prosim o kontrolu logu Hjt+MALW.

Yelkinson · Příspěvekod **Yelkinson** » 26 črc 2011 11:45

Je to kamaraduv pc takze netusim co vse je tam za bordel.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:22, on 26.7.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\xxx\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\4933\1704\1629\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\xxx\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm130YYCZ
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\xxx\Nabídka Start\Programy\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O20 - Winlogon Notify: ds32htic - C:\WINDOWS\system32\ds32htic.dll (file missing)
O20 - Winlogon Notify: execvsut - C:\WINDOWS\system32\execvsut.dll (file missing)
O20 - Winlogon Notify: icm3wmps - C:\WINDOWS\system32\icm3wmps.dll (file missing)
O20 - Winlogon Notify: inkenwev - C:\WINDOWS\system32\inkenwev.dll (file missing)
O20 - Winlogon Notify: rnr2lsas - C:\WINDOWS\system32\rnr2lsas.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6831 bytes

Reklama

Příspěvekod **memphisto** » 26 črc 2011 11:46

Odinstaluj My Web Search, Winamp Toolbar

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Yelkinson · Příspěvekod **Yelkinson** » 26 črc 2011 11:55

hmmm pekny kdyz to na me vybaflo

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

26.7.2011 11:53:22
mbam-log-2011-07-26 (11-53-12).txt

Typ: Rychlá kontrola
Kontrolované objekty: 147559
Uplynulý čas: 4 minut, 52 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 130
Infikované hodnoty v registru: 11
Infikované datové položky v registru: 1
Infikované složky: 19
Infikované soubory: 82

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{621FEACD-8857-43A6-AE26-451D670D5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763E333-B168-41A0-A112-D35F96F410C0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3F5D-418F-990C-B1EFE0797A3B} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38A7C9DA-8DB7-4D0F-A7B1-C4B1A305BDDB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.BrowserOverlayEmbed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.BrowserOverlayEmbed (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A6573479-9075-4A65-98A6-19FD29CF7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.BrowserOverlayBarButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.BrowserOverlayBarButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7558E739-8E7C-44BB-BCE7-1BF0D72B7026} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infikované hodnoty v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
c:\documents and settings\xxx\data aplikací\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\xxx\data aplikací\funwebproducts\Data (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\xxx\data aplikací\funwebproducts\Data\xxx (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.

Infikované soubory:
c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\xxx\data aplikací\funwebproducts\Data\xxx\avatar.dat (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\xxx\data aplikací\funwebproducts\Data\xxx\register.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images\00126C00.urr (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\avatarsmallbtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\mailstampbtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\myfuncardsimbtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\mystationerybtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\avatar.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\bgfadel.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\bgfader.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\close.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\common-x.css (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\common.css (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\cornerbl.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\cornerbr.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\htmlctrl.js (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\include.js (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\index.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\loading.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\login.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\logo.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\max.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\min.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\noflash.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\spacer.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\spacer.swf (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\unmax.gif (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\wardrobe.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON\window.ico (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\000447A4 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\000EE1A1 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\000EE7EB (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\000EEB65.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\000EED4A.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\000EEEC1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\000EF057.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\000EF2A9.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00191023.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\001913CC.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\001915C0.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0024EF81.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0024F27F.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0024F3C7.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\0024F52E.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\00D843C5.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\icqtoolbar\4933\1704\1629\toolbaru.dll (Trojan.BHO) -> No action taken.

Příspěvekod **memphisto** » 26 črc 2011 11:57

To je normální, pokud jsi měl v PC My Web Search

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštìní se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynù, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by mìl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Yelkinson · Příspěvekod **Yelkinson** » 26 črc 2011 12:30

tak ten novej log sem nemohl najit tak sem udelal novou kontrolu

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

26.7.2011 12:28:38
mbam-log-2011-07-26 (12-28-38).txt

Typ: Rychlá kontrola
Kontrolované objekty: 147579
Uplynulý čas: 4 minut, 26 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Yelkinson · Příspěvekod **Yelkinson** » 26 črc 2011 12:59

ComboFix 11-07-26.02 - xxx 26.07.2011 12:40:32.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.255.115 [GMT 2:00]
Spuštěný z: c:\documents and settings\xxx\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\xxx\WINDOWS
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 10:13 . 2011-07-26 10:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-26 09:37 . 2011-07-26 09:37 -------- d-----w- c:\documents and settings\xxx\Data aplikací\Malwarebytes
2011-07-26 09:37 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 09:37 . 2011-07-26 09:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-26 09:37 . 2011-07-26 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 09:37 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 09:35 . 2011-07-26 09:35 388096 ----a-r- c:\documents and settings\xxx\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-26 09:35 . 2011-07-26 09:35 -------- d-----w- c:\program files\Trend Micro
2011-07-26 09:34 . 2011-07-26 09:35 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 19:38 . 2011-04-26 18:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^xxx^Nabídka Start^Programy^Po spuštění^IMVU.lnk]
path=c:\documents and settings\xxx\Nabídka Start\Programy\Po spuštění\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2005-08-02 13:48 48752 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 21:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBDriver]
2004-08-25 21:27 151552 ----a-w- c:\program files\Keyboard Driver\OEMDriver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-22 08:42 90112 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2005-08-26 11:23 85600 ----a-w- c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wha1.115]
c:\windows\System32\wha1.115.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wha1.116]
c:\windows\System32\wha1.116.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\WINDOWS\\system32\\named.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.6.2010 17:43 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.6.2010 17:43 19024]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [28.12.2006 19:04 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [28.12.2006 19:04 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [28.12.2006 19:04 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [28.12.2006 19:04 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [28.12.2006 19:04 83344]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [28.12.2006 19:04 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [28.12.2006 19:04 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [28.12.2006 19:04 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [28.12.2006 19:04 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [28.12.2006 19:04 83344]
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
2006-04-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-04-26 10:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\xxx\Nabídka Start\Programy\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\lkejiwvi.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc683e2 ... &lng=cs&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-ds32htic - c:\windows\system32\ds32htic.dll
Notify-execvsut - c:\windows\system32\execvsut.dll
Notify-icm3wmps - c:\windows\system32\icm3wmps.dll
Notify-inkenwev - c:\windows\system32\inkenwev.dll
Notify-rnr2lsas - c:\windows\system32\rnr2lsas.dll
MSConfigStartUp-gonz - c:\windows\gonz.exe
MSConfigStartUp-himem - c:\windows\wmrg109.exe
MSConfigStartUp-ICQ - c:\program files\ICQ6.5\ICQ.exe
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-obsd32 - c:\windows\obsd32.exe
MSConfigStartUp-SoundMnEx32 - c:\windows\System32\crnmgt.exe
MSConfigStartUp-wha1 - c:\windows\wha1.113.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-wmml1 - c:\windows\wmml1.113.exe
MSConfigStartUp-wmrg109 - c:\windows\wmrg109.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 12:49
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2011-07-26 12:52:42
ComboFix-quarantined-files.txt 2011-07-26 10:52
.
Před spuštěním: Volných bajtů: 32 951 451 648
Po spuštění: Volných bajtů: 32 919 834 624
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - ADBFC44AF282C4092F969D4F13A146F3

Příspěvekod **memphisto** » 26 črc 2011 14:19

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\Tasks\Symantec NetDetect.job

Folder::
c:\program files\Winamp Toolbar
c:\program files\Common Files\Symantec Shared
c:\progra~1\SYMANT~1
c:\program files\Symantec
c:\documents and settings\All Users\Data aplikací\Winamp Toolbar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"=-
[-HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[-HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[-HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"DisableMonitoring"=dword:00000000

Driver::
SetupNTGLM7X

File::
d:\NTGLM7X.sys

DDS::
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: &Winamp Search - c:\documents and settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

Firefox::
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\lkejiwvi.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc683e2 ... &lng=cs&q=

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Toto otestuj na Virustotal
c:\windows\System32\wha1.115.exe
c:\windows\System32\wha1.116.exe

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Yelkinson · Příspěvekod **Yelkinson** » 26 črc 2011 14:47

tak tady je CF a jeste skouknu ten virus.

ComboFix 11-07-26.02 - xxx 26.07.2011 14:30:32.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.255.113 [GMT 2:00]
Spuštěný z: c:\documents and settings\xxx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xxx\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"d:\NTGLM7X.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Winamp Toolbar
c:\program files\Winamp Toolbar\apopup.dll
c:\program files\Winamp Toolbar\install.log
c:\program files\Winamp Toolbar\msvcr71.dll
c:\program files\Winamp Toolbar\uninstall.exe
c:\program files\Winamp Toolbar\winamptb.dll
c:\program files\Winamp Toolbar\winampTbServer.exe
c:\program files\Winamp Toolbar\winamptbServerPS.dll
c:\program files\Winamp Toolbar\xprt5.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 10:13 . 2011-07-26 10:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-26 09:37 . 2011-07-26 09:37 -------- d-----w- c:\documents and settings\xxx\Data aplikací\Malwarebytes
2011-07-26 09:37 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 09:37 . 2011-07-26 09:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-26 09:37 . 2011-07-26 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 09:37 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 09:35 . 2011-07-26 09:35 388096 ----a-r- c:\documents and settings\xxx\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-26 09:35 . 2011-07-26 09:35 -------- d-----w- c:\program files\Trend Micro
2011-07-26 09:34 . 2011-07-26 09:35 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 19:38 . 2011-04-26 18:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^xxx^Nabídka Start^Programy^Po spuštění^IMVU.lnk]
path=c:\documents and settings\xxx\Nabídka Start\Programy\Po spuštění\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2005-08-02 13:48 48752 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 21:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBDriver]
2004-08-25 21:27 151552 ----a-w- c:\program files\Keyboard Driver\OEMDriver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-22 08:42 90112 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
2005-08-26 11:23 85600 ----a-w- c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wha1.115]
c:\windows\System32\wha1.115.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wha1.116]
c:\windows\System32\wha1.116.exe [BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\WINDOWS\\system32\\named.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.6.2010 17:43 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.6.2010 17:43 19024]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [28.12.2006 19:04 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [28.12.2006 19:04 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [28.12.2006 19:04 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [28.12.2006 19:04 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [28.12.2006 19:04 83344]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [28.12.2006 19:04 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [28.12.2006 19:04 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [28.12.2006 19:04 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [28.12.2006 19:04 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [28.12.2006 19:04 83344]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
2006-04-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-04-26 10:54]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\xxx\Nabídka Start\Programy\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\lkejiwvi.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc683e2 ... &lng=cs&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Winamp Toolbar - c:\program files\Winamp Toolbar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 14:41
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(248)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 14:45:17 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 12:45
ComboFix2.txt 2011-07-26 10:52
.
Před spuštěním: Volných bajtů: 32 923 693 056
Po spuštění: Volných bajtů: 32 835 973 120
.
- - End Of File - - ED2FCE8C6A9D9A6D58EB3EFC0CEECF29

Příspěvekod **memphisto** » 26 črc 2011 15:02

A výsledky toho Virustotalu?

Yelkinson · Příspěvekod **Yelkinson** » 26 črc 2011 15:05

tak ty dva soubory nemuzu najit i kdyz sem si dal zobrazit skryte soubory a slozky?

Příspěvekod **memphisto** » 26 črc 2011 15:11

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\system32\FlashPlayerCPLApp.cpl
c:\windows\Tasks\Symantec NetDetect.job

Folder::
c:\program files\Common Files\Symantec Shared
c:\program files\Symantec
c:\progra~1\SYMANT~1

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]

DDS::
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

Firefox::
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\lkejiwvi.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc683e2 ... &lng=cs&q=

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

Yelkinson · Příspěvekod **Yelkinson** » 26 črc 2011 15:47

ComboFix 11-07-26.02 - xxx 26.07.2011 15:28:21.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.255.9 [GMT 2:00]
Spuštěný z: c:\documents and settings\xxx\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\xxx\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\FlashPlayerCPLApp.cpl"
"c:\windows\Tasks\Symantec NetDetect.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\SYMANT~1
c:\progra~1\SYMANT~1\LUSETUP.EXE
c:\progra~1\SYMANT~1\Symantec AntiVirus\Cliproxy.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\Cliscan.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\clninst.bat
c:\progra~1\SYMANT~1\Symantec AntiVirus\COUNTRY.DAT
c:\progra~1\SYMANT~1\Symantec AntiVirus\Dec3.cfg
c:\progra~1\SYMANT~1\Symantec AntiVirus\Default.hst
c:\progra~1\SYMANT~1\Symantec AntiVirus\DefUtDCD.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\DefUtDCS.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\DefWatch.exe
c:\progra~1\SYMANT~1\Symantec AntiVirus\DoScan.exe
c:\progra~1\SYMANT~1\Symantec AntiVirus\DWHWizrd.exe
c:\progra~1\SYMANT~1\Symantec AntiVirus\dwLdPntScan.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\GenMar.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\I2ldvp3.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\IMail.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\LDVPREG.exe
c:\progra~1\SYMANT~1\Symantec AntiVirus\LuaWrap.exe
c:\progra~1\SYMANT~1\Symantec AntiVirus\LuHstEdt.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\Navap32.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\NAVAPI32.DLL
c:\progra~1\SYMANT~1\Symantec AntiVirus\NAVLU.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\NAVNTUTL.DLL
c:\progra~1\SYMANT~1\Symantec AntiVirus\nlnhook.exe
c:\progra~1\SYMANT~1\Symantec AntiVirus\nnewdefs.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\OEHeur.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\patch25d.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\PATCH32I.DLL
c:\progra~1\SYMANT~1\Symantec AntiVirus\PLATFORM.DAT
c:\progra~1\SYMANT~1\Symantec AntiVirus\qscomm32.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\QsInfo.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\qspak32.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\Rec2.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\Rtvscan.exe
c:\progra~1\SYMANT~1\Symantec AntiVirus\SAVCProd.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\SavEmail.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\savhelp.chm
c:\progra~1\SYMANT~1\Symantec AntiVirus\savmain.chm
c:\progra~1\SYMANT~1\Symantec AntiVirus\SavRoam.exe
c:\progra~1\SYMANT~1\Symantec AntiVirus\savrt.cat
c:\progra~1\SYMANT~1\Symantec AntiVirus\savrt.dat
c:\progra~1\SYMANT~1\Symantec AntiVirus\savrt.inf
c:\progra~1\SYMANT~1\Symantec AntiVirus\savrt.sys
c:\progra~1\SYMANT~1\Symantec AntiVirus\SavRT32.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\savrtpel.cat
c:\progra~1\SYMANT~1\Symantec AntiVirus\savrtpel.inf
c:\progra~1\SYMANT~1\Symantec AntiVirus\Savrtpel.sys
c:\progra~1\SYMANT~1\Symantec AntiVirus\SCANCFG.DAT
c:\progra~1\SYMANT~1\Symantec AntiVirus\SCANDLVR.DLL
c:\progra~1\SYMANT~1\Symantec AntiVirus\SCANDRES.DLL
c:\progra~1\SYMANT~1\Symantec AntiVirus\SDPCK32I.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\SDSNAPSX.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\SDSND32I.DLL
c:\progra~1\SYMANT~1\Symantec AntiVirus\SDSOK32I.DLL
c:\progra~1\SYMANT~1\Symantec AntiVirus\SDSTP32I.DLL
c:\progra~1\SYMANT~1\Symantec AntiVirus\SMSTR32I.DLL
c:\progra~1\SYMANT~1\Symantec AntiVirus\SRTLEXCL.DAT
c:\progra~1\SYMANT~1\Symantec AntiVirus\SRTSEXCL.DAT
c:\progra~1\SYMANT~1\Symantec AntiVirus\SymProtectStorage.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\SystemSnapshotRules.bin
c:\progra~1\SYMANT~1\Symantec AntiVirus\VPC32.exe
c:\progra~1\SYMANT~1\Symantec AntiVirus\VPDN_LU.exe
c:\progra~1\SYMANT~1\Symantec AntiVirus\vpmsece3.dll
c:\progra~1\SYMANT~1\Symantec AntiVirus\VPTray.exe
c:\progra~1\SYMANT~1\Symantec Client Firewall\ACDisp.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\AlertAst.exe
c:\progra~1\SYMANT~1\Symantec Client Firewall\AlertAst.tlb
c:\progra~1\SYMANT~1\Symantec Client Firewall\Ales.xml
c:\progra~1\SYMANT~1\Symantec Client Firewall\ALEScan.exe
c:\progra~1\SYMANT~1\Symantec Client Firewall\Branding.ini
c:\progra~1\SYMANT~1\Symantec Client Firewall\ccALE.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\ccEmFlSv.exe
c:\progra~1\SYMANT~1\Symantec Client Firewall\ccEmlflt.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\ccFWSetg.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\cfgwiz.dat
c:\progra~1\SYMANT~1\Symantec Client Firewall\CfgWzRes.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\CfgWzSvc.exe
c:\progra~1\SYMANT~1\Symantec Client Firewall\cpolicy.xml
c:\progra~1\SYMANT~1\Symantec Client Firewall\FIO.exe
c:\progra~1\SYMANT~1\Symantec Client Firewall\FREAles.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\FREIDS.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\FREInteg.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\FREMacro.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\FREProf.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\FREProps.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\FREPrvcy.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\FRERules.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\FRESettg.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\FRESPort.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\FWRuleIO.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\fwUI.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\GNULicns.txt
c:\progra~1\SYMANT~1\Symantec Client Firewall\HNetCore.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\HNetWiz.exe
c:\progra~1\SYMANT~1\Symantec Client Firewall\iamstats.exe
c:\progra~1\SYMANT~1\Symantec Client Firewall\IDSDefs\CATALOG.DAT
c:\progra~1\SYMANT~1\Symantec Client Firewall\IDSDefs\Metadata.dat
c:\progra~1\SYMANT~1\Symantec Client Firewall\IDSDefs\sigs.dat
c:\progra~1\SYMANT~1\Symantec Client Firewall\IDSDefs\SymIDSCo.sys
c:\progra~1\SYMANT~1\Symantec Client Firewall\IDSDefs\SymIDSCo.vxd
c:\progra~1\SYMANT~1\Symantec Client Firewall\IDSDefs\SymIDSI.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\IDSDefs\v.grd
c:\progra~1\SYMANT~1\Symantec Client Firewall\IDSDefs\v.sig
c:\progra~1\SYMANT~1\Symantec Client Firewall\IDSDefs\VIRSCAN1.DAT
c:\progra~1\SYMANT~1\Symantec Client Firewall\IDSDefs\zdone.dat
c:\progra~1\SYMANT~1\Symantec Client Firewall\ISLAlert.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\ISSTE.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\ISSVC.exe
c:\progra~1\SYMANT~1\Symantec Client Firewall\ISWrap.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\LocWiz.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\LogFwder.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\NISAbout.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\NISAlert.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\NisCfgWz.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\niscmnht.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\nisdef.dat
c:\progra~1\SYMANT~1\Symantec Client Firewall\NisEvt.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\nislcom.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\NisLog.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\NisLUCbk.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\NisLVPlg.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\nisopts.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\NiSPlug.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\NISPLUG.NSI
c:\progra~1\SYMANT~1\Symantec Client Firewall\NISProd.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\NisRes.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\nissess.tpl
c:\progra~1\SYMANT~1\Symantec Client Firewall\NisTray.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\NISVER.dat
c:\progra~1\SYMANT~1\Symantec Client Firewall\prsettg.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\RLevel.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\SCF.chm
c:\progra~1\SYMANT~1\Symantec Client Firewall\SCFInteg.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\SFwAlert.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\SNLog.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\SymFwAgt.DLL
c:\progra~1\SYMANT~1\Symantec Client Firewall\SymSPort.exe
c:\progra~1\SYMANT~1\Symantec Client Firewall\SymUIAx2.ocx
c:\progra~1\SYMANT~1\Symantec Client Firewall\TLData.xml
c:\progra~1\SYMANT~1\Symantec Client Firewall\TLevel.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\TTracerPxy.dll
c:\progra~1\SYMANT~1\Symantec Client Firewall\WrapUM.dll
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\actres.dll
c:\program files\Common Files\Symantec Shared\AdBlocking\adDef.dat
c:\program files\Common Files\Symantec Shared\AdBlocking\FREAdblk.dll
c:\program files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
c:\program files\Common Files\Symantec Shared\AdBlocking\PxyLog.dll
c:\program files\Common Files\Symantec Shared\AdBlocking\SymWbOpt.dll
c:\program files\Common Files\Symantec Shared\ccAlert.dll
c:\program files\Common Files\Symantec Shared\ccApp.exe
c:\program files\Common Files\Symantec Shared\ccDec.dll
c:\program files\Common Files\Symantec Shared\ccEmlPxy.dll
c:\program files\Common Files\Symantec Shared\ccErrDsp.dll
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccInst.dll
c:\program files\Common Files\Symantec Shared\ccL35.dll
c:\program files\Common Files\Symantec Shared\ccLgView.exe
c:\program files\Common Files\Symantec Shared\ccLogin.dll
c:\program files\Common Files\Symantec Shared\ccProd.dll
c:\program files\Common Files\Symantec Shared\ccProSub.dll
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\ccPwd.dll
c:\program files\Common Files\Symantec Shared\ccPwdSvc.exe
c:\program files\Common Files\Symantec Shared\ccPxyEvt.dll
c:\program files\Common Files\Symantec Shared\ccPxyIns.dll
c:\program files\Common Files\Symantec Shared\ccScan.dll
c:\program files\Common Files\Symantec Shared\ccSet.dll
c:\program files\Common Files\Symantec Shared\ccSetEvt.dll
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccVrTrst.dll
c:\program files\Common Files\Symantec Shared\ccWebWnd.dll
c:\program files\Common Files\Symantec Shared\CfgWiz.exe
c:\program files\Common Files\Symantec Shared\cfgwiz.tlb
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll
c:\program files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll
c:\program files\Common Files\Symantec Shared\Decomposers\DecSDK.dll
c:\program files\Common Files\Symantec Shared\Default.rul
c:\program files\Common Files\Symantec Shared\DefUtDCD.dll
c:\program files\Common Files\Symantec Shared\DPHTML.dll
c:\program files\Common Files\Symantec Shared\DPHTTP.dll
c:\program files\Common Files\Symantec Shared\DPJS.dll
c:\program files\Common Files\Symantec Shared\DPVBS.dll
c:\program files\Common Files\Symantec Shared\ecmldr32.DLL
c:\program files\Common Files\Symantec Shared\Firewall.BAK
c:\program files\Common Files\Symantec Shared\Firewall.rul
c:\program files\Common Files\Symantec Shared\Help\CCLGVIEW.CHM
c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
c:\program files\Common Files\Symantec Shared\IDS\IdsInst.exe
c:\program files\Common Files\Symantec Shared\LocationMap.dat
c:\program files\Common Files\Symantec Shared\NMain.exe
c:\program files\Common Files\Symantec Shared\Options\ASOpts.dll
c:\program files\Common Files\Symantec Shared\Options\Options.dll
c:\program files\Common Files\Symantec Shared\Options\symad.dll
c:\program files\Common Files\Symantec Shared\Options\UIHelper.dll
c:\program files\Common Files\Symantec Shared\Options\VTCache.dll
c:\program files\Common Files\Symantec Shared\Persist.BAK
c:\program files\Common Files\Symantec Shared\Persist.Dat
c:\program files\Common Files\Symantec Shared\PFAdBlk.dll
c:\program files\Common Files\Symantec Shared\PFMisc.dll
c:\program files\Common Files\Symantec Shared\PFPriv.dll
c:\program files\Common Files\Symantec Shared\PFSec.dll
c:\program files\Common Files\Symantec Shared\PxyHTTP.dll
c:\program files\Common Files\Symantec Shared\PxyIM.dll
c:\program files\Common Files\Symantec Shared\sevinst.exe
c:\program files\Common Files\Symantec Shared\SMNLnch.exe
c:\program files\Common Files\Symantec Shared\SNDALRT.log
c:\program files\Common Files\Symantec Shared\SNDCON.log
c:\program files\Common Files\Symantec Shared\SNDDBG.log
c:\program files\Common Files\Symantec Shared\SNDFW.log
c:\program files\Common Files\Symantec Shared\SNDIDS.log
c:\program files\Common Files\Symantec Shared\SNDInst.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SNDSYS.log
c:\program files\Common Files\Symantec Shared\SNDunin.dll
c:\program files\Common Files\Symantec Shared\SPBBC\BB.dll
c:\program files\Common Files\Symantec Shared\SPBBC\bbRGen.dll
c:\program files\Common Files\Symantec Shared\SPBBC\init.kc
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log
c:\program files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.CAT
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.inf
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\UpdMgr.exe
c:\program files\Common Files\Symantec Shared\SPManifests\ccALE.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ccALE.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ccALE.spm
c:\program files\Common Files\Symantec Shared\SPManifests\ccCommon.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ccCommon.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ccCommon.spm
c:\program files\Common Files\Symantec Shared\SPManifests\ccEmlFlt.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ccEmlFlt.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ccEmlFlt.spm
c:\program files\Common Files\Symantec Shared\SPManifests\ccFWSetg.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ccFWSetg.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ccFWSetg.spm
c:\program files\Common Files\Symantec Shared\SPManifests\ccOEH.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ccOEH.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ccOEH.spm
c:\program files\Common Files\Symantec Shared\SPManifests\ccPxyCre.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ccPxyCre.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ccPxyCre.spm
c:\program files\Common Files\Symantec Shared\SPManifests\ccPxyExt.grd
c:\program files\Common Files\Symantec Shared\SPManifests\ccPxyExt.sig
c:\program files\Common Files\Symantec Shared\SPManifests\ccPxyExt.spm
c:\program files\Common Files\Symantec Shared\SPManifests\PFAdBlk.grd
c:\program files\Common Files\Symantec Shared\SPManifests\PFAdBlk.sig
c:\program files\Common Files\Symantec Shared\SPManifests\PFAdBlk.spm
c:\program files\Common Files\Symantec Shared\SPManifests\PFMisc.grd
c:\program files\Common Files\Symantec Shared\SPManifests\PFMisc.sig
c:\program files\Common Files\Symantec Shared\SPManifests\PFMisc.spm
c:\program files\Common Files\Symantec Shared\SPManifests\PFPriv.grd
c:\program files\Common Files\Symantec Shared\SPManifests\PFPriv.sig
c:\program files\Common Files\Symantec Shared\SPManifests\PFPriv.spm
c:\program files\Common Files\Symantec Shared\SPManifests\PFSec.grd
c:\program files\Common Files\Symantec Shared\SPManifests\PFSec.sig
c:\program files\Common Files\Symantec Shared\SPManifests\PFSec.spm
c:\program files\Common Files\Symantec Shared\SPManifests\PxyIM.grd
c:\program files\Common Files\Symantec Shared\SPManifests\PxyIM.sig
c:\program files\Common Files\Symantec Shared\SPManifests\PxyIM.spm
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.grd
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.sig
c:\program files\Common Files\Symantec Shared\SPManifests\Snd.spm
c:\program files\Common Files\Symantec Shared\SPManifests\SPBBC.grd
c:\program files\Common Files\Symantec Shared\SPManifests\SPBBC.sig
c:\program files\Common Files\Symantec Shared\SPManifests\SPBBC.spm
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG
c:\program files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM
c:\program files\Common Files\Symantec Shared\SPManifests\SymFwAgt.grd
c:\program files\Common Files\Symantec Shared\SPManifests\SymFwAgt.sig
c:\program files\Common Files\Symantec Shared\SPManifests\SymFwAgt.spm
c:\program files\Common Files\Symantec Shared\SPManifests\TLevel.grd
c:\program files\Common Files\Symantec Shared\SPManifests\TLevel.sig
c:\program files\Common Files\Symantec Shared\SPManifests\TLevel.spm
c:\program files\Common Files\Symantec Shared\SSC\ExchngUI.ocx
c:\program files\Common Files\Symantec Shared\SSC\IMailUI.ocx
c:\program files\Common Files\Symantec Shared\SSC\LDDateTm.ocx
c:\program files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx
c:\program files\Common Files\Symantec Shared\SSC\LDVPDlgs.ocx
c:\program files\Common Files\Symantec Shared\SSC\LDVPTask.ocx
c:\program files\Common Files\Symantec Shared\SSC\ldvpui.ocx
c:\program files\Common Files\Symantec Shared\SSC\LDVPView.ocx
c:\program files\Common Files\Symantec Shared\SSC\scandlgs.dll
c:\program files\Common Files\Symantec Shared\SSC\ScsComms.dll
c:\program files\Common Files\Symantec Shared\SSC\SymProtectUI.ocx
c:\program files\Common Files\Symantec Shared\SSC\Transman.dll
c:\program files\Common Files\Symantec Shared\SSC\vpshell2.dll
c:\program files\Common Files\Symantec Shared\SSC\webshell.dll
c:\program files\Common Files\Symantec Shared\SymLCUI.dll
c:\program files\Common Files\Symantec Shared\SymLTCOM.dll
c:\program files\Common Files\Symantec Shared\SymUIHlp.dll
c:\program files\Common Files\Symantec Shared\Validate.dat
c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LuComServer_2_6.EXE
c:\program files\Symantec\LiveUpdate\LuComServerPS_2_6.DLL
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\luinventoryinst.jar
c:\program files\Symantec\LiveUpdate\LuPreCon.DLL
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\LUSESAIntegration.dll
c:\program files\Symantec\LiveUpdate\NDETECT.EXE
c:\program files\Symantec\LiveUpdate\NetDetectController_2_6.DLL
c:\program files\Symantec\LiveUpdate\pegclient.DLL
c:\program files\Symantec\LiveUpdate\pegcommon.DLL
c:\program files\Symantec\LiveUpdate\ProductRegCom_2_6.DLL
c:\program files\Symantec\LiveUpdate\ProductRegComPS_2_6.DLL
c:\program files\Symantec\LiveUpdate\providerInst.jar
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\SESA.Settings.LiveUpdate
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.log
c:\program files\Symantec\LiveUpdate\UNRAR.DLL
c:\program files\Symantec\LiveUpdate\winluproviderinst.jar
c:\program files\Symantec\S32EVNT1.DLL
c:\program files\Symantec\SYMEVENT.CAT
c:\program files\Symantec\SYMEVENT.INF
c:\program files\Symantec\SYMEVENT.SYS
c:\windows\system32\FlashPlayerCPLApp.cpl
c:\windows\Tasks\Symantec NetDetect.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_eeCtrl
-------\Service_eeCtrl
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 13:03 . 2011-07-26 13:24 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-07-26 12:44 . 2011-07-26 12:55 -------- d-----w- c:\windows\LastGood.Tmp
2011-07-26 09:37 . 2011-07-26 09:37 -------- d-----w- c:\documents and settings\xxx\Data aplikací\Malwarebytes
2011-07-26 09:37 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 09:37 . 2011-07-26 09:37 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-07-26 09:37 . 2011-07-26 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 09:37 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 09:35 . 2011-07-26 09:35 388096 ----a-r- c:\documents and settings\xxx\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-26 09:35 . 2011-07-26 09:35 -------- d-----w- c:\program files\Trend Micro
2011-07-26 09:34 . 2011-07-26 09:35 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-22 19:38 . 2011-04-26 18:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-26_10.49.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-05-26 02:16 . 2009-08-06 17:24 44768 c:\windows\system32\wups2.dll
+ 2006-04-06 18:52 . 2009-08-06 17:24 35552 c:\windows\system32\wups.dll
+ 2006-04-06 18:52 . 2009-08-06 17:24 53472 c:\windows\system32\wuauclt.exe
+ 2011-07-26 12:44 . 2009-08-06 17:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2011-07-26 12:44 . 2009-08-06 17:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2006-04-06 18:52 . 2009-08-06 17:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2006-04-06 18:52 . 2009-08-06 17:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-18 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-18 12:00 . 2009-08-06 17:24 96480 c:\windows\system32\cdm.dll
+ 2006-04-06 18:52 . 2009-08-06 17:24 209632 c:\windows\system32\wuweb.dll
+ 2006-04-06 18:52 . 2009-08-06 17:24 327896 c:\windows\system32\wucltui.dll
+ 2006-04-06 18:52 . 2009-08-06 17:23 575704 c:\windows\system32\wuapi.dll
+ 2006-04-06 18:52 . 2009-08-06 17:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2006-04-06 18:52 . 2009-08-06 17:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2006-04-06 18:52 . 2009-08-06 17:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2006-04-06 18:52 . 2009-08-06 17:23 1929952 c:\windows\system32\wuaueng.dll
+ 2006-04-06 18:52 . 2009-08-06 17:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Rychlé spuštění aplikace HP Image Zone.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk
backup=c:\windows\pss\Rychlé spuštění aplikace HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^xxx^Nabídka Start^Programy^Po spuštění^IMVU.lnk]
path=c:\documents and settings\xxx\Nabídka Start\Programy\Po spuštění\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 21:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBDriver]
2004-08-25 21:27 151552 ----a-w- c:\program files\Keyboard Driver\OEMDriver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2005-10-26 15:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-22 08:42 90112 ----a-r- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wha1.115]
c:\windows\System32\wha1.115.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wha1.116]
c:\windows\System32\wha1.116.exe [BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Need For Speed III\\nfs3.exe"=
"c:\\WINDOWS\\system32\\named.exe"=
"c:\\Program Files\\Metin2_TESTER\\metin2.bin"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3.6.2010 17:43 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3.6.2010 17:43 19024]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [28.12.2006 19:04 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [28.12.2006 19:04 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [28.12.2006 19:04 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [28.12.2006 19:04 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [28.12.2006 19:04 83344]
S3 z530bus;Sony Ericsson Z530 Driver driver (WDM);c:\windows\system32\drivers\z530bus.sys [28.12.2006 19:04 58288]
S3 z530mdfl;Sony Ericsson Z530 USB WMC Modem Filter;c:\windows\system32\drivers\z530mdfl.sys [28.12.2006 19:04 8336]
S3 z530mdm;Sony Ericsson Z530 USB WMC Modem Driver;c:\windows\system32\drivers\z530mdm.sys [28.12.2006 19:04 94064]
S3 z530mgmt;Sony Ericsson Z530 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\z530mgmt.sys [28.12.2006 19:04 85408]
S3 z530obex;Sony Ericsson Z530 USB WMC OBEX Interface;c:\windows\system32\drivers\z530obex.sys [28.12.2006 19:04 83344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-26 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 15:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\xxx\Nabídka Start\Programy\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\xxx\Data aplikací\Mozilla\Firefox\Profiles\lkejiwvi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 15:41
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3092)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Celkový čas: 2011-07-26 15:45:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-26 13:45
ComboFix2.txt 2011-07-26 12:45
ComboFix3.txt 2011-07-26 10:52
.
Před spuštěním: Volných bajtů: 31 740 133 376
Po spuštění: Volných bajtů: 31 685 890 048
.
- - End Of File - - 74372B522FE3A91520D0F20E1A5F0C9E

prosim o kontrolu logu Hjt+MALW. Vyřešeno

prosim o kontrolu logu Hjt+MALW.

Re: prosim o kontrolu logu Hjt+MALW.

Re: prosim o kontrolu logu Hjt+MALW.

Re: prosim o kontrolu logu Hjt+MALW.

Re: prosim o kontrolu logu Hjt+MALW.

Re: prosim o kontrolu logu Hjt+MALW.

Re: prosim o kontrolu logu Hjt+MALW.

Re: prosim o kontrolu logu Hjt+MALW.

Re: prosim o kontrolu logu Hjt+MALW.

Re: prosim o kontrolu logu Hjt+MALW.

Re: prosim o kontrolu logu Hjt+MALW.

Re: prosim o kontrolu logu Hjt+MALW.

Kdo je online