Jak se zbavit When u save now? (vyřešeno) Vyřešeno

[Alishka]

Vcera se mi na disku objevil tenhle spyware nebo co to je. Uz jsem to odinstalovala, disk projela adawerem a dnes jsem spustila antivir a tam se zase tenhle spyware objevuje. Tak jak s nim pryc?

[Reklama]

[fredik]

Vlož sem log z programu HijackThis

[Alishka]

Logfile of HijackThis v1.99.1
Scan saved at 14:05:43, on 29.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\soft602\pdfSaver.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Alishka\Plocha\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.quick.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [602PC SUITE PDF Saver] "C:\Program Files\Common Files\soft602\pdfSaver.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [pdfSaver3] "c:\Program Files\PDF\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Alishka\Local Settings\Temp\{A24DA7CA-A4D9-4F87-A2E2-57890F356D3D}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Stáhnout Star Downloaderem - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{82AD2C42-BC54-4F13-8674-BD600E326DBD}: NameServer = 194.228.41.65 194.228.41.113
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

[Alishka]

Tak co?

[mijaja]

V Taskmanageru (CTRL+ALT+DEL - záložka Procesy - tlačítko Ukončit proces) zastav proces:

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

Až to budeš mít, spusť znovu HijackThis a zaškrtni v něm okénka před řádky:

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize

V logu HJT se WhenUsave neobjevuje. Udělej sken počítače MWAVem a upravený log dej sem. Návod mám v podpisu.

[Alishka]

Fri Sep 29 20:25:48 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusavemsg !!!
Fri Sep 29 20:25:50 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Fri Sep 29 20:25:51 2006 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenu !!!
Fri Sep 29 20:25:51 2006 => Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Fri Sep 29 20:25:53 2006 => Offending file found: C:\Documents and Settings\Alishka\Local Settings\data aplikací\hp\digital imaging\cache\1.dat
Fri Sep 29 20:25:53 2006 => System found infected with wareout Adware (1.dat)! Action taken: No Action Taken.

Fri Sep 29 20:25:54 2006 => Offending file found: C:\Documents and Settings\Alishka\Local Settings\Data aplikací\hp\digital imaging\cache\1.dat
Fri Sep 29 20:25:54 2006 => System found infected with wareout Adware (1.dat)! Action taken: No Action Taken.

Fri Sep 29 20:25:55 2006 => Checking CLSID Reference Entries...
Fri Sep 29 20:25:55 2006 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Fri Sep 29 20:25:55 2006 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Fri Sep 29 20:25:56 2006 => Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: No Action Taken.

Fri Sep 29 20:25:56 2006 => Entry "HKCR\NMUIEngine.NMUIResourceLoaderHarddisk" refers to invalid object "{03DC5606-EA66-4f02-AB52-2065524B03821}". Action Taken: No Action Taken.

Fri Sep 29 20:25:56 2006 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.

Fri Sep 29 20:25:57 2006 => Entry "HKCR\YServer.Component.1" refers to invalid object "{B26DA9C0-7921-11D4-B0F2-0050DA2B3579}". Action Taken: No Action Taken.

Fri Sep 29 20:25:57 2006 => Checking Module Usage Entries...
Fri Sep 29 20:25:57 2006 => Checking User Trusted External App Entries...
Fri Sep 29 20:25:57 2006 => Checking Shared DLL Entries...
Fri Sep 29 20:26:00 2006 => Checking Installer Entries...
Fri Sep 29 20:26:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Nokia PC Suite\". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Team17\Worms Armageddon\". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\All Users\Nabídka Start\Programy\Team17\". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Checking Shared Tools Entries...
Fri Sep 29 20:26:00 2006 => Checking File Extension Entries...
Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jp2". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r31". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r33". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r35". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r43". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r44". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r45". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r47". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".SP2". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".XviD-DiAMOND". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "bmp". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "cut". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "dds". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "dib". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "gif". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "ico". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "iff". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "jfif". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "jif". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "jng". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "jpe". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "jpeg". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "jpg". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "koa". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "lbm". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "ljp". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "mng". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "pbm". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "pcd". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "pcx". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "png". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "ppm". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "psd". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "tga". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "tif". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "tiff". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "wbm". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "wbmp". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "wmf". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "wpg". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "xbm". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Checking Application Cache Entries...
Fri Sep 29 20:26:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "LYNX BLACK". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WhenUSaveMsg". Action Taken: No Action Taken.

Fri Sep 29 20:26:00 2006 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{91B323B5-A79C-4D23-BD6D-046C565F9BCF}". Action Taken: No Action Taken.




Fri Sep 29 20:29:08 2006 => ***** Scanning complete. *****

Fri Sep 29 20:29:08 2006 => Total Objects Scanned: 25189
Fri Sep 29 20:29:08 2006 => Total Critical Objects: 5
Fri Sep 29 20:29:08 2006 => Total Disinfected Objects: 0
Fri Sep 29 20:29:08 2006 => Total Objects Renamed: 0
Fri Sep 29 20:29:08 2006 => Total Deleted Objects: 0
Fri Sep 29 20:29:08 2006 => Total Errors: 57
Fri Sep 29 20:29:08 2006 => Time Elapsed: 00:08:06
Fri Sep 29 20:29:09 2006 => Virus Database Date: 9/29/2006
Fri Sep 29 20:29:09 2006 => Virus Database Count: 227500

Fri Sep 29 20:29:09 2006 => Scan Completed.




Nevim jestli jsem sem dala presne to co jsi chtel, delam to poprve.

[iwigirl]

chceme obsah okénka Virus log information...

[mikel]

Jestli zvládáš úpravu registrů, otevři si editor registrů (Start/Spustit/napsat regedit a potvrdit) a smaž následující klíče označené červeně:
HOT_KEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusavemsg
HOT_KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\whenu

Pak na disku najdi a smaž tento soubor:
C:\Documents and Settings\Alishka\Local Settings\data aplikací\hp\digital imaging\cache\1.dat

Ale ať počítám, jak počítám, máš tam mít 5 kritických objektů, ale jsou tu uvedeny jen 4. Ten zbytek jsou chyby v registrech (Total Errors: 57). Zkus se podívat, jestli se ti něco neztratilo.

[Alishka]

Z tech registru jsem to smazala, ale ten soubor najit nemuzu, ve slozce Alishka nemam slozku Local settings. Mam to znova projet tim MWAV, aby se zjistila ta pata chyba? A jak se zbavim tech dalsich chyb?

[Alishka]

Tak ta slozka byla skryta, uz jsem to nasla a smazla.

[Alishka]

Udelala jsem znovu scan tim MWAV a zadna kriticka chyba, jen "total errors 55". Jak se zbavit tohohle?

[mikel]

Nejlépe nějakým čističem registrů. Odkazy na stažení najdeš tady.