Pomalý internet

[stell]

odinstaluj programy
Search Settings v1.2.3
LiveUpdate (Symantec Corporation)
"MyWaySearchAssistant" = Search Assistant - My Search
"MyWebSearch bar Uninstall" = My Web Search
Spust OTL a do okna vloz skript.
Klik na Opravit, PC sa restartuje,log vloz sem.

Kód: Vybrat vše

:OTL
PRC - [2009.12.16 18:50:04 | 000,975,360 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
PRC - [2009.12.16 18:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
SRV - File not found [Auto | Stopped] -- -- (MyWebSearchService)
SRV - [2009.12.16 18:38:20 | 000,375,296 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redi ... ZNfox000(2)&fl=0&ptb=yTjoWmVDjWnPuECReFpV3Q&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
IE - HKU\S-1-5-21-980395369-2884343617-341151217-1005\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-980395369-2884343617-341151217-1005\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-980395369-2884343617-341151217-1005\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\standard\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-980395369-2884343617-341151217-1005\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-980395369-2884343617-341151217-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: dealio@mybrowserbar.com:4.0.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000(2)&fl=0&ptb=yTjoWmVDjWnPuECReFpV3Q&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (MyWay Search Assistant BHO) - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL File not found
O2 - BHO: (myBar BHO) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\standard\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\standard\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (My &Search Bar) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-980395369-2884343617-341151217-1005\..\Toolbar\ShellBrowser: (My &Search Bar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
O3 - HKU\S-1-5-21-980395369-2884343617-341151217-1005\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-980395369-2884343617-341151217-1005\..\Toolbar\ShellBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-980395369-2884343617-341151217-1005\..\Toolbar\WebBrowser: (My &Search Bar) - {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL File not found
O3 - HKU\S-1-5-21-980395369-2884343617-341151217-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKU\S-1-5-21-980395369-2884343617-341151217-1005\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-980395369-2884343617-341151217-1005..\Run: [QIP Internet Guardian] C:\Documents and Settings\standard\Application Data\QipGuard\QipGuard.exe ()
O4 - Startup: C:\Documents and Settings\Katka\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe File not found
O16 - DPF: {98264495-6376-443C-9340-2996038BD143} http://panorama.corinthia.cz/VaCtrl.cab  (VaCtrl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/standard/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O33 - MountPoints2\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\Shell\AutoRun\command - "" = J:\vatra\pecka.exe -- File not found
O33 - MountPoints2\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\Shell\explore\command - "" = J:\vatra\pecka.exe -- File not found
O33 - MountPoints2\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\Shell\install\command - "" = J:\vatra\pecka.exe -- File not found
O33 - MountPoints2\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\Shell\open\command - "" = J:\vatra\pecka.exe -- File not found
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
:files
C:\Windows\System32\*.tmp
C:\Windows\*.tmp
C:\Documents and Settings\standard\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll 
C:\Program Files\Search Settings
C:\Program Files\MyWay
C:\Program Files\Dealio Toolbar
:Commands
[EMPTYFLASH]
[emptytemp]
[ClearAllRestorePoints]
[resethosts]
[start explorer]
[Reboot]

[ElHyno]

programy "MyWaySearchAssistant" = Search Assistant - My Search
"MyWebSearch bar Uninstall" = My Web Search nešlo odebrat, píše že modul nebyl nalezen, tak jsem aspoň dohledal složky a ty smazal.

Kód: Vybrat vše

All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
No active process named ApplicationUpdater.exe was found!
No active process named ICQ Service.exe was found!
Service MyWebSearchService stopped successfully!
Service MyWebSearchService deleted successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Program Files\ICQ6Toolbar\ICQ Service.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultUrl| /E : value set successfully!
HKU\S-1-5-21-980395369-2884343617-341151217-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
C:\Documents and Settings\standard\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" removed from browser.search.defaulturl
Prefs.js: "chr-greentree_ff&type=867034" removed from browser.search.param.yahoo-fr
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: dealio@mybrowserbar.com:4.0.2 removed from extensions.enabledItems
Prefs.js: searchsettings@spigot.com:1.2.3 removed from extensions.enabledItems
Prefs.js: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZNfox000(2)&fl=0&ptb=yTjoWmVDjWnPuECReFpV3Q&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ deleted successfully.
C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04079851-5845-4dea-848C-3ECD647AA554}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Documents and Settings\standard\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Documents and Settings\standard\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
c:\Program Files\Google\GoogleToolbar4.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Program Files\Java\jre6\bin\jp2ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File c:\Program Files\Google\GoogleToolbar4.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\ not found.
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File c:\Program Files\Google\GoogleToolbar4.dll not found.
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\ not found.
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File c:\Program Files\Google\GoogleToolbar4.dll not found.
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files\Search Settings\SearchSettings.exe not found.
Registry value HKEY_USERS\S-1-5-21-980395369-2884343617-341151217-1005\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian deleted successfully.
C:\Documents and Settings\standard\Application Data\QipGuard\QipGuard.exe moved successfully.
C:\Documents and Settings\Katka\Start Menu\Programs\Startup\Stardock ObjectDock.lnk moved successfully.
Starting removal of ActiveX control {98264495-6376-443C-9340-2996038BD143}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{98264495-6376-443C-9340-2996038BD143}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{98264495-6376-443C-9340-2996038BD143}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98264495-6376-443C-9340-2996038BD143}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{98264495-6376-443C-9340-2996038BD143}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98264495-6376-443C-9340-2996038BD143}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File file:///C:/DOCUME~1/standard/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\ not found.
File J:\vatra\pecka.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\ not found.
File J:\vatra\pecka.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\ not found.
File J:\vatra\pecka.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b3fc2ec6-63bc-11de-92b9-0019db35e478}\ not found.
File J:\vatra\pecka.exe not found.
C:\WINDOWS\003215_.tmp deleted successfully.
C:\WINDOWS\DUMP7bd7.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET2A.tmp deleted successfully.
C:\WINDOWS\System32\SET37.tmp deleted successfully.
C:\WINDOWS\System32\SET50.tmp deleted successfully.
C:\WINDOWS\System32\SET51.tmp deleted successfully.
C:\WINDOWS\System32\SET9E.tmp deleted successfully.
C:\WINDOWS\System32\SETA3.tmp deleted successfully.
C:\WINDOWS\System32\SETAA.tmp deleted successfully.
C:\WINDOWS\System32\SETB3.tmp deleted successfully.
C:\WINDOWS\System32\SETB4.tmp deleted successfully.
C:\WINDOWS\System32\SETB5.tmp deleted successfully.
C:\WINDOWS\System32\SETB6.tmp deleted successfully.
C:\WINDOWS\System32\SETB8.tmp deleted successfully.
C:\WINDOWS\System32\drivers\OLDF.tmp deleted successfully.
========== FILES ==========
File\Folder C:\Windows\System32\*.tmp not found.
File\Folder C:\Windows\*.tmp not found.
File\Folder C:\Documents and Settings\standard\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll not found.
File\Folder C:\Program Files\Search Settings not found.
File\Folder C:\Program Files\MyWay not found.
C:\Program Files\Dealio Toolbar\Res folder moved successfully.
C:\Program Files\Dealio Toolbar\IE\4.0.2 folder moved successfully.
C:\Program Files\Dealio Toolbar\IE folder moved successfully.
C:\Program Files\Dealio Toolbar\FF\components folder moved successfully.
C:\Program Files\Dealio Toolbar\FF\chrome\skin folder moved successfully.
C:\Program Files\Dealio Toolbar\FF\chrome\locale\EN-US folder moved successfully.
C:\Program Files\Dealio Toolbar\FF\chrome\locale folder moved successfully.
C:\Program Files\Dealio Toolbar\FF\chrome\content folder moved successfully.
C:\Program Files\Dealio Toolbar\FF\chrome folder moved successfully.
C:\Program Files\Dealio Toolbar\FF folder moved successfully.
C:\Program Files\Dealio Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
 
User: Katka
->Flash cache emptied: 5345 bytes
 
User: LocalService
 
User: NetworkService
 
User: standard
->Flash cache emptied: 1907509 bytes
 
Total Flash Files Cleaned = 2,00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Katka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 1014514 bytes
->FireFox cache emptied: 66641560 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 98438 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: standard
->Temp folder emptied: 785937 bytes
->Temporary Internet Files folder emptied: 613129330 bytes
->Java cache emptied: 106707304 bytes
->FireFox cache emptied: 36602411 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 787,00 mb
 
Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.7.0 log created on 07022010_165749

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[stell]

nedavaj logy do code.
stiahnes USBFIX na plochu,pripoj vsetko co pouzivas cez USB-,,kluce,,Kameru,Mp3,,vsetko,,,vypnut Antivir-a spust USBFIX-stalc gombik-[suppression][deletion]] ..log po restarte vloz sem/
http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe
vycistit pocitac
Stáhni, nainstaluj program CCleaner - http://www.ccleaner.com/download/downloadpage.aspx?f=2
- PravyKlik na kos-spustit ccleaner ->>>Cakas>>na cistenie,,
PravyKlik na kos-otvorit ccleaner-záložka Windows a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na záložku Aplikace a stiskni Analyzovat a poté Spustit Cleaner
- Klikni na Registry, stiskni Hledej problémy, po dokončení skenování klikni na Opravit vybrané problémy,
-zvol Ano pro vytvoření zálohy, ulož nabídnutý soubor a klikni na Opravit všechny problémy,
Stiahnes na plochu TFC
zatvor vsetko co mas otvorene a spust-po skane restart.
stiahnes T-Cleaner-spustit-stale mackat A-[enter].
http://sweb.cz/Marinus/T-Cleaner.exe
stiahni>>OTC
2x-kliknite OTC.exe.
Kliknite na tlačidlo CleanUp!
Vyberte Áno, ak
Otvorenie procesu čistenia?
zobrazí upozornenie.
Ak sa zobrazí výzva na reštartovanie počas čistenia, vyberte Áno.
Nástroj sám zmaže, keď to skončí, ak nie odstrániť .
Stiahnes>>Malwarebytes' Anti-Malware stiahnut-nainstalovat -aktualizovat-
sprav komplet skan,co najde zmaz,log vloz sem,
PROSIM CITAJTE POZORNE NAVODY!!!,

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte>>
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Suhlasit instalacio Konzoly pre zotavenie (Recovery console)


- ComboFix je třeba spustit pod účtem s právy administrátora.
- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano;

A este raz >ANO<

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího modreho okna

- Po dokončení skenování, trvajícího maximálně 10-15 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah do svého threadu na forum
- Před použitím ComboFixu je treba vypnout všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary. NAVOD: http://www.bleepingcomputer.com/forums/topic114351.html
Mohou zasahovat do činnosti ComboFixu, což může způsobit, že nebude fungovat korektně.
V případě detekce antiviru u ComboFixu se jedná o falešný poplach.

[ElHyno]

############################## | UsbFix 7.015 | [Deletion]

User: standard (Administrator) # STANDARD [ ]
Updated 01/07/10 by El Desaparecido / C_XX
Started at 11:12:28 | 05/07/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
CPU 2: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Disabled /!\
Antivirus: avast! antivirus 4.8.0 [VPS 091230-0] 4.8.0 [(!) Disabled | (!) Outdated]
RAM -> 1022 Mb
C:\ (%systemdrive%) -> Fixed drive # 225 Gb (149 Mb free - 66%) [System] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 969 Mb (139 Mb free - 14%) [] # FAT
J:\ -> Removable drive # 8 Gb (623 Mb free - 8%) [] # FAT32
K:\ -> Removable drive # 8 Gb (8 Mb free - 100%) [] # FAT32

################## | Files # Infected Folders |

Deleted ! J:\log.txt

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Listing |

[07/12/2008 - 17:31:08 | A | 5242880] C:\10069_1310Manual TDO - 5.vydani.zip
[09/08/2009 - 07:47:57 | D ] C:\2898770e7d72dfde07
[06/01/2007 - 16:41:58 | D ] C:\5c12f6c85ac223b6531f146af0
[28/11/2006 - 20:16:18 | D ] C:\APPS
[05/07/2010 - 09:56:00 | RAD ] C:\Autorun.inf
[17/02/2008 - 20:02:33 | A | 46015] C:\avi_log.txt
[28/11/2006 - 20:05:18 | RASH | 208] C:\BOOT.BAK
[24/12/2006 - 23:03:04 | RASH | 279] C:\BOOT.INI
[31/05/2007 - 17:30:15 | D ] C:\CanonMF
[03/05/2008 - 11:59:38 | A | 4038] C:\CCS7_CZ.DAT
[28/11/2006 - 20:05:21 | RASHD ] C:\cmdcons
[10/08/2004 - 16:00:00 | RASH | 260272] C:\cmldr
[05/07/2010 - 11:05:17 | A | 12561] C:\ComboFix.txt
[02/07/2010 - 17:00:11 | D ] C:\Config.Msi
[20/10/2008 - 21:11:15 | D ] C:\C_DILLA
[06/01/2007 - 16:42:29 | D ] C:\da8ed2c9c7ceae21531976
[02/03/2007 - 19:50:19 | D ] C:\DIGITAL
[28/11/2006 - 21:27:00 | D ] C:\DIVTOOLS
[26/12/2006 - 13:53:04 | D ] C:\Documents and Settings
[19/08/2007 - 16:05:12 | D ] C:\Downloads
[24/12/2006 - 23:03:30 | D ] C:\DRIVERS
[28/11/2006 - 21:32:10 | A | 6066] C:\DWNLOG.TXT
[26/04/2008 - 10:33:33 | A | 5704] C:\EWSD_CZ.DAT
[17/02/2008 - 20:02:34 | A | 921654] C:\extended.jpg
[05/07/2010 - 10:17:27 | ASH | 1072156672] C:\hiberfil.sys
[20/06/2007 - 11:00:50 | A | 296] C:\ICQLite.log
[28/11/2006 - 20:06:56 | RASH | 0] C:\IO.SYS
[07/09/2008 - 16:11:56 | A | 210] C:\ja-vs-nadal.upd
[18/07/2007 - 21:47:57 | A | 9272] C:\mediamp3.dat
[15/11/2008 - 17:58:20 | A | 1784267] C:\Metallica.MP3
[28/11/2006 - 20:06:56 | RASH | 0] C:\MSDOS.SYS
[25/10/2007 - 10:28:21 | RD ] C:\MSOCache
[29/05/2007 - 20:23:44 | D ] C:\My Downloads
[03/11/2007 - 12:15:47 | D ] C:\nevimco
[10/08/2004 - 16:00:00 | A | 47564] C:\NTDETECT.COM
[22/09/2008 - 14:38:55 | A | 250048] C:\NTLDR
[17/02/2008 - 20:02:34 | A | 921654] C:\original.jpg
[05/07/2010 - 10:17:16 | ASH | 1608126464] C:\pagefile.sys
[28/11/2006 - 21:31:36 | D ] C:\PNP
[05/07/2010 - 10:21:20 | D ] C:\Program Files
[05/07/2010 - 11:05:19 | D ] C:\Qoobox
[05/07/2010 - 11:13:20 | SHD ] C:\RECYCLER
[28/11/2006 - 19:47:02 | A | 499] C:\RHDSetup.log
[28/11/2006 - 20:21:50 | A | 1073] C:\SAUDIT.TXT
[11/05/2008 - 13:13:36 | A | 4513] C:\SDH_CZ.DAT
[15/11/2008 - 17:35:55 | D ] C:\SmartSound Software
[05/07/2010 - 10:19:04 | SHD ] C:\System Volume Information
[29/12/2006 - 13:02:29 | D ] C:\temp
[29/09/2007 - 09:51:44 | D ] C:\totalcmd
[07/12/2008 - 17:16:58 | H | 835943] C:\treeinfo.wc
[05/07/2010 - 11:13:20 | D ] C:\UsbFix
[05/07/2010 - 11:13:24 | A | 1280] C:\UsbFix.txt
[05/07/2010 - 11:02:08 | D ] C:\WINDOWS
[27/12/2006 - 10:37:48 | D ] C:\~MSSETUP.T
[02/09/2006 - 08:58:40 | D ] E:\OMGAUDIO
[24/12/2006 - 23:50:32 | AH | 296] E:\WMPInfo.xml
[30/07/2008 - 12:33:40 | D ] E:\Music
[05/07/2010 - 09:56:02 | RASHD ] E:\Autorun.inf
[12/09/2009 - 09:28:36 | D ] J:\Dokumenty
[12/09/2009 - 09:35:34 | D ] J:\Filmy
[12/09/2009 - 11:43:00 | D ] J:\EWSD
[12/09/2009 - 11:43:34 | D ] J:\SDH_CZ
[12/09/2009 - 11:44:04 | D ] J:\DMP
[12/09/2009 - 11:44:44 | D ] J:\CCS7
[12/09/2009 - 11:45:08 | D ] J:\ISDN97
[12/09/2009 - 11:47:52 | D ] J:\MPLAB_7
[12/09/2009 - 11:53:48 | D ] J:\SDH_01
[18/10/2009 - 10:50:38 | RSHD ] J:\RECYCLER
[30/10/2009 - 12:53:26 | A | 3478458] J:\Fiber optic welding.AVI
[02/03/2010 - 12:24:20 | D ] J:\EPLAN
[05/03/2010 - 22:52:22 | A | 388819] J:\Data communication.pptx
[02/11/2009 - 23:46:06 | A | 73216] J:\boltzman.doc
[02/11/2009 - 23:08:20 | A | 281088] J:\Faceb00k.ppt
[06/02/2010 - 15:44:36 | D ] J:\Angels.and.Demons.2009.DVDRip.XviD-LW
[06/03/2010 - 15:12:24 | D ] J:\OPTIKA
[08/01/2000 - 21:09:56 | A | 136192] J:\optika.ppt
[09/04/2010 - 15:07:14 | A | 24148738] J:\Příklady.rar
[15/03/2010 - 12:34:32 | D ] J:\Bakalářka
[28/04/2010 - 10:51:52 | A | 212040] J:\Schmittův klopný obvod.pptx
[28/04/2010 - 11:05:42 | A | 105650] J:\Zdroj proudu.pptx
[28/04/2010 - 11:05:46 | A | 1615360] J:\Zdroj proudu2.ppt
[28/04/2010 - 13:29:00 | AH | 165] J:\~$Zdroj proudu.pptx
[13/05/2010 - 12:12:00 | D ] J:\kat
[28/04/2010 - 11:07:12 | A | 514560] J:\Schmittův klopný obvod.ppt
[05/07/2010 - 09:58:12 | RASHD ] J:\Autorun.inf
[13/05/2010 - 12:23:12 | RSHD ] J:\vatra
[23/01/2010 - 13:30:40 | A | 42011736] J:\setupcze.exe
[22/10/2009 - 11:37:38 | A | 781909] J:\RSIT.exe
[05/07/2010 - 10:29:08 | A | 15685] J:\mbam-log-2010-07-05 (10-28-57).txt
[05/07/2010 - 11:10:22 | A | 1204924] J:\UsbFix.exe
[27/05/2010 - 17:33:52 | D ] K:\bakalářka pdf
[05/07/2010 - 09:58:14 | RASHD ] K:\Autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
J:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
K:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_STANDARD.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

[ElHyno]

############################## | UsbFix 7.015 | [Research]

User: standard (Administrator) # STANDARD [ ]
Updated 01/07/10 by El Desaparecido / C_XX
Started at 11:10:44 | 05/07/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
CPU 2: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 8.0.6001.18702

Windows Firewall: Disabled /!\
Antivirus: avast! antivirus 4.8.0 [VPS 091230-0] 4.8.0 [(!) Disabled | (!) Outdated]
RAM -> 1022 Mb
C:\ (%systemdrive%) -> Fixed drive # 225 Gb (149 Mb free - 66%) [System] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 969 Mb (139 Mb free - 14%) [] # FAT
J:\ -> Removable drive # 8 Gb (623 Mb free - 8%) [] # FAT32
K:\ -> Removable drive # 8 Gb (8 Mb free - 100%) [] # FAT32

################## | Files # Infected Folders |

Found ! J:\log.txt

################## | Registry |

Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Found ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Found ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

################## | Mountpoints2 |


################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
E:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
J:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
K:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | E.O.F |

[ElHyno]

u Malwarebytes mi nešlo smazat ty soubory, nejdrří probíhalo ukládání do karantény, ale čekal jsem 15 min a furt se nic nedělo.
Nicméně log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5.7.2010 10:28:57
mbam-log-2010-07-05 (10-28-57).txt

Typ skenu: Rychlý sken
Skenované objekty: 137828
Uplynulý čas: 6 minuta(y), 20 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 112
Infikované hodnoty registru: 3
Infikované datové položky registru: 4
Infikované složky: 5
Infikované soubory: 7

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4dea-848c-3ecd647aa554} (Adware.MywaySearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{04079851-5845-4dea-848c-3ecd647aa554} (Adware.MywaySearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant (Adware.MyWaySearch) -> No action taken.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWay (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{209078af-4ad3-49af-9920-5a1d95eef295}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.220 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{660e2bc9-b746-41e8-a4f9-fadcfdb5bd55}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.220 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{660e2bc9-b746-41e8-a4f9-fadcfdb5bd55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.220 -> No action taken.

Infikované složky:
C:\Documents and Settings\Katka\Application Data\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Katka\Application Data\FunWebProducts\Data (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Katka\Application Data\FunWebProducts\Data\Katka (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology (Trojan.BHO) -> No action taken.
C:\Documents and Settings\standard\Start Menu\Programs\WhenU (Adware.WhenU) -> No action taken.

Infikované soubory:
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\ADSTechnology.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\Uninstall.lnk (Trojan.BHO) -> No action taken.
C:\Documents and Settings\standard\Start Menu\Programs\WhenU\Customer Support.lnk (Adware.WhenU) -> No action taken.
C:\Documents and Settings\standard\Start Menu\Programs\WhenU\Learn More About WhenU Save.url (Adware.WhenU) -> No action taken.
C:\Documents and Settings\standard\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url (Adware.WhenU) -> No action taken.
C:\Documents and Settings\standard\Start Menu\Programs\WhenU\Uninstall Instructions.lnk (Adware.WhenU) -> No action taken.
C:\Documents and Settings\standard\Start Menu\Programs\WhenU\WhenU.com Website.url (Adware.WhenU) -> No action taken.

[ElHyno]

ComboFix 10-06-24.03 - standard 05.07.2010 11:19:11.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.1022.586 [GMT 2:00]
Spuštěný z: c:\documents and settings\standard\Desktop\ComboFix.exe.exe
AV: avast! antivirus 4.8.0 [VPS 091230-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-05 do 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-05 08:21 . 2010-07-05 08:21 -------- d-----w- c:\documents and settings\standard\Application Data\Malwarebytes
2010-07-05 08:21 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-05 08:21 . 2010-07-05 08:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-05 08:21 . 2010-07-05 08:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-05 08:21 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 08:00 . 2010-07-05 08:00 -------- d-----w- c:\program files\CCleaner
2010-06-23 11:26 . 2010-06-23 12:34 -------- d-----w- c:\program files\trend micro
2010-06-23 11:24 . 2009-11-24 22:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-23 11:24 . 2009-11-24 22:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-23 11:24 . 2009-11-24 22:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-23 11:24 . 2009-11-24 22:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-23 11:24 . 2009-11-24 22:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-23 11:24 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-23 11:24 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-23 11:24 . 2009-11-24 22:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-06-23 11:23 . 2009-11-24 22:54 1280480 ------w- c:\windows\system32\aswBoot.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-05 09:15 . 2010-07-05 09:13 7786 ----a-w- C:\UsbFix_Upload_Me_STANDARD.zip
2010-07-05 07:24 . 2008-03-29 19:58 -------- d-----w- c:\program files\LifeView DTV
2010-07-02 14:58 . 2007-02-08 17:03 -------- d-----w- c:\program files\Google
2010-07-02 14:57 . 2009-07-15 04:15 -------- d-----w- c:\program files\ICQ6Toolbar
2010-07-02 14:57 . 2010-01-16 14:35 -------- d-----w- c:\program files\Application Updater
2010-07-02 14:43 . 2008-07-24 17:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-02 14:43 . 2006-11-28 18:09 -------- d-----w- c:\program files\Symantec
2010-06-29 17:50 . 2010-03-26 17:03 439816 ----a-w- c:\documents and settings\standard\Application Data\Real\Update\setup3.10\setup.exe
2010-06-28 17:33 . 2007-06-19 13:06 -------- d-----w- c:\program files\Common Files\Macromedia
2010-06-26 13:51 . 2007-06-04 14:18 -------- d-----w- c:\documents and settings\standard\Application Data\ICQ
2010-06-17 19:12 . 2009-07-15 04:13 -------- d-----w- c:\program files\ICQ6.5
2010-05-13 07:14 . 2007-10-25 08:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-11 19:57 . 2006-12-24 21:03 -------- d-----w- c:\documents and settings\standard\Application Data\Skype
2010-04-14 07:12 . 2009-11-16 17:48 79488 ----a-w- c:\documents and settings\standard\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2006-05-03 10:06 . 2008-09-02 11:43 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-09-02 11:43 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-09 19:11 216064 --sh--r- c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]
"mRouterConfig"="c:\program files\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 290816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SMSERIAL"="sm56hlpr.exe" [2005-10-18 557056]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"mouseElf"="c:\progra~1\TWINTO~1\MouseElf.EXE" [2004-08-26 192512]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-28 98304]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"DTVRemote"="c:\program files\LifeView DTV\RemoteControl.exe" [2004-12-02 36864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-13 185896]
"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-11-08 528384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-18 113664]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-12-27 966756]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-05 14:36 140976 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\PES08\\Pro Evolution Soccer 2008\\PES2008.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QIP Infium\\infium.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9918:TCP"= 9918:TCP:BitComet 9918 TCP
"9918:UDP"= 9918:UDP:BitComet 9918 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.6.2010 13:24 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.6.2010 13:24 20560]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys [25.12.2006 16:40 6656]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [29.3.2008 21:49 660736]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5.7.2010 10:21 38224]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30.12.2006 16:11 682232]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - MBAMSWISSARMY
.
Obsah adresáře 'Naplánované úlohy'

2010-07-05 c:\windows\Tasks\Extended Warranty.job
- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]

2010-07-05 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]

2010-07-05 c:\windows\Tasks\User_Feed_Synchronization-{AD4007AC-1D73-4F72-AD10-FDAD23C6E17E}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uLocal Page =
uSearchMigratedDefaultUrl =
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
Trusted Zone: stahuj.cz
TCP: {660E2BC9-B746-41E8-A4F9-FADCFDB5BD55} = 85.255.115.18,85.255.112.220
FF - ProfilePath - c:\documents and settings\standard\Application Data\Mozilla\Firefox\Profiles\bwgedfj5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\documents and settings\standard\Application Data\Mozilla\Firefox\Profiles\bwgedfj5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\standard\Application Data\Mozilla\Firefox\Profiles\bwgedfj5.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - plugin: c:\documents and settings\standard\Application Data\Mozilla\Firefox\Profiles\bwgedfj5.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-05 11:19
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1132)
c:\windows\system32\Ati2evxx.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll

- - - - - - - > 'explorer.exe'(128)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-07-05 11:21:21
ComboFix-quarantined-files.txt 2010-07-05 09:21
ComboFix2.txt 2010-07-05 09:05

Před spuštěním: 159 962 787 840 bytes free
Po spuštění: 159 941 414 912 bytes free

- - End Of File - - 231F3E1CA2E83BD692889B543A0E8B31

[stell]

pisal som,,co najde malwarebytes vsetko daj zmazat.
(Adware.MyWebSearch) -> No action taken.
combofix skontrolujem,,,

[stell]

dobre..novy uplny skan Malwarebytes,,ak nieco najde daj ZMAZAT-programom malwarebytes a log vloz sem,,a napis ako sa chova pocitac.

[ElHyno]

Zkusil jsem to tedy podruhé a opět to nelze smazat, ukládání do karantény probíhá dlouho a nic se neděje.

[stell]

takto,,nieco zmazeme s OTM-ale pojdes do nudzoveho rezimu a spravis to tam,a v nudzovom rezime spravis este raz sken z Malwarebytes,,a zmaz vsetko co najde logy vloz sem,po tomto zakroku stratis pripojenie na internet,,preto musis nastavit internet takto

Jestliže nepoužíváte pevnou IP adresu, proxy atd., v sekci Start - Nastavení - Ovládací panely - Síťová připojení - Připojení k místní síti - Vlastnosti - Protokol sítě Internet (TCP/IP) - Vlastnosti zvolíme Získat adresu IP ze serveru DHCP automaticky a Získat adresu serveru DNS automaticky. V opačném případě zadáme do volných řádků nastavení od poskytovatele internetu.

Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem.

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\Documents and Settings\Katka\Application Data\FunWebProducts 
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology 
C:\Documents and Settings\standard\Start Menu\Programs\WhenU 
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology
C:\Documents and Settings\standard\Start Menu\Programs\WhenU

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{209078af-4ad3-49af-9920-5a1d95eef295}\]
"DhcpNameServer"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{660e2bc9-b746-41e8-a4f9-fadcfdb5bd55}\]
"DhcpNameServer"=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{660e2bc9-b746-41e8-a4f9-fadcfdb5bd55}\]
"NameServer"=""

 
:commands
[emptytemp]
[ClearAllRestorePoints]
[resethosts]
[start explorer]
[Reboot]

log vloz sem

malwarebytes ,,tiez v nudzovom rezime,co najde zmazat a log vloz sem.

[ElHyno]

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Documents and Settings\Katka\Application Data\FunWebProducts\Data\Katka folder moved successfully.
C:\Documents and Settings\Katka\Application Data\FunWebProducts\Data folder moved successfully.
C:\Documents and Settings\Katka\Application Data\FunWebProducts folder moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology folder moved successfully.
C:\Documents and Settings\standard\Start Menu\Programs\WhenU folder moved successfully.
File/Folder C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology not found.
File/Folder C:\Documents and Settings\standard\Start Menu\Programs\WhenU not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{209078af-4ad3-49af-9920-5a1d95eef295}\\\"DhcpNameServer"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{660e2bc9-b746-41e8-a4f9-fadcfdb5bd55}\\\"DhcpNameServer"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{660e2bc9-b746-41e8-a4f9-fadcfdb5bd55}\\\"NameServer"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Katka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: standard
->Temp folder emptied: 989093 bytes
->Temporary Internet Files folder emptied: 5575649 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3457766 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 10,00 mb


Restore points cleared and new OTM Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.12.2 log created on 07062010_124504

[ElHyno]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6.7.2010 13:02:49
mbam-log-2010-07-06 (13-02-49).txt

Typ skenu: Rychlý sken
Skenované objekty: 135670
Uplynulý čas: 5 minuta(y), 29 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 63
Infikované hodnoty registru: 1
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{209078af-4ad3-49af-9920-5a1d95eef295}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.220 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{660e2bc9-b746-41e8-a4f9-fadcfdb5bd55}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.220 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{660e2bc9-b746-41e8-a4f9-fadcfdb5bd55}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.18,85.255.112.220 -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[stell]

combofix je uz po zaruke,,
REŽIM S OMEZENOU FUNKČNOSTÍ -
takze odinstaluj-start-spustit-skopiruj do okna prikaz combofix /uninstall


Pravdepodobne pouzivas ROUTER-ak ano treba spravit Router-reset-a znova nastavit a za heslovat.-nakolko trojan DNS-changer stale sa vracia spat.

po resete-a nastaveni-znova spust script pre OTM-log -z OTM-uz nemusis sem dat.
Znova spust Malwarebytes-zmazat vsetko-log vloz sem.
a spust combofix log vloz sem.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[ElHyno]

Přeinstaloval jsem tedy rouater, udělal OMT, tady log z Malwarebytes


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6.7.2010 17:39:52
mbam-log-2010-07-06 (17-39-52).txt

Typ skenu: Rychlý sken
Skenované objekty: 137801
Uplynulý čas: 6 minuta(y), 19 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)