Kdyz zapnu pocitac, naskoci okno : http://bigjimmy.galerie.cz/#78304018 ... Nekdo mi doporucil dat jsem log z hijackthis, ze mam v pc vir .... tak tady je : Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:16:54, on 28.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SMART Board Software\SMARTBoardTools.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SMART Board Software\Aware.exe
C:\Program Files\SMART Board Software\Marker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Minařík\Plocha\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrumcz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Board Software\NotebookPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FortKnoxPersonalFirewall] "C:\Program Files\NETGATE\FortKnox Personal Firewall 2006\FortKnoxGUI.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... IwQy0zN1RT"&"inst=NzctNTgzNTQ1MDgxLVQxLUZMKzgtRjhNOEMrMy1GOE0xMUQrMS1VUEcrMjAxMS1UVUcrMi1DSVArMi1MU0RTKzItRERUKzA"&"prod=55"&"ver=10.0.1388
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1062.dll,InstantAccess
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DrWindows] "C:\Program Files\DrWindows\DrWindows.exe" /autorun
O4 - HKCU\..\Run: [Real Desktop] "C:\Program Files\Real Desktop\Real Desktop.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nástroje SMART Board.lnk = C:\Program Files\SMART Board Software\SMARTBoardTools.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZKfox000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stahuj.cz
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/be ... der_v6.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Služba SMART Board (SMART Board Service) - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
O24 - Desktop Component 0: (no name) - http://search.centrum.cz/js/func14.js
--
End of file - 13193 bytes
RUNDLL Vyřešeno
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: RUNDLL
Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštìní se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynù, bìhem aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by mìl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštìní se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynù, bìhem aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by mìl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: RUNDLL
no nevim .... Zeptam se radsi kamosky az bude online .. jen jsem chtel vedet jestli tu je vir nebo ne ..... Combofix pry muze znicit cely system :( ....
Re: RUNDLL
Tak ted se pocitac sam vypina ... nevypne se ale prepne se do modre obrazovky a pise se tam neco a potom poprví tam bylo Technicke potize : STOP 0x0000008E(0x80000003,0xF78B8136,0XF77DE870,0X00000000) a podtim .. watchdog.sys - address F78B8136 base at F78B7000, datestamp 480254ab... .. podruhe dalsi cisla ale bez tooho watchdog (to tam nebylo) a po treti zase jiny cisla a nahore PFN_LIST_CORRUPT ...
PROSIMVAS.. ZAPNUL JSEM COMBOFIX (ZACAL EXTRAHOVAT NEJAKY SOUBORY) A POTOM NAPSAL ZE NEJAKY ANTIVIR MA ZAPLEJ RE.STIT , AVG 2011 , JENZE TEN UZ JSEM DÁVNO ODINSTALOVAL... NWM JAK TO VYPNOUT KDYZ SI MYSLIM ZE TO V PC NEMAM
PROSIMVAS.. ZAPNUL JSEM COMBOFIX (ZACAL EXTRAHOVAT NEJAKY SOUBORY) A POTOM NAPSAL ZE NEJAKY ANTIVIR MA ZAPLEJ RE.STIT , AVG 2011 , JENZE TEN UZ JSEM DÁVNO ODINSTALOVAL... NWM JAK TO VYPNOUT KDYZ SI MYSLIM ZE TO V PC NEMAM
Re: RUNDLL
ComboFix 11-07-28.02 - Minařík 28.07.2011 17:39:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.542 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mina°Ýk\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files\DaemonTools_WhenUSave_Installer
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\006A9BCF.urr
c:\program files\FunWebProducts\Shared\013687AA.dat
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\HTV
c:\program files\HTV\akv.cfg
c:\program files\HTV\HTV.001
c:\program files\HTV\HTV.002
c:\program files\HTV\HTV.005
c:\program files\HTV\HTV.009
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00037EB6
c:\program files\MyWebSearch\bar\Cache\00062FBD.bin
c:\program files\MyWebSearch\bar\Cache\00079F1C
c:\program files\MyWebSearch\bar\Cache\000B505C
c:\program files\MyWebSearch\bar\Cache\000D53BE
c:\program files\MyWebSearch\bar\Cache\000E11AF
c:\program files\MyWebSearch\bar\Cache\000FD8B3.bin
c:\program files\MyWebSearch\bar\Cache\001681F6
c:\program files\MyWebSearch\bar\Cache\0016AF9E.bin
c:\program files\MyWebSearch\bar\Cache\0016B2CA.bin
c:\program files\MyWebSearch\bar\Cache\0016B480.bin
c:\program files\MyWebSearch\bar\Cache\0018DC22
c:\program files\MyWebSearch\bar\Cache\001BF103
c:\program files\MyWebSearch\bar\Cache\001EB488
c:\program files\MyWebSearch\bar\Cache\00676898
c:\program files\MyWebSearch\bar\Cache\00677AD8
c:\program files\MyWebSearch\bar\Cache\00677C3F.bin
c:\program files\MyWebSearch\bar\Cache\00677D87.bin
c:\program files\MyWebSearch\bar\Cache\00677EDF.bin
c:\program files\MyWebSearch\bar\Cache\006780C3.bin
c:\program files\MyWebSearch\bar\Cache\0067824A.bin
c:\program files\MyWebSearch\bar\Cache\00AC4CC3.bin
c:\program files\MyWebSearch\bar\Cache\00B5A7E8.bin
c:\program files\MyWebSearch\bar\Cache\00B5A97E.bin
c:\program files\MyWebSearch\bar\Cache\00B5AA68.bin
c:\program files\MyWebSearch\bar\Cache\00B5AB72.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSrcas.dll
c:\program files\SystemDoctor 2006 Free
c:\program files\SystemDoctor 2006 Free\lock.dat
c:\program files\video activex object
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\IsUn0405.exe
c:\windows\ST6UNST.000
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\nvs2.inf
c:\windows\system32\opxiibl.dat
c:\windows\system32\opxiibl_nav.dat
c:\windows\system32\opxiibl_navps.dat
c:\windows\system32\utbogsnikm_navtmp.dat
c:\windows\tmlpcert2007
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-25 14:31 . 2010-11-09 13:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-07-25 14:31 . 2011-07-25 14:31 -------- d-----w- c:\program files\CPUID
2011-07-24 13:36 . 2011-07-24 13:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-07-24 13:31 . 2011-07-24 13:31 -------- d-----w- c:\documents and settings\Minařík\Local Settings\Data aplikací\Temp
2011-07-24 13:31 . 2011-07-24 13:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-07-24 13:30 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-24 13:30 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-24 13:30 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-24 13:30 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-24 13:30 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-24 13:30 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-24 13:30 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-24 13:30 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-24 13:29 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-24 13:29 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-24 13:06 . 2011-07-24 13:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 10:56 . 2008-06-11 16:53 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2006-02-11 09:54 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 706891EF8CFDDEF435E72D4ED6F3FD09 . 1034240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\explorer.exe
[-] 2007-06-13 . ED7B460B142A32097B8A8F6ECC941815 . 1033728 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 9B32416BD5988C97B6397CE0B02CAF97 . 1033728 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-18 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[7] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . CDA205739ADFF87053FCD4F9BFB7C9B4 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[7] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ssdpsrv.dll
[7] 2004-08-18 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2006-10-29 155896]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2004-11-22 180224]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-05-07 26112]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-05-27 413696]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... =10.0.1388" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
.
c:\documents and settings\Minaýˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2011-6-24 624416]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-6-4 1183744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
N stroje SMART Board.lnk - c:\program files\SMART Board Software\SMARTBoardTools.exe [2006-6-27 3371008]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-01 14:04 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\Gameforge4D\\4Story\\4Story.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Aspire Metin2\\metin2client.bin"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2074:UDP"= 2074:UDP:DKSpeak UDP
"8873:TCP"= 8873:TCP:BitComet 8873 TCP
"8873:UDP"= 8873:UDP:BitComet 8873 UDP
"22600:TCP"= 22600:TCP:BitComet 22600 TCP
"22600:UDP"= 22600:UDP:BitComet 22600 UDP
"15590:TCP"= 15590:TCP:BitComet 15590 TCP
"15590:UDP"= 15590:UDP:BitComet 15590 UDP
"8945:TCP"= 8945:TCP:BitComet 8945 TCP
"8945:UDP"= 8945:UDP:BitComet 8945 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"WinUpdate.exe"= 6667:TCP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.3.2007 11:15 639224]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.7.2011 15:30 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.7.2011 15:30 309848]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.7.2011 15:30 19544]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [25.7.2011 16:31 21992]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [21.5.2004 2:30 114944]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [7.2.2007 14:24 6852]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [1.11.2010 18:52 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [1.11.2010 18:52 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [1.11.2010 18:52 34789]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [11.2.2006 12:58 9510]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.7.2011 15:31 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 idrmkl;idrmkl;\??\c:\docume~1\MINAK~1\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\MINAK~1\LOCALS~1\Temp\idrmkl.sys [?]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [28.4.2007 14:55 66048]
S3 Revolution1;Revolution1;\??\c:\documents and settings\Minařík\Plocha\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\documents and settings\Minařík\Plocha\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 17:21 30720]
S3 UnlockerDriver4;UnlockerDriver4 Driver;\??\c:\program files\Unlocker\UnlockerDriver4.sys --> c:\program files\Unlocker\UnlockerDriver4.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-24 13:30]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-24 13:30]
.
2011-07-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrumcz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Trusted Zone: stahuj.cz
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-DrWindows - c:\program files\DrWindows\DrWindows.exe
HKCU-Run-Real Desktop - c:\program files\Real Desktop\Real Desktop.exe
HKLM-Run-FortKnoxPersonalFirewall - c:\program files\NETGATE\FortKnox Personal Firewall 2006\FortKnoxGUI.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-opxiibl - c:\windows\system32\opxiibl.exe
AddRemove-Passware Kit Enterprise - c:\program files\Passware\demos\un-kitd.exe
AddRemove-{CAEAD13D-5A84-4cee-8364-F185C65B37A7} - c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II Demo\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 18:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0c72b06b-911a-412b-af62-fd5610e466cf}]
@Denied: (Full) (Everyone)
"Model"=dword:0000002b
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,9f,64,8d,86,a3,2d,10,24,5c,26,c7,83,f7,90,51,5a,75,31,85,e2,32,10,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1464)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\msi.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\SMART Board Software\SMARTBoardService.exe
c:\windows\system32\ssoftsrv.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\SMART Board Software\Aware.exe
c:\program files\SMART Board Software\Marker.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe
.
**************************************************************************
.
Celkový čas: 2011-07-28 18:20:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-28 16:20
.
Před spuštěním: Volných bajtů: 32 758 448 128
Po spuštění: Volných bajtů: 32 792 064 000
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - EB6756FD372D82ABA1353B6B8CD56028
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.542 [GMT 2:00]
Spuštěný z: c:\documents and settings\Mina°Ýk\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Sunbelt Kerio Personal Firewall *Enabled* {E659E0EE-10E6-49B7-8696-60F38D0EB174}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files\DaemonTools_WhenUSave_Installer
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\006A9BCF.urr
c:\program files\FunWebProducts\Shared\013687AA.dat
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\HTV
c:\program files\HTV\akv.cfg
c:\program files\HTV\HTV.001
c:\program files\HTV\HTV.002
c:\program files\HTV\HTV.005
c:\program files\HTV\HTV.009
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00037EB6
c:\program files\MyWebSearch\bar\Cache\00062FBD.bin
c:\program files\MyWebSearch\bar\Cache\00079F1C
c:\program files\MyWebSearch\bar\Cache\000B505C
c:\program files\MyWebSearch\bar\Cache\000D53BE
c:\program files\MyWebSearch\bar\Cache\000E11AF
c:\program files\MyWebSearch\bar\Cache\000FD8B3.bin
c:\program files\MyWebSearch\bar\Cache\001681F6
c:\program files\MyWebSearch\bar\Cache\0016AF9E.bin
c:\program files\MyWebSearch\bar\Cache\0016B2CA.bin
c:\program files\MyWebSearch\bar\Cache\0016B480.bin
c:\program files\MyWebSearch\bar\Cache\0018DC22
c:\program files\MyWebSearch\bar\Cache\001BF103
c:\program files\MyWebSearch\bar\Cache\001EB488
c:\program files\MyWebSearch\bar\Cache\00676898
c:\program files\MyWebSearch\bar\Cache\00677AD8
c:\program files\MyWebSearch\bar\Cache\00677C3F.bin
c:\program files\MyWebSearch\bar\Cache\00677D87.bin
c:\program files\MyWebSearch\bar\Cache\00677EDF.bin
c:\program files\MyWebSearch\bar\Cache\006780C3.bin
c:\program files\MyWebSearch\bar\Cache\0067824A.bin
c:\program files\MyWebSearch\bar\Cache\00AC4CC3.bin
c:\program files\MyWebSearch\bar\Cache\00B5A7E8.bin
c:\program files\MyWebSearch\bar\Cache\00B5A97E.bin
c:\program files\MyWebSearch\bar\Cache\00B5AA68.bin
c:\program files\MyWebSearch\bar\Cache\00B5AB72.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSrcas.dll
c:\program files\SystemDoctor 2006 Free
c:\program files\SystemDoctor 2006 Free\lock.dat
c:\program files\video activex object
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\IsUn0405.exe
c:\windows\ST6UNST.000
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\nvs2.inf
c:\windows\system32\opxiibl.dat
c:\windows\system32\opxiibl_nav.dat
c:\windows\system32\opxiibl_navps.dat
c:\windows\system32\utbogsnikm_navtmp.dat
c:\windows\tmlpcert2007
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-28 do 2011-07-28 )))))))))))))))))))))))))))))))
.
.
2011-07-25 14:31 . 2010-11-09 13:35 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-07-25 14:31 . 2011-07-25 14:31 -------- d-----w- c:\program files\CPUID
2011-07-24 13:36 . 2011-07-24 13:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2011-07-24 13:31 . 2011-07-24 13:31 -------- d-----w- c:\documents and settings\Minařík\Local Settings\Data aplikací\Temp
2011-07-24 13:31 . 2011-07-24 13:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Google
2011-07-24 13:30 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-24 13:30 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-24 13:30 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-24 13:30 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-24 13:30 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-24 13:30 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-24 13:30 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-24 13:30 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-24 13:29 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-24 13:29 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-24 13:06 . 2011-07-24 13:06 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 10:56 . 2008-06-11 16:53 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-06-06 11:35 . 2004-08-18 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:32 . 2006-02-11 09:54 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-18 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-18 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 706891EF8CFDDEF435E72D4ED6F3FD09 . 1034240 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\explorer.exe
[-] 2007-06-13 . ED7B460B142A32097B8A8F6ECC941815 . 1033728 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2007-06-13 . 9B32416BD5988C97B6397CE0B02CAF97 . 1033728 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-18 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[7] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . CDA205739ADFF87053FCD4F9BFB7C9B4 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[7] 2008-04-14 . BECD5271DC4E3B7C3D035F790FCBC1E5 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\1dab8d41b73a912c39f7d3fd77a4df39\ssdpsrv.dll
[7] 2004-08-18 . 88C28F53F53438DAFCD95E99C837C61E . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 11:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [2006-10-29 155896]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-10-29 4620288]
"nwiz"="nwiz.exe" [2004-10-29 921600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-10-29 86016]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2004-11-22 180224]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-05-07 26112]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-05-27 413696]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... =10.0.1388" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
.
c:\documents and settings\Minaýˇk\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2011-6-24 624416]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-6-4 1183744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
N stroje SMART Board.lnk - c:\program files\SMART Board Software\SMARTBoardTools.exe [2006-6-27 3371008]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-01 14:04 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Metin2_CZ\\metin2.bin"=
"c:\\Program Files\\Metin2_CZ\\metin2client.bin"=
"c:\\Program Files\\Gameforge4D\\4Story\\4Story.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Aspire Metin2\\metin2client.bin"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"c:\\Program Files\\Cenega Czech\\VIETCONG\\vietcong.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2074:UDP"= 2074:UDP:DKSpeak UDP
"8873:TCP"= 8873:TCP:BitComet 8873 TCP
"8873:UDP"= 8873:UDP:BitComet 8873 UDP
"22600:TCP"= 22600:TCP:BitComet 22600 TCP
"22600:UDP"= 22600:UDP:BitComet 22600 UDP
"15590:TCP"= 15590:TCP:BitComet 15590 TCP
"15590:UDP"= 15590:UDP:BitComet 15590 UDP
"8945:TCP"= 8945:TCP:BitComet 8945 TCP
"8945:UDP"= 8945:UDP:BitComet 8945 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"WinUpdate.exe"= 6667:TCP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.3.2007 11:15 639224]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.7.2011 15:30 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.7.2011 15:30 309848]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [18.7.2006 12:02 284184]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [18.7.2006 12:02 91672]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.7.2011 15:30 19544]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [25.7.2011 16:31 21992]
R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [21.5.2004 2:30 114944]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [7.2.2007 14:24 6852]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [1.11.2010 18:52 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [1.11.2010 18:52 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [1.11.2010 18:52 34789]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [11.2.2006 12:58 9510]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.7.2011 15:31 136176]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 idrmkl;idrmkl;\??\c:\docume~1\MINAK~1\LOCALS~1\Temp\idrmkl.sys --> c:\docume~1\MINAK~1\LOCALS~1\Temp\idrmkl.sys [?]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [28.4.2007 14:55 66048]
S3 Revolution1;Revolution1;\??\c:\documents and settings\Minařík\Plocha\Revolution_Engine_8.3_ShaK3\SHAK3.sys --> c:\documents and settings\Minařík\Plocha\Revolution_Engine_8.3_ShaK3\SHAK3.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 tap0901_2gm;VPN Anonymizer Adapter;c:\windows\system32\drivers\tap0901_2gm.sys [21.6.2007 17:21 30720]
S3 UnlockerDriver4;UnlockerDriver4 Driver;\??\c:\program files\Unlocker\UnlockerDriver4.sys --> c:\program files\Unlocker\UnlockerDriver4.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-24 13:30]
.
2011-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-24 13:30]
.
2011-07-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 11:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrumcz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Trusted Zone: stahuj.cz
TCP: DhcpNameServer = 192.168.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-DrWindows - c:\program files\DrWindows\DrWindows.exe
HKCU-Run-Real Desktop - c:\program files\Real Desktop\Real Desktop.exe
HKLM-Run-FortKnoxPersonalFirewall - c:\program files\NETGATE\FortKnox Personal Firewall 2006\FortKnoxGUI.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-opxiibl - c:\windows\system32\opxiibl.exe
AddRemove-Passware Kit Enterprise - c:\program files\Passware\demos\un-kitd.exe
AddRemove-{CAEAD13D-5A84-4cee-8364-F185C65B37A7} - c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II Demo\EAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 18:12
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0c72b06b-911a-412b-af62-fd5610e466cf}]
@Denied: (Full) (Everyone)
"Model"=dword:0000002b
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,9f,64,8d,86,a3,2d,10,24,5c,26,c7,83,f7,90,51,5a,75,31,85,e2,32,10,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1464)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3128)
c:\windows\system32\msi.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\program files\SMART Board Software\SMARTBoardService.exe
c:\windows\system32\ssoftsrv.exe
c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\SMART Board Software\Aware.exe
c:\program files\SMART Board Software\Marker.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\Common Files\SMART Technologies Inc\SMART Product Update\SmartProductUpdate.exe
.
**************************************************************************
.
Celkový čas: 2011-07-28 18:20:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-28 16:20
.
Před spuštěním: Volných bajtů: 32 758 448 128
Po spuštění: Volných bajtů: 32 792 064 000
.
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - EB6756FD372D82ABA1353B6B8CD56028
Re: RUNDLL
Jeste bych mel rict, ze tesne pred zapnustim systemu nabehno CHKDSK (nejaka kontrola), potom se to restarttuje a zapne se system normalne .... taky me napadlo, ze kdyz zapnu google chrom, tak system spadne.... jestli to s tim nesouvisí...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: RUNDLL
Odinstaluj:
ICQToolBar
MyWebSearch
Ask.com , Ask Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
ICQToolBar
MyWebSearch
Ask.com , Ask Toolbar
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
Kód: Vybrat vše
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZKfox000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O15 - Trusted Zone: *.stahuj.cz
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://arcade.icq.com/online/online2/be ... der_v6.cab
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
SecCenter::
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
File::
c:\windows\Tasks\AppleSoftwareUpdate.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
Folder::
c:\program files\Ask.com
Driver::
LMIInfo
EagleXNt
idrmkl
Revolution1
SetupNTGLM7X
UnlockerDriver4
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"WinUpdate.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
"Enabled"=-
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0c72b06b-911a-412b-af62-fd5610e466cf}]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: RUNDLL
nez se do toho dam.. nevadi ze kdyz zapbu pc , naskoci nejaka kontrola CHKDSK a neco to smaze... potom se mi ukaze tabulka : http://bigjimmy.galerie.cz/#78316557
Re: RUNDLL
nejde mi odinstalovat ICW toolbar... nevita jak to udelat?
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: RUNDLL
Přes přidat/odebrat programy
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: RUNDLL
tam to neni 
.. to jsem zkousel jako prvni ... smazal jsem slozky v programu Files 
.. to jsem zkousel jako prvni ... smazal jsem slozky v programu Files -
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: RUNDLL
V Program files se nic nemaže!!! To mohu jen já programem...
Udělej ten script..
Udělej ten script..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 95 hostů