Nejde mi spustit zadna aplikace- hned vyskoci okno, ze v danem programu doslo v chybe a bude ukoncen- kdyz tuto zpravu necham na pozadi da se s aplikaci jaks taks neco delat. Obcas, kdyz zapnu laptop, jsou kolem ikon takove sede stiny a nejde vubec nic- ani restart- musim natvrdo vypnou. Projela jsem to vsim moznym- NOD nasel nejake viry, ale problem to neodstrarnilo, taktez spy, firwall.
Moc prosim o radu... Dekuji
Logfile of HijackThis v1.99.1
Scan saved at 19:45:59, on 18. 9. 2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Eset\nod32.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Jozulik\Local Settings\Temp\wz2200\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zoznam.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: (no name) - {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - C:\Program Files\Common Files\goskdl.dll
O2 - BHO: (no name) - {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} - C:\Program Files\Common Files\fjOs0r.dll
O2 - BHO: (no name) - {D3626E66-B13B-C628-ACDF-BDABCFA265E1} - C:\Program Files\Common Files\Relive.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... jhtml?p=ZU
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{23FD8F53-4824-4BC2-8B51-A1C14289C277}: NameServer = 194.168.4.100,194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{23FD8F53-4824-4BC2-8B51-A1C14289C277}: NameServer = 194.168.4.100,194.168.8.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
nelze spustit zadna aplikace/log
-
apurvathea
- Level 2
- Příspěvky: 203
- Registrován: březen 07
- Pohlaví:
- Stav:
Offline
nelze spustit zadna aplikace/log
Naposledy upravil(a) apurvathea dne 20 zář 2007 09:02, celkem upraveno 1 x.
-
apurvathea
- Level 2
- Příspěvky: 203
- Registrován: březen 07
- Pohlaví:
- Stav:
Offline
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
-
apurvathea
- Level 2
- Příspěvky: 203
- Registrován: březen 07
- Pohlaví:
- Stav:
Offline
tak tady je ten log doufam....
C:\Program Files\Common Files\Relive.dll
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\Internet Explorer\msvcrt.bak
C:\Program Files\Internet Explorer\msvcrt.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00038EA5.bin
C:\Program Files\MyWebSearch\bar\Cache\00039E73.bin
C:\Program Files\MyWebSearch\bar\Cache\0003A634.bin
C:\Program Files\MyWebSearch\bar\Cache\0003A8D4.bin
C:\Program Files\MyWebSearch\bar\Cache\001B8931
C:\Program Files\MyWebSearch\bar\Cache\001B944D.bin
C:\Program Files\MyWebSearch\bar\Cache\001BB9D6.bin
C:\Program Files\MyWebSearch\bar\Cache\001BC688.bin
C:\Program Files\MyWebSearch\bar\Cache\001BC7E0.bin
C:\Program Files\MyWebSearch\bar\Cache\001C068F
C:\Program Files\MyWebSearch\bar\Cache\00A02E59.bin
C:\Program Files\MyWebSearch\bar\Cache\00A0305C.bin
C:\Program Files\MyWebSearch\bar\Cache\00A03166.bin
C:\Program Files\MyWebSearch\bar\Cache\00B895D8
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
f:\autorun.inf
f:\Ghost.pif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NPF
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 )))))))))))))))))))))))))))))))
.
2007-09-18 21:01 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 20:01 <DIR> d-------- C:\Program Files\nod32
2007-09-18 18:20 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-18 18:20 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-09-18 18:20 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-18 10:38 <DIR> d-------- C:\{80001022-0000-0000-19E5-EE54A2F94096}
2007-09-18 09:22 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-09-10 18:45 31,791 --ahs---- C:\Program Files\Common Files\fjOs0r.dll
2007-09-02 22:28 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-09-02 22:28 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-09-02 19:56 11,879 --ahs---- C:\Program Files\Common Files\goskdl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 20:00 --------- d-------- C:\Program Files\Sunbelt Software
2007-09-18 17:20 --------- d-------- C:\DOCUME~1\Jozulik\APPLIC~1\Skype
2007-09-18 17:03 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 12:43 --------- d-------- C:\Program Files\Symantec
2007-09-17 14:05 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-19 14:25 --------- d-------- C:\Program Files\IrfanView
2007-08-14 13:22 --------- d-------- C:\DOCUME~1\Jozulik\APPLIC~1\Ahead
2007-08-14 13:08 --------- d-------- C:\Program Files\Nero
2007-08-14 13:08 --------- d-------- C:\Program Files\Common Files\Ahead
2007-08-14 10:54 --------- d-------- C:\Program Files\Cossacks - Back To War
2007-08-14 10:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-14 10:28 --------- d-------- C:\DOCUME~1\Jozulik\APPLIC~1\WinRAR
2007-08-14 10:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-12 17:51 --------- d-------- C:\DOCUME~1\Jozulik\APPLIC~1\Azureus
2007-08-01 08:51 21277 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1626E66-C26B-C628-E1DF-CDACCFA26EE1}]
2007-09-18 21:07 11879 --ahs---- C:\Program Files\Common Files\goskdl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2626E66-D21B-E628-C1DF-1DACCFA36ED2}]
2007-09-18 21:04 31791 --ahs---- C:\Program Files\Common Files\fjOs0r.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 15:50 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47]
"TPSMain"="TPSMain.exe" [2005-08-03 14:26 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 10:31]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-12 19:30]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-18 20:01]
"SunServer"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-10-28 15:33]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 11:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 20:35]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 14:43]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08]
C:\DOCUME~1\Jozulik\STARTM~1\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{0FAD2E16-C8EF-5AC1-1E6A-AE3FD8EF56B3}"= C:\Program Files\Internet Explorer\msvcrt.dll [ ]
"{DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D}"= C:\Program Files\Internet Explorer\rksldk.dll [2007-09-18 21:07 11879]
"{E952B8F8-D91A-4EDD-851C-EE1A0F944469}"= C:\WINDOWS\system32\ztfree0.dll [2007-06-13 11:23 13824]
"{71046DD5-E136-4C4B-A6B5-91C30CB15291}"= C:\WINDOWS\system32\jtdoor0.dll [2007-06-13 11:23 11776]
"{D8CC4845-441C-44F8-9053-28F2EF67655B}"= C:\WINDOWS\system32\dadoor1.dll [2007-06-13 11:23 13824]
"{0DAEBA6A-86CA-4B96-AF96-0C8C2C358FBD}"= C:\WINDOWS\system32\dhdoor1.dll [2007-06-13 11:23 13312]
"{6826A3DB-EA8E-4E67-880D-53D04C7C0BD8}"= C:\WINDOWS\system32\qjdoor1.dll [2007-06-13 11:23 23552]
"{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}"= C:\Program Files\Internet Explorer\OnlO0r.dll [2007-09-18 21:04 31791]
"{3422FB0F-95EB-458A-8B56-39552017A4EF}"= C:\WINDOWS\system32\mhdoor0.dll [2007-06-13 11:23 13824]
"{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}"= C:\WINDOWS\system32\wldoor1.dll [2007-06-13 11:23 13312]
"{A3C95A74-638D-4C6B-A856-4B27664A7F47}"= C:\WINDOWS\system32\wgdoor1.dll [2007-06-13 11:23 22528]
"{EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}"= C:\WINDOWS\system32\rxdoor1.dll [2007-06-13 11:23 14848]
"{4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}"= C:\WINDOWS\system32\mydoor0.dll [2007-06-13 11:23 18432]
"{ABD0935D-B35A-47BD-BA9A-81678DDE74DD}"= C:\WINDOWS\system32\qhdoor0.dll [2007-06-13 11:23 12800]
"{04A0CB31-FDEB-4EB8-889B-E00ED87BCE23}"= C:\WINDOWS\system32\cqdoor1.dll [2007-06-13 11:23 15360]
"{08E909A4-B236-48DD-8BCC-90A604B93E68}"= C:\WINDOWS\system32\tldoor1.dll [2007-06-13 11:23 14336]
"{781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}"= C:\WINDOWS\system32\zxdoor1.dll [2007-06-13 11:23 18944]
"{68F7767A-090C-4BBF-A015-720ACC6706E2}"= C:\WINDOWS\system32\wddoor1.dll [2007-06-13 11:23 14848]
"{5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}"= C:\WINDOWS\system32\wodoor0.dll [2007-06-13 11:23 24576]
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"= C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll [2005-10-28 14:15 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94ff1acf-26e1-11dc-bd39-0018dea7d833}]
AutoRun\command- F:\LaunchU3.exe -a
.
C:\Program Files\Common Files\Relive.dll
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\Internet Explorer\msvcrt.bak
C:\Program Files\Internet Explorer\msvcrt.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00038EA5.bin
C:\Program Files\MyWebSearch\bar\Cache\00039E73.bin
C:\Program Files\MyWebSearch\bar\Cache\0003A634.bin
C:\Program Files\MyWebSearch\bar\Cache\0003A8D4.bin
C:\Program Files\MyWebSearch\bar\Cache\001B8931
C:\Program Files\MyWebSearch\bar\Cache\001B944D.bin
C:\Program Files\MyWebSearch\bar\Cache\001BB9D6.bin
C:\Program Files\MyWebSearch\bar\Cache\001BC688.bin
C:\Program Files\MyWebSearch\bar\Cache\001BC7E0.bin
C:\Program Files\MyWebSearch\bar\Cache\001C068F
C:\Program Files\MyWebSearch\bar\Cache\00A02E59.bin
C:\Program Files\MyWebSearch\bar\Cache\00A0305C.bin
C:\Program Files\MyWebSearch\bar\Cache\00A03166.bin
C:\Program Files\MyWebSearch\bar\Cache\00B895D8
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
f:\autorun.inf
f:\Ghost.pif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NPF
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-08-18 to 2007-09-18 )))))))))))))))))))))))))))))))
.
2007-09-18 21:01 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 20:01 <DIR> d-------- C:\Program Files\nod32
2007-09-18 18:20 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-18 18:20 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-09-18 18:20 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-09-18 10:38 <DIR> d-------- C:\{80001022-0000-0000-19E5-EE54A2F94096}
2007-09-18 09:22 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-09-10 18:45 31,791 --ahs---- C:\Program Files\Common Files\fjOs0r.dll
2007-09-02 22:28 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-09-02 22:28 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-09-02 19:56 11,879 --ahs---- C:\Program Files\Common Files\goskdl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 20:00 --------- d-------- C:\Program Files\Sunbelt Software
2007-09-18 17:20 --------- d-------- C:\DOCUME~1\Jozulik\APPLIC~1\Skype
2007-09-18 17:03 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 12:43 --------- d-------- C:\Program Files\Symantec
2007-09-17 14:05 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-08-19 14:25 --------- d-------- C:\Program Files\IrfanView
2007-08-14 13:22 --------- d-------- C:\DOCUME~1\Jozulik\APPLIC~1\Ahead
2007-08-14 13:08 --------- d-------- C:\Program Files\Nero
2007-08-14 13:08 --------- d-------- C:\Program Files\Common Files\Ahead
2007-08-14 10:54 --------- d-------- C:\Program Files\Cossacks - Back To War
2007-08-14 10:38 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-14 10:28 --------- d-------- C:\DOCUME~1\Jozulik\APPLIC~1\WinRAR
2007-08-14 10:24 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-08-12 17:51 --------- d-------- C:\DOCUME~1\Jozulik\APPLIC~1\Azureus
2007-08-01 08:51 21277 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1626E66-C26B-C628-E1DF-CDACCFA26EE1}]
2007-09-18 21:07 11879 --ahs---- C:\Program Files\Common Files\goskdl.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2626E66-D21B-E628-C1DF-1DACCFA36ED2}]
2007-09-18 21:04 31791 --ahs---- C:\Program Files\Common Files\fjOs0r.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:56]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 15:50 C:\WINDOWS\agrsmmsg.exe]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 13:47]
"TPSMain"="TPSMain.exe" [2005-08-03 14:26 C:\WINDOWS\system32\TPSMain.exe]
"NDSTray.exe"="NDSTray.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-12 10:31]
"TFncKy"="TFncKy.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 01:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 01:32]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-27 19:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-12 19:30]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-18 20:01]
"SunServer"="C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-10-28 15:33]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 11:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-20 20:35]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 14:43]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"=C:\Program Files\ICQLite\ICQLite.exe -trayboot
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08]
C:\DOCUME~1\Jozulik\STARTM~1\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]
"{0FAD2E16-C8EF-5AC1-1E6A-AE3FD8EF56B3}"= C:\Program Files\Internet Explorer\msvcrt.dll [ ]
"{DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D}"= C:\Program Files\Internet Explorer\rksldk.dll [2007-09-18 21:07 11879]
"{E952B8F8-D91A-4EDD-851C-EE1A0F944469}"= C:\WINDOWS\system32\ztfree0.dll [2007-06-13 11:23 13824]
"{71046DD5-E136-4C4B-A6B5-91C30CB15291}"= C:\WINDOWS\system32\jtdoor0.dll [2007-06-13 11:23 11776]
"{D8CC4845-441C-44F8-9053-28F2EF67655B}"= C:\WINDOWS\system32\dadoor1.dll [2007-06-13 11:23 13824]
"{0DAEBA6A-86CA-4B96-AF96-0C8C2C358FBD}"= C:\WINDOWS\system32\dhdoor1.dll [2007-06-13 11:23 13312]
"{6826A3DB-EA8E-4E67-880D-53D04C7C0BD8}"= C:\WINDOWS\system32\qjdoor1.dll [2007-06-13 11:23 23552]
"{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}"= C:\Program Files\Internet Explorer\OnlO0r.dll [2007-09-18 21:04 31791]
"{3422FB0F-95EB-458A-8B56-39552017A4EF}"= C:\WINDOWS\system32\mhdoor0.dll [2007-06-13 11:23 13824]
"{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}"= C:\WINDOWS\system32\wldoor1.dll [2007-06-13 11:23 13312]
"{A3C95A74-638D-4C6B-A856-4B27664A7F47}"= C:\WINDOWS\system32\wgdoor1.dll [2007-06-13 11:23 22528]
"{EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}"= C:\WINDOWS\system32\rxdoor1.dll [2007-06-13 11:23 14848]
"{4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}"= C:\WINDOWS\system32\mydoor0.dll [2007-06-13 11:23 18432]
"{ABD0935D-B35A-47BD-BA9A-81678DDE74DD}"= C:\WINDOWS\system32\qhdoor0.dll [2007-06-13 11:23 12800]
"{04A0CB31-FDEB-4EB8-889B-E00ED87BCE23}"= C:\WINDOWS\system32\cqdoor1.dll [2007-06-13 11:23 15360]
"{08E909A4-B236-48DD-8BCC-90A604B93E68}"= C:\WINDOWS\system32\tldoor1.dll [2007-06-13 11:23 14336]
"{781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}"= C:\WINDOWS\system32\zxdoor1.dll [2007-06-13 11:23 18944]
"{68F7767A-090C-4BBF-A015-720ACC6706E2}"= C:\WINDOWS\system32\wddoor1.dll [2007-06-13 11:23 14848]
"{5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}"= C:\WINDOWS\system32\wodoor0.dll [2007-06-13 11:23 24576]
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"= C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll [2005-10-28 14:15 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94ff1acf-26e1-11dc-bd39-0018dea7d833}]
AutoRun\command- F:\LaunchU3.exe -a
.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Stáhni si DrWeb-CureIta ulož si ho na plochu. Spusť ho a vlož sem log po skočení kontroly, pokud něco najde.
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
File::
C:\Program Files\Common Files\fjOs0r.dll
C:\Program Files\Common Files\goskdl.dll
C:\Program Files\Internet Explorer\rksldk.dll
C:\Program Files\Internet Explorer\OnlO0r.dll
C:\WINDOWS\system32\jtdoor0.dll
C:\WINDOWS\system32\mhdoor0.dll
C:\WINDOWS\system32\rxdoor1.dll
C:\WINDOWS\system32\mydoor0.dll
C:\WINDOWS\system32\qhdoor0.dll
C:\WINDOWS\system32\tldoor1.dll
C:\WINDOWS\system32\zxdoor1.dll
C:\WINDOWS\system32\wodoor0.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1626E66-C26B-C628-E1DF-CDACCFA26EE1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2626E66-D21B-E628-C1DF-1DACCFA36ED2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"My Web Search Bar Search Scope Monitor"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{0FAD2E16-C8EF-5AC1-1E6A-AE3FD8EF56B3}"=-
"{DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D}"=-
"{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}"=-
"{E952B8F8-D91A-4EDD-851C-EE1A0F944469}"=-
"{71046DD5-E136-4C4B-A6B5-91C30CB15291}"=-
"{3422FB0F-95EB-458A-8B56-39552017A4EF}"=-
"{EDFF29C1-5A70-4460-AC1D-16DCB4B672F0}"=-
"{4E3FBFA4-F1CC-4B66-B333-B9F0FF4B4748}"=-
"{ABD0935D-B35A-47BD-BA9A-81678DDE74DD}"=-
"{08E909A4-B236-48DD-8BCC-90A604B93E68}"=-
"{781FBCC1-99C7-4AE0-95F7-66EA49E86DD7}"=-
"{5731EA1D-6AAF-4DE9-BDDA-7B390A75B286}"=-Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
Stáhni si DrWeb-CureIta ulož si ho na plochu. Spusť ho a vlož sem log po skočení kontroly, pokud něco najde.
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 80 hostů