viry worms

Zpráva

#46 Příspěvek od **stell** » 10 dub 2010 20:43

tam ani nehladaj zlozky,jednoducho najdi v zozname nazov programu a klikni nan a potom klikni na odinstalovat.

Vista
pravy klik na gombik start-vlastnosti-a zafajkni RUN-spustit-klik ok,a terz uz tam budes mat okno spustit.

Aneta87 · #47 Příspěvek od **Aneta87** » 10 dub 2010 20:49

C:\Program Files\AskBarDis - tohle porad nemůzu najit. ten druhy program je uz smazan

#48 Příspěvek od **stell** » 10 dub 2010 20:51

ok,nechaj to tak a spust USBFIX a malwarebytes.

Aneta87 · #49 Příspěvek od **Aneta87** » 10 dub 2010 21:23

na 90% proskenovanych souboru se usbfix nejak zasekl. mam to dat znovu?

#50 Příspěvek od **stell** » 10 dub 2010 21:53

nie spust malwarebytes.

#51 Příspěvek od **stell** » 10 dub 2010 21:55

takto spust malwarebytes co najde daj zmazat-log vloz sem,potom spust combofix-log vloz sem,,ja dnes koncim ,,zajtra na logy pozriem sa.

Aneta87 · #52 Příspěvek od **Aneta87** » 10 dub 2010 23:50

alwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3975

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11.4.2010 0:48:27
mbam-log-2010-04-11 (00-48-27).txt

Typ skenu: Úplný sken (C:\|D:\|F:\|G:\|H:\|)
Skenované objekty: 334853
Uplynulý čas: 1 hodina(y), 40 minuta(y), 17 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 2
Infikované složky: 32
Infikované soubory: 136

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
C:\Program Files\Advantage (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Hruskova\Nabídka Start\Programy\System Security (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Application Data\1699023281 (Rogue.SecurityTool) -> No action taken.

Infikované soubory:
C:\Documents and Settings\Hruskova\Plocha\SmileyCentralSetup2.3.50.22.ZSman000.exe (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\mwsoemon.exe.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\mwsoestb.dll.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\mwssvc.exe.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5E9EA21A-7001-423B-8587-AECA82DC960E}\RP195\A0026287.exe (Trojan.Palevo.Gen.B3) -> No action taken.
C:\System Volume Information\_restore{5E9EA21A-7001-423B-8587-AECA82DC960E}\RP195\A0026772.exe (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\178.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\3388695.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\52876.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\679.exe.UsbFix (Trojan.Palevo.Gen.B3) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\738.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\755.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk31\KB956572\SP3QFE\wmiprvse.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\wmiprvse.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\sysinfo.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\help.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\openfiles.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\rundll32.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\178.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\3388695.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\52876.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\679.exe.UsbFix (Trojan.Palevo.Gen.B3) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\738.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\755.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\Program Files\Advantage\AdVantage.db (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\AdVantage.htm (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\AdVantageupdate.exe (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\user.db (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> No action taken.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00364426.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\f3reprox.dll.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00224197.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\003CBCB4 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\003CCE19.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\003CD07B.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\003CDDD9.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\003CE088.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\008A6542.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\008A6B8C.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\008B0403.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\008B05A9.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00C88ABE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\012E7FB2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\02096599.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Hruskova\Nabídka Start\Programy\System Security\System Security.lnk (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Application Data\1699023281\init.udb (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\All Users\Application Data\1699023281\Langs.udb (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Hruskova\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS.0\system32\secupdat.dat (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Hruškovi.HRU-B98B4D53D62\secupdat.dat (Worm.Autorun) -> No action taken.

Aneta87 · #53 Příspěvek od **Aneta87** » 10 dub 2010 23:51

alwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org

Verze databáze: 3975

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11.4.2010 0:48:27
mbam-log-2010-04-11 (00-48-27).txt

Typ skenu: Úplný sken (C:\|D:\|F:\|G:\|H:\|)
Skenované objekty: 334853
Uplynulý čas: 1 hodina(y), 40 minuta(y), 17 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 2
Infikované složky: 32
Infikované soubory: 136

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
C:\Program Files\Advantage (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\3.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\4.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Hruskova\Nabídka Start\Programy\System Security (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Application Data\1699023281 (Rogue.SecurityTool) -> No action taken.

Infikované soubory:
C:\Documents and Settings\Hruskova\Plocha\SmileyCentralSetup2.3.50.22.ZSman000.exe (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\mwsoemon.exe.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\mwsoestb.dll.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\mwssvc.exe.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\System Volume Information\_restore{5E9EA21A-7001-423B-8587-AECA82DC960E}\RP195\A0026287.exe (Trojan.Palevo.Gen.B3) -> No action taken.
C:\System Volume Information\_restore{5E9EA21A-7001-423B-8587-AECA82DC960E}\RP195\A0026772.exe (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\178.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\3388695.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\52876.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\679.exe.UsbFix (Trojan.Palevo.Gen.B3) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\738.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\755.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk31\KB956572\SP3QFE\wmiprvse.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\wmiprvse.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\sysinfo.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\help.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\openfiles.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\rundll32.exe (Worm.Autorun.B) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\178.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\3388695.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\52876.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\679.exe.UsbFix (Trojan.Palevo.Gen.B3) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\738.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\UsbFix\UsbFix_Upload_Me\755.exe.UsbFix (Trojan.Agent) -> No action taken.
C:\Program Files\Advantage\AdVantage.db (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\AdVantage.htm (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\AdVantageupdate.exe (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\user.db (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> No action taken.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> No action taken.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00364426.urr (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\f3reprox.dll.vir (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00224197.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\003CBCB4 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\003CCE19.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\003CD07B.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\003CDDD9.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\003CE088.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\008A6542.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\008A6B8C.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\008B0403.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\008B05A9.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\00C88ABE (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\012E7FB2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\02096599.bin (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Hruskova\Nabídka Start\Programy\System Security\System Security.lnk (Rogue.SystemSecurity) -> No action taken.
C:\Documents and Settings\All Users\Application Data\1699023281\init.udb (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\All Users\Application Data\1699023281\Langs.udb (Rogue.SecurityTool) -> No action taken.
C:\Documents and Settings\Hruskova\Data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS.0\system32\secupdat.dat (Backdoor.Bot) -> No action taken.
C:\Documents and Settings\Hruškovi.HRU-B98B4D53D62\secupdat.dat (Worm.Autorun) -> No action taken.

Aneta87 · #54 Příspěvek od **Aneta87** » 10 dub 2010 23:52

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3975

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

11.4.2010 0:51:05
mbam-log-2010-04-11 (00-51-05).txt

Typ skenu: Úplný sken (C:\|D:\|F:\|G:\|H:\|)
Skenované objekty: 334853
Uplynulý čas: 1 hodina(y), 40 minuta(y), 17 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 1
Infikované datové položky registru: 2
Infikované složky: 32
Infikované soubory: 136

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302} (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hruskova\Nabídka Start\Programy\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\1699023281 (Rogue.SecurityTool) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Documents and Settings\Hruskova\Plocha\SmileyCentralSetup2.3.50.22.ZSman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\mwsoemon.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\mwsoestb.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\mwssvc.exe.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\System Volume Information\_restore{5E9EA21A-7001-423B-8587-AECA82DC960E}\RP195\A0026287.exe (Trojan.Palevo.Gen.B3) -> Delete on reboot.
C:\System Volume Information\_restore{5E9EA21A-7001-423B-8587-AECA82DC960E}\RP195\A0026772.exe (Trojan.Agent) -> Delete on reboot.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\178.exe.UsbFix (Trojan.Agent) -> Delete on reboot.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\3388695.exe.UsbFix (Trojan.Agent) -> Delete on reboot.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\52876.exe.UsbFix (Trojan.Agent) -> Delete on reboot.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\679.exe.UsbFix (Trojan.Palevo.Gen.B3) -> Delete on reboot.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\738.exe.UsbFix (Trojan.Agent) -> Delete on reboot.
C:\UsbFix\Quarantine\C\Documents and Settings\Hruškovi.HRU-B98B4D53D62\LOCALS~1\Temp\755.exe.UsbFix (Trojan.Agent) -> Delete on reboot.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk31\KB956572\SP3QFE\wmiprvse.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\wmiprvse.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\sysinfo.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\help.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\openfiles.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\UsbFix\Quarantine\C\RECYCLER\S-1-5-21-343818398-823518204-725345543-1003.UsbFix\Dk32\rundll32.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\UsbFix\UsbFix_Upload_Me\178.exe.UsbFix (Trojan.Agent) -> Delete on reboot.
C:\UsbFix\UsbFix_Upload_Me\3388695.exe.UsbFix (Trojan.Agent) -> Delete on reboot.
C:\UsbFix\UsbFix_Upload_Me\52876.exe.UsbFix (Trojan.Agent) -> Delete on reboot.
C:\UsbFix\UsbFix_Upload_Me\679.exe.UsbFix (Trojan.Palevo.Gen.B3) -> Delete on reboot.
C:\UsbFix\UsbFix_Upload_Me\738.exe.UsbFix (Trojan.Agent) -> Delete on reboot.
C:\UsbFix\UsbFix_Upload_Me\755.exe.UsbFix (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Advantage\AdVantage.db (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\AdVantage.htm (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\AdVantageupdate.exe (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\user.db (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images\00364426.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\f3reprox.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00224197.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003CBCB4 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003CCE19.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003CD07B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003CDDD9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003CE088.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008A6542.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008A6B8C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008B0403.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008B05A9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00C88ABE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\012E7FB2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\02096599.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hruskova\Nabídka Start\Programy\System Security\System Security.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\1699023281\init.udb (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\1699023281\Langs.udb (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hruskova\Data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS.0\system32\secupdat.dat (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Hruškovi.HRU-B98B4D53D62\secupdat.dat (Worm.Autorun) -> Quarantined and deleted successfully.

#55 Příspěvek od **stell** » 11 dub 2010 08:32

ok,
este combofix.

Aneta87 · #56 Příspěvek od **Aneta87** » 11 dub 2010 09:08

ComboFix 10-04-09.06 - Hruškovi 11.04.2010 9:48.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.611 [GMT 2:00]
Spuštěný z: c:\documents and settings\Hruškovi.HRU-B98B4D53D62\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100410-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Hruškovi.HRU-B98B4D53D62\Data aplikací\yrpv.exe
c:\program files\Internet Explorer\SET4B.tmp
c:\program files\Internet Explorer\SET50.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-11 do 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-10 20:39 . 2010-03-29 22:46 38224 ----a-w- c:\windows.0\system32\drivers\mbamswissarmy.sys
2010-04-10 20:39 . 2010-04-10 20:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-10 20:39 . 2010-03-29 22:45 20824 ----a-w- c:\windows.0\system32\drivers\mbam.sys
2010-04-10 19:52 . 2010-04-10 20:35 -------- d-----w- C:\UsbFix
2010-04-10 19:13 . 2010-04-10 19:14 -------- d-----w- C:\rsit
2010-04-10 19:13 . 2010-04-10 19:13 -------- d-----w- c:\program files\trend micro
2010-04-07 20:57 . 2010-04-07 20:57 -------- d-----w- c:\program files\Traction Software
2010-04-03 15:50 . 2010-04-03 15:50 151552 --sh--r- c:\windows.0\Windows3.exe
2010-03-21 18:22 . 2010-02-12 10:03 293376 ------w- c:\windows.0\system32\browserchoice.exe
2010-03-14 20:49 . 2010-03-14 20:49 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-14 20:48 . 2010-03-14 21:28 -------- d-----w- c:\windows.0\system32\drivers\UMDF
2010-03-14 20:48 . 2010-03-14 20:48 -------- d-----w- c:\windows.0\system32\LogFiles
2010-03-14 20:33 . 2010-03-14 20:42 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-03-14 20:31 . 2010-03-14 20:31 -------- d-----w- c:\program files\Philips
2010-03-14 20:31 . 2010-03-14 20:46 -------- d-----w- C:\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 19:40 . 2006-03-02 11:00 83652 ----a-w- c:\windows.0\system32\perfc005.dat
2010-04-10 19:40 . 2006-03-02 11:00 440316 ----a-w- c:\windows.0\system32\perfh005.dat
2010-04-07 20:57 . 2004-12-30 11:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-06 12:06 . 2010-03-06 11:23 104283 ----a-w- c:\windows.0\hpoins04.dat
2010-02-27 20:17 . 2010-02-27 20:16 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-27 20:17 . 2010-02-27 20:17 691696 ----a-w- c:\windows.0\system32\drivers\sptd.sys
2010-02-27 20:01 . 2010-02-27 20:01 108144 ----a-w- c:\windows.0\system32\CmdLineExt.dll
2010-02-27 19:06 . 2007-11-16 18:19 -------- d-----w- c:\program files\Google
2010-02-27 18:58 . 2010-02-27 18:58 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-02-27 18:58 . 2010-02-27 18:58 -------- d-----w- c:\program files\USB TV
2010-02-27 18:09 . 2004-12-30 12:34 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-02-27 18:02 . 2010-02-27 18:02 -------- d-----w- c:\program files\Common Files\STORMWARE Shared
2010-02-27 17:51 . 2009-09-28 18:06 -------- d-----w- c:\program files\Winamp
2010-02-27 17:44 . 2009-09-28 17:25 -------- d-----w- c:\program files\IrfanView
2010-02-27 17:18 . 2010-02-27 17:18 -------- d-----w- c:\program files\Vimicro
2010-02-27 16:40 . 2010-02-27 16:40 -------- d-----w- c:\program files\Alwil Software
2010-02-27 16:36 . 2004-12-30 12:34 -------- d-----w- c:\program files\ACD Systems
2010-02-27 16:04 . 2010-02-27 15:52 -------- d-----w- c:\program files\Your Uninstaller
2010-02-25 06:18 . 2006-03-02 11:00 916480 ----a-w- c:\windows.0\system32\wininet.dll
2010-02-04 09:01 . 2010-02-27 19:40 74072 ----a-w- c:\windows.0\system32\XAPOFX1_4.dll
2010-02-04 09:01 . 2010-02-27 19:40 528216 ----a-w- c:\windows.0\system32\XAudio2_6.dll
2010-02-04 09:01 . 2010-02-27 19:40 238936 ----a-w- c:\windows.0\system32\xactengine3_6.dll
2010-02-04 09:01 . 2010-02-27 19:40 22360 ----a-w- c:\windows.0\system32\X3DAudio1_7.dll
2005-10-01 20:37 . 2005-10-01 20:37 21893536 ----a-w- c:\program files\AdbeRdr70_cze_full.exe
2005-10-01 19:54 . 2005-10-01 19:54 12139928 ----a-w- c:\program files\AdbeRdr60_cze.exe
.

------- Sigcheck -------

[-] 2008-04-14 . 56A6034E7764E23D9114223EB3523925 . 1571840 . . [5.1.2600.5512] . . c:\windows.0\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\sfcfiles.dll
[-] 2007-11-15 . 6C19977562424D6FF61CFCA59B6B67D6 . 1548288 . . [5.1.2600.2180] . . c:\windows.0\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"Ptipbmf"="ptipbmf.dll" [2003-06-05 118784]
"RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2009-10-04 589824]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"BigDog305"="c:\windows.0\VM305_STI.EXE" [2007-04-09 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows.0\system32\CTFMON.EXE" [2006-03-02 15360]

c:\documents and settings\All Users.WINDOWS.0\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-2-27 81997]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-3-14 1701224]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-29 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2006-03-02 11:00 15360 ------w- c:\windows.0\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=

R1 aswSP;avast! Self Protection;c:\windows.0\system32\drivers\aswSP.sys [27.2.2010 18:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows.0\system32\drivers\aswFsBlk.sys [27.2.2010 18:41 20560]
S0 sptd;sptd;c:\windows.0\system32\drivers\sptd.sys [27.2.2010 22:17 691696]
S3 eylhgqno;eylhgqno;\??\c:\windows.0\System32\Drivers\eylhgqno.sys --> c:\windows.0\System32\Drivers\eylhgqno.sys [?]
S3 otigsizt;otigsizt;\??\c:\windows.0\System32\Drivers\otigsizt.sys --> c:\windows.0\System32\Drivers\otigsizt.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 xldzdmvz;xldzdmvz;\??\c:\windows.0\System32\Drivers\xldzdmvz.sys --> c:\windows.0\System32\Drivers\xldzdmvz.sys [?]
S3 ZSMC0305;A4 TECH PC Camera V;c:\windows.0\system32\drivers\usbVM305.sys [27.2.2010 19:19 391688]
.
.
------- Doplňkový sken -------
.
uSearchAssistant = hxxp://www.google.com/ie
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Hruškovi.HRU-B98B4D53D62\Data aplikací\Mozilla\Firefox\Profiles\rio1y4o0.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows.0\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar1.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar1.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 09:53
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows.0\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)?????????????????0?????????@??????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows.0\system32\COMRes.dll
.
Celkový čas: 2010-04-11 09:58:33
ComboFix-quarantined-files.txt 2010-04-11 07:58

Před spuštěním: 2 009 456 640
Po spuštění: 2 562 260 992

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS.0="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
rem multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

- - End Of File - - F76A49D96EA76C15DB27800E83FFC975

#57 Příspěvek od **motji** » 11 dub 2010 14:12

Stell, log se řeší zde http://www.viry.cz/forum/viewtopic.php?f=13&t=99961

#58 Příspěvek od **stell** » 11 dub 2010 19:02

VIRY.CZ

viry worms

Re: viry worms

Re: viry worms

Re: viry worms

Re: viry worms

Re: viry worms

Re: viry worms

Re: viry worms

Re: viry worms

Re: viry worms

Re: viry worms

Re: viry worms

Re: viry worms

Re: viry worms