AvG nic nenašlo jen MalwarebyteAntiMalware našlo tohle:
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
20.12.2011 17:48:37
mbam-log-2011-12-20 (17-48-37).txt
Typ: Rychlá kontrola
Kontrolované objekty: 179583
Uplynulý čas: 24 minut, 17 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 10
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 2
Infikované složky: 12
Infikované soubory: 20
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{FD90C192-481B-4A89-9FD7-CFA65709F541} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0FDCF5F0-D211-4412-A6E3-DD4938E26E24} (Adware.SuperSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SiteVacuum (Adware.SuperSearch) -> Quarantined and deleted successfully.
Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x ... r.asp?Ext=%s) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Infikované složky:
c:\program files\easysearch (Adware.SuperSearch) -> Delete on reboot.
c:\program files\easysearch\FFExt (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\FFExt\chrome (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\FFExt\chrome\content (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\thirdpartyinstallers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Infikované soubory:
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\program files\easysearch\MFC42U.DLL (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\sitevacuumclient.bue (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\sitevacuumclient.tlb (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\sitevacuumlicense.txt (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\tskill.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\uninst.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\updatehelper.exe (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\what.is.sitevacuumclient.exe.txt (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\WSConfig.ini (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\FFExt\chrome.manifest (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\FFExt\install.rdf (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\FFExt\chrome\content\script-injector.js (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\easysearch\FFExt\chrome\content\sitevacuum.xul (Adware.SuperSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Takže to jsem všechno vymazal ...a nic
Ten Adware to nedělá asi ten bacdoor a 2x Hijack aplic. Nicméně už je to pryč ,ale noťas stejně Centrum zabezpečení nespustí.Tak nevim , pls HELP ! Pozn. : jsem laik , tak pomalu na mě :-)
