Dobry den, mohla bych poprosit o kontrolu logu z HijackThis a SuperAntiSpyware, prosim? SAS mi toho nasel hodne, nechala jsem to vsechno odstranit. Dekuji za pomoc.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:24, on 16.2.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\DAEMON Tools\daemon.exe
C:\Program Files (x86)\ICQ6\ICQ.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files (x86)\Power Spy\common\mwsvcps.exe
C:\Program Files (x86)\Power Spy\common\wpsproc.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\3037\toolbaru.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\3037\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files (x86)\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files (x86)\Dealio\kb124\Dealio.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\3037\toolbaru.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files (x86)\Dealio\kb124\Dealio.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [au] C:\Program Files (x86)\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [winsvc] C:\Windows\system32\winsvc.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files (x86)\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files (x86)\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... YYYYYYMXCZ
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Natálie\AppData\LocalLow\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files (x86)\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files (x86)\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files (x86)\Dealio\kb124\Dealio.dll
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{554D2165-A0C1-4F20-880E-BE1C7B028435}: NameServer = 192.168.200.4,212.24.128.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{554D2165-A0C1-4F20-880E-BE1C7B028435}: NameServer = 192.168.200.4,212.24.128.8
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files (x86)\Intel\AMT\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files (x86)\SigmaTel\C-Major Audio\WDM\STacSV64.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)[/b]
[b]Generated 02/16/2008 at 04:03 PM
Application Version : 3.9.1008
Core Rules Database Version : 3259
Trace Rules Database Version: 1270
Scan type : Custom Scan
Total Scan Time : 00:44:08
Memory items scanned : 357
Memory threats detected : 1
Registry items scanned : 6143
Registry threats detected : 34
File items scanned : 61822
File threats detected : 52
Adware.MyWebSearch
C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
[MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES (X86)\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-823015455-3825660131-3753774315-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-823015455-3825660131-3753774315-1001\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
Adware.Tracking Cookie
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\natálie@atwola[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\natálie@2o7[2].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\natálie@ad2.bbmedia[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\natálie@adtech[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@2o7[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@ad.crazytomato[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@ad.yieldmanager[2].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@ad2.bbmedia[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@ad2.bbmedia[2].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@ad2.billboard[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@ads.cartoonnetwork[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@adserver2.spele[2].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@advertising[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@casalemedia[2].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@cgm.adbureau[2].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@doubleclick[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@eas.apm.emediate[2].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@m1.webstats.motigo[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@mediaplex[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@mywebsearch[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@revenue[2].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@server.cpmstar[2].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@statcounter[2].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@statse.webtrendslive[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@stats[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@toplist[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@tradedoubler[1].txt
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Cookies\Low\natálie@tribalfusion[2].txt
C:\Users\oem\AppData\Roaming\Microsoft\Windows\Cookies\Low\oem@ad2.bbmedia[1].txt
C:\Users\oem\AppData\Roaming\Microsoft\Windows\Cookies\Low\oem@toplist[1].txt
Adware.WhenU
HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKCR\AppId\ACM.DLL
HKCR\AppId\ACM.DLL#AppID
HKCR\WUSE.1
HKCR\WUSE.1#WUSE_Id
C:\Program Files (x86)\Save\ffext.mod
C:\Program Files (x86)\Save\save.cch
C:\Program Files (x86)\Save\save.db
C:\Program Files (x86)\Save\save.htm
C:\Program Files (x86)\Save\store.db
C:\Program Files (x86)\Save
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\Learn More About WhenU Save.url
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU\WhenU.com Website.url
C:\Users\Natálie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhenU
C:\Program Files (x86)\Common Files\WhenU\DTAdapter.exe
C:\Program Files (x86)\Common Files\WhenU\DTPlugin.dll
C:\Program Files (x86)\Common Files\WhenU
Trojan.Hacktool
C:\PROGRAM FILES (X86)\COMMON FILES\{A0908794-0706-1029-0804-0610130601A4}\SYSTEM.DLL
Trojan.NewDotNet-Installer
C:\PROGRAM FILES (X86)\FILESUBMIT\NNWDAC638.EXE
Adware.Starware
C:\PROGRAM FILES (X86)\SCREENSAVERS.COM\SSSINST\BIN\SCREENSAVERS.EXE
C:\PROGRAM FILES (X86)\STARWARE316\BIN\BROKER.EXE
Trojan.Freeprod
C:\ZáLOHA SOFTWARE\AVG 7,5\AVG ANTI-VIRUS PLUS FIREWALL 7.5 WORKING CRACK!!!\AVG ANTI-VIRUS PLUS FIREWALL 7.5 WORKING CRACK!!!.EXE
Prosim o kontrolu logu HijackThis a SAS
-
Baron Prášil
- Master Level 7
- Příspěvky: 4882
- Registrován: červen 06
- Pohlaví:
- Stav:
Offline
spust služby - napsáním příkazu services.msc do Spustit... v nabídce START a klik na OK
najdi My Web Search Service zastav a typ spuštění dej na zakázáno
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [winsvc] C:\Windows\system32\winsvc.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/t.....YYYYYYMXCZ
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (file missing)
O13 - Gopher Prefix:
použij Avenger
V hlavním dialogu je potřeba zvolit "Input script manually" a dále stisknout tlačítko s lupou. Otevře se editor, do kterého se již vkládají samotné "skripty".Skript se uvede do chodu stisknutím tlačítka se semaforem. Program se ještě zeptá, zda to myslíme vážně a následně nabídne okamžitý restart celého systému (doporučeno).
Po restartu pošli z avengera log co na tebe vybafne+nový log z hijackthis
najdi My Web Search Service zastav a typ spuštění dej na zakázáno
fixni
v okně programu HJT zaškrtni nalevo u položek co napíšu a potom klik na Fix checked
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [winsvc] C:\Windows\system32\winsvc.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/t.....YYYYYYMXCZ
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (file missing)
O13 - Gopher Prefix:
použij Avenger
V hlavním dialogu je potřeba zvolit "Input script manually" a dále stisknout tlačítko s lupou. Otevře se editor, do kterého se již vkládají samotné "skripty".Skript se uvede do chodu stisknutím tlačítka se semaforem. Program se ještě zeptá, zda to myslíme vážně a následně nabídne okamžitý restart celého systému (doporučeno).
Kód: Vybrat vše
Files to delete:
C:\Windows\system32\winsvc.exe
Folders to delete:
C:\Program Files (x86)\MyWebSearchPo restartu pošli z avengera log co na tebe vybafne+nový log z hijackthis
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host