plugins.htm to ZIP FILE]

01 IX 2010 18:32:11 - C:\DOCUME~1\aa\LOCALS~1\Temp\red32.dll (10248), 01-Sep-2010, Microsoft Corporation, Microsoft® Windows® Operating System

01 IX 2010 18:32:11 - C:\DOCUME~1\aa\LOCALS~1\Temp\reload.exe (154632), 01-Sep-2010, MicroWorld Technologies Inc., eScan for Windows

01 IX 2010 18:32:11 - C:\DOCUME~1\aa\LOCALS~1\Temp\setpriv.exe (64008), 01-Sep-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility

01 IX 2010 18:32:11 - C:\DOCUME~1\aa\LOCALS~1\Temp\unregx.exe (61960), 01-Sep-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility

01 IX 2010 18:32:11 - C:\DOCUME~1\aa\LOCALS~1\Temp\UPDLL10.DLL (856584), 27-Aug-2010, MicroWorld Technologies Inc., eScan/MailScan/MWAV

01 IX 2010 18:32:11 - C:\DOCUME~1\aa\LOCALS~1\Temp\utt20.tmp.bat (66), 31-Aug-2010 [Added C:\DOCUME~1\aa\LOCALS~1\Temp\utt20.tmp.bat to ZIP FILE]

01 IX 2010 18:32:11 - C:\DOCUME~1\aa\LOCALS~1\Temp\utt3.tmp.bat (66), 28-Aug-2010 [Added C:\DOCUME~1\aa\LOCALS~1\Temp\utt3.tmp.bat to ZIP FILE]

01 IX 2010 18:32:11 - C:\DOCUME~1\aa\LOCALS~1\Temp\viewtcp.exe (573960), 01-Sep-2010, MicroWorld Technologies Inc., ViewTCP

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\_iu14D2N.tmp (722782), 31-Aug-2010 [Added C:\DOCUME~1\aa\LOCALS~1\Temp\_iu14D2N.tmp to ZIP FILE]



01 IX 2010 18:32:12 - C:\WINDOWS\$hf_mig$, 05-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$, 25-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$, 25-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\$NtUninstallMSCompPackV1$, 05-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\$NtUninstallWdf01007$, 26-Apr-2009 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\$NtUninstallWMFDist11$, 16-Oct-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\$NtUninstallwmp11$, 18-Oct-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\$NtUninstallWudf01000$, 05-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\Fonts, 05-Sep-2008 [SR] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\ftpcache, 18-Jan-2009 [HS] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\ie7, 25-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\ie8, 13-Jun-2010 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\inf, 05-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\LastGood, 31-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\PIF, 06-Mar-2009 [H] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\system32\dllcache, 05-Sep-2008 [HSR] [Folder]

01 IX 2010 18:32:12 - C:\WINDOWS\system32\Microsoft, 05-Sep-2008 [S] [Folder]

01 IX 2010 18:32:12 - C:\cmdcons, 16-Dec-2008 [HSR] [Folder]

01 IX 2010 18:32:12 - C:\My Music, 17-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\ProgramData, 21-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\AVCBack, 01-Sep-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\BTN%Copy%1, 30-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\FtpTemp, 01-Sep-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\FtpTempF, 01-Sep-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\hsperfdata_aa, 23-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\Log, 01-Sep-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\outlook logging, 30-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\plugins, 01-Sep-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\plugtmp, 28-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\plugtmp-1, 29-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\plugtmp-2, 30-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\plugtmp-3, 31-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\tmp00002adb, 01-Sep-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\VBE, 29-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\WPDNSE, 31-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\DOCUME~1\aa\LOCALS~1\Temp\_avast5_, 27-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\aa\Data aplikací\Microsoft, 05-Sep-2008 [S] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\aa\Data aplikací\SecuROM, 19-Apr-2009 [HR] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\aa\Data aplikací\..\Data aplikací, 05-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\aa\Data aplikací\..\IETldCache, 10-Dec-2009 [HS] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\aa\Data aplikací\..\Local Settings, 05-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\aa\Data aplikací\..\Okolní síť, 05-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\aa\Data aplikací\..\Okolní tiskárny, 05-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\aa\Data aplikací\..\PrivacIE, 10-Dec-2009 [HS] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\aa\Data aplikací\..\Recent, 27-Aug-2010 [HR] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\aa\Data aplikací\..\SendTo, 05-Sep-2008 [HR] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\aa\Data aplikací\..\Šablony, 05-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\All Users\Data aplikací\Microsoft, 05-Sep-2008 [S] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}, 25-Dec-2008 [HS] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}, 28-Feb-2010 [HS] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\All Users\Data aplikací\..\Data aplikací, 05-Sep-2008 [HR] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\All Users\Data aplikací\..\DRM, 05-Sep-2008 [HS] [Folder]

01 IX 2010 18:32:12 - C:\Documents and Settings\All Users\Data aplikací\..\Šablony, 05-Sep-2008 [H] [Folder]

01 IX 2010 18:32:12 - C:\Program Files\AMD, 29-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\Program Files\AudioConverter Studio, 17-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\Program Files\Conduit, 21-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\Program Files\NVIDIA Corporation, 29-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\Program Files\Softonic-Eng7, 21-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\Program Files\uTorrent, 22-Aug-2010 [Folder]

01 IX 2010 18:32:12 - C:\Program Files\Common Files\Java, 23-Aug-2010 [Folder]



01 IX 2010 18:32:12 - *********************************************************************************************



01 IX 2010 18:32:12 - Command Line Options Given: /xsign

01 IX 2010 18:32:26 - Latest Date of files inside MWAV: Wed Sep 1 17:05:26 2010.

01 IX 2010 18:32:26 - Plugins FileCount: 761 Sign Version: 7.33680

01 IX 2010 18:32:28 - Loading/Creating FileScan Database C:\Documents and Settings\All Users\Data aplikací\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Documents and Settings\aa\Local Settings\temp\ESCANDB.LOG]

01 IX 2010 18:32:30 - Loaded/Created FileScan Database...

01 IX 2010 18:32:30 - Loading AV Library [DB]...

01 IX 2010 18:32:52 - AV Library Loaded [DB-DIRECT].

01 IX 2010 18:32:52 - MWAV doing self scanning...

01 IX 2010 18:32:54 - MWAV files are clean.
01 IX 2010 18:34:14 - Virus Database Date: 01 Sep 2010
01 IX 2010 18:34:14 - Virus Database Count: 6299392

01 IX 2010 18:53:21 - **********************************************************
01 IX 2010 18:53:21 - eScan Anti Virus & Spyware Toolkit Utility.
01 IX 2010 18:53:21 - Copyright © MicroWorld Technologies
01 IX 2010 18:53:21 -
01 IX 2010 18:53:21 - Support: support@escanav.com
01 IX 2010 18:53:21 - Web: http://www.escanav.com
01 IX 2010 18:53:21 - **********************************************************
01 IX 2010 18:53:21 - Version 12.0.55[DB] (C:\DOCUMENTS AND SETTINGS\AA\LOCAL SETTINGS\TEMP\MEXETMP.EX~)
01 IX 2010 18:53:21 - Log File: C:\Documents and Settings\aa\Local Settings\temp\MWAV.LOG
01 IX 2010 18:53:21 - User Account: aa (Administrator Mode)
01 IX 2010 18:53:21 - Windows Root Folder: C:\WINDOWS
01 IX 2010 18:53:21 - Windows Sys32 Folder: C:\WINDOWS\system32
01 IX 2010 18:53:21 - OS: Windows XP [OS Install Date: 05 Sep 2008 12:31:34]
01 IX 2010 18:53:21 - Ver: Service Pack 3 (Build 2600)
01 IX 2010 18:53:21 - Latest Date of files inside MWAV: Wed Sep 1 17:05:26 2010.
01 IX 2010 18:53:21 - Plugins FileCount: 761 Sign Version: 7.33680

01 IX 2010 18:53:28 - Options Selected by User:
01 IX 2010 18:53:28 - Memory Check: Enabled
01 IX 2010 18:53:28 - Registry Check: Enabled
01 IX 2010 18:53:28 - StartUp Folder Check: Enabled
01 IX 2010 18:53:28 - System Folder Check: Enabled
01 IX 2010 18:53:28 - Services Check: Enabled
01 IX 2010 18:53:28 - Scan Spyware: Enabled
01 IX 2010 18:53:28 - Drive Check: Disabled
01 IX 2010 18:53:28 - All Drive Check :Enabled
01 IX 2010 18:53:28 - Folder Check: Disabled
01 IX 2010 18:53:28 - SCAN: All_Files
01 IX 2010 18:53:28 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)


01 IX 2010 18:53:28 - ***** Scanning Memory Files *****

01 IX 2010 18:54:48 - ***** Scanning Registry Files *****

01 IX 2010 18:55:02 - ***** Scanning StartUp Folders *****

01 IX 2010 18:56:20 - ***** Scanning Service Files *****
01 IX 2010 18:56:22 - ERROR(2)!!! Invalid Entry \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\ATE_PROCMON.
01 IX 2010 18:56:24 - ERROR(2)!!! Invalid Entry \??\C:\DOCUME~1\aa\LOCALS~1\Temp\catchme.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\catchme.
01 IX 2010 18:56:24 - ERROR(2)!!! Invalid Entry \??\C:\DOCUME~1\aa\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\cpuz132.
01 IX 2010 18:56:28 - ERROR(2)!!! Invalid Entry system32\DRIVERS\kwflower.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\kwflower.
01 IX 2010 18:56:32 - C:\WINDOWS\system32\Drivers\sptd.sys not Scanned. Possibly password protected...
01 IX 2010 18:56:33 - ERROR(2)!!! Invalid Entry System32\DRIVERS\UIUSYS.SYS. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\UIUSys.

01 IX 2010 18:56:35 - ***** Scanning Registry and File system for Adware/Spyware *****
01 IX 2010 18:56:36 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\aa\LOCALS~1\temp\spydb.avs, Size: 950519]...
01 IX 2010 18:56:36 - Indexed Spyware Databases Successfully Created...

01 IX 2010 18:58:00 - System found infected with combo Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{03C4C5F4-1893-444C-B8D8-002F0034DA92})! Action taken: Entries Removed.
01 IX 2010 18:58:01 - Key found with NULL Character: HKLM\Software\Microsoft\Windows\CurrentVersion\System !!!
01 IX 2010 18:58:01 - Deleting Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\System
01 IX 2010 18:58:01 - Object "NULLBYTE Spyware/Adware" found in File System! Action Taken: Entries Removed.

01 IX 2010 18:58:01 - Offending file found: C:\WINDOWS\iun6002.exe
01 IX 2010 18:58:01 - System found infected with Spyware.NetScreenWatch Spyware/Adware (iun6002.exe)! Action taken: File Deleted.
01 IX 2010 18:58:01 - Object "Spyware.NetScreenWatch Spyware/Adware" found in File System! Action Taken: File Deleted.

01 IX 2010 18:58:01 - Offending file found: C:\WINDOWS\reset.reg
01 IX 2010 18:58:01 - System found infected with Conducent FlexPak Spyware/Adware (reset.reg)! Action taken: File Deleted.
01 IX 2010 18:58:01 - Object "Conducent FlexPak Spyware/Adware" found in File System! Action Taken: File Deleted.

01 IX 2010 18:58:02 - Offending file found: C:\Documents and Settings\aa\Data aplikací\BSplayer\AC3 Filter\unins000.exe
01 IX 2010 18:58:02 - System found infected with User Account Control (Fake) Spyware/Adware (unins000.exe)! Action taken: File Deleted.
01 IX 2010 18:58:02 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted.

01 IX 2010 18:58:02 - Offending file found: C:\Documents and Settings\aa\Data aplikací\BSplayer\FFDShow\unins000.exe
01 IX 2010 18:58:02 - System found infected with User Account Control (Fake) Spyware/Adware (unins000.exe)! Action taken: File Deleted.
01 IX 2010 18:58:02 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted.

01 IX 2010 18:58:03 - Offending file found: C:\Documents and Settings\aa\Data aplikací\Mozilla\Firefox\Profiles\ae1wnv4i.default\extensions\DTToolbar@toolbarnet.com\components\Resources\GameS.ico
01 IX 2010 18:58:03 - System found infected with Zlob Trojan-Downloader (GameS.ico)! Action taken: File Deleted.
01 IX 2010 18:58:03 - Object "Zlob Trojan-Downloader" found in File System! Action Taken: File Deleted.

01 IX 2010 18:58:12 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
01 IX 2010 18:58:12 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Entries Removed.
01 IX 2010 18:58:12 - Object "Backdoor (IRCBot) Trojans Spyware/Adware" found in File System! Action Taken: Entries Removed.

01 IX 2010 18:58:12 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL
01 IX 2010 18:58:12 - System found infected with RegSort Corrupted Adware/Spyware (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL)! Action taken: Entries Removed.
01 IX 2010 18:58:12 - Object "RegSort Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.

01 IX 2010 18:58:12 - Offending Registry Entry found: HKLM\SYSTEM\CurrentControlSet\Services\6to4
01 IX 2010 18:58:12 - System found infected with combo Spyware/Adware (HKLM\SYSTEM\CurrentControlSet\Services\6to4)! Action taken: Entries Removed.
01 IX 2010 18:58:13 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
01 IX 2010 18:58:13 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Entries Removed.
01 IX 2010 18:58:13 - Object "AntiSpyware Pro XP Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.

01 IX 2010 18:58:13 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
01 IX 2010 18:58:13 - System found infected with Orifice2K.plugin Trojan (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run)! Action taken: Entries Removed.
01 IX 2010 18:58:13 - Object "Orifice2K.plugin Trojan" found in File System! Action Taken: Entries Removed.


01 IX 2010 18:58:13 - ***** Scanning Registry Files *****
01 IX 2010 18:58:15 - Clearing Temporary sub-folders as Spyware/Adware found in system...
01 IX 2010 18:58:15 - Few files will be deleted *ONLY* on reboot...
01 IX 2010 18:58:15 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
01 IX 2010 18:58:15 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://eu.ask.com?o=15161&l=dis
01 IX 2010 18:58:15 - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

01 IX 2010 18:58:15 - ***** Scanning System32 Folders *****
01 IX 2010 18:58:17 - Scanning File C:\WINDOWS\NIRCMD.exe
01 IX 2010 18:58:18 - File C:\WINDOWS\NIRCMD.exe infected by "Malware.Win32 (ES)" Virus! Action Taken: File Renamed.



01 IX 2010 19:00:49 - ***** Scanning All Drives *****
01 IX 2010 19:00:49 - Scanning C:\ Drive
01 IX 2010 19:02:14 - ScanFile took 5.34 Secs [C:\Documents and Settings\aa\Data aplikací\Real\Update\setup\data\ff\firefoxgoogletoolbarsetup.exe]...

01 IX 2010 19:03:09 - ScanFile took 8.48 Secs [C:\Documents and Settings\aa\Dokumenty\Stažené soubory\mbam-setup-1.46.exe]...

01 IX 2010 19:03:16 - ScanFile took 6.22 Secs [C:\Documents and Settings\aa\Dokumenty\Stažené soubory\SUPERAntiSpyware.exe]...

01 IX 2010 19:03:24 - C:\Documents and Settings\aa\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG not Scanned. Possibly password protected...
01 IX 2010 19:03:31 - C:\Documents and Settings\aa\ntuser.dat.LOG not Scanned. Possibly password protected...
01 IX 2010 19:05:05 - C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG not Scanned. Possibly password protected...
01 IX 2010 19:05:05 - C:\Documents and Settings\LocalService\ntuser.dat.LOG not Scanned. Possibly password protected...
01 IX 2010 19:05:05 - C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft\Windows\UsrClass.dat.LOG not Scanned. Possibly password protected...
01 IX 2010 19:05:06 - C:\Documents and Settings\NetworkService\ntuser.dat.LOG not Scanned. Possibly password protected...
01 IX 2010 19:27:02 - ScanFile took 8.38 Secs [C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll]...

01 IX 2010 19:30:54 - ScanFile took 7.75 Secs [C:\WINDOWS\$hf_mig$\KB976325-IE8\SP3QFE\ieframe.dll]...

01 IX 2010 19:33:43 - ScanFile took 6.26 Secs [C:\WINDOWS\$NtServicePackUninstall$\hwxjpn.dll]...

01 IX 2010 19:40:49 - ScanFile took 6.36 Secs [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f00db8db51f5707c7fe52c0683dc6136\PresentationCore.ni.dll]...

01 IX 2010 19:40:55 - ScanFile took 5.08 Secs [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a632f3ef85ffd35341b383eed577cb93\PresentationFramework.ni.dll]...

01 IX 2010 19:51:53 - C:\WINDOWS\system32\CatRoot2\edb.log not Scanned. Possibly password protected...
01 IX 2010 19:51:53 - C:\WINDOWS\system32\CatRoot2\tmp.edb not Scanned. Possibly password protected...
01 IX 2010 19:51:53 - C:\WINDOWS\system32\config\default not Scanned. Possibly password protected...
01 IX 2010 19:51:53 - C:\WINDOWS\system32\config\default.LOG not Scanned. Possibly password protected...
01 IX 2010 19:51:53 - C:\WINDOWS\system32\config\SAM not Scanned. Possibly password protected...
01 IX 2010 19:51:53 - C:\WINDOWS\system32\config\SAM.LOG not Scanned. Possibly password protected...
01 IX 2010 19:51:53 - C:\WINDOWS\system32\config\SECURITY not Scanned. Possibly password protected...
01 IX 2010 19:51:53 - C:\WINDOWS\system32\config\SECURITY.LOG not Scanned. Possibly password protected...
01 IX 2010 19:51:53 - C:\WINDOWS\system32\config\software not Scanned. Possibly password protected...
01 IX 2010 19:51:53 - C:\WINDOWS\system32\config\software.LOG not Scanned. Possibly password protected...
01 IX 2010 19:51:53 - C:\WINDOWS\system32\config\system not Scanned. Possibly password protected...
01 IX 2010 19:51:54 - C:\WINDOWS\system32\config\system.LOG not Scanned. Possibly password protected...

Re: MWAV

Napsal: 01 zář 2010 19:13
od Diallix
Ahoj.

Mozes sem dat obsah suboru C:\WINDOWS\reset.reg ?

Re: MWAV

Napsal: 01 zář 2010 19:22
od Francouz
Hojky tu slozku nemam...fakt jsem ji hledal neni tam nikde....je mozne se to smazal WMAV?

Re: MWAV

Napsal: 01 zář 2010 19:29
od Diallix
Pevne dufam, ze to nebol ziaden crack alebo podobne na antivir ?

Urob este sken s tymto nastrojom: http://www.viry.cz/forum/viewtopic.php?t=67229

Re: MWAV

Napsal: 01 zář 2010 20:57
od Francouz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4412

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1.9.2010 21:47:04
mbam-log-2010-09-01 (21-47-04).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|G:\|)
Skenované objekty: 222283
Uplynulý čas: 1 hodina(y), 12 minuta(y), 38 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Re: MWAV

Napsal: 02 zář 2010 00:14
od Diallix
Vypada to ok. :)

Re: MWAV

Napsal: 02 zář 2010 00:24
od Francouz
C:\WINDOWS\reset.reg ?
oki tak to vypada ze me to smaznul WMAV je tak?
jinak pc jede v normalu...dikec za rady :)

Re: MWAV

Napsal: 02 zář 2010 09:34
od Diallix
Nemas zaco.

Neuvedomil som si, ze si spustil mwav pod modom automatickeho deletu najdenych veci, nakolko takeho uzivatela som este nemal :)
Mwav spustaj vzdy len ako sken bez deletu, pretoze nie vzdy moze oznacit za malware veci, ktore nim naozaj su a tak zmaze veci, ktore su ok, konkretne aj v tvojom pripade, niektore veci co zmazal su ok, avsak su sucastou combofixu.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz