VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevírá IE

https://forum.viry.cz:443/viewtopic.php?t=100139

Stránka 1 z 2

log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevírá IE

Napsal: 16 dub 2010 07:45
od gropa
Mám problém že všechny soubory lnk mi otvírá explorer. Asi nějaká havěŤ. Projel jsem AVG 9 free MBAM a Spybot a odstranil co našlo ale přetrvává to. COMBOFIX se sekne. AVG je teď odinstalované (kvůli combofixu ale stejně nepomohlo) Díky moc Ondřej

Windows Vista SP 1 (build 6001)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v7.00.6000.16386 (vista_rtm.061101-2205)
Log vygenerován: 16.4.2010 8:33:37
================================================================

Běžící procesy
================================================================

(rootkit?) audiodg.exe
C:\WINDOWS\SYSTEM32\AEADISRV.EXE
C:\WINDOWS\SYSTEM32\AGRSMSVC.EXE
C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\ANALOG DEVICES\CORE\SMAX4PNP.EXE

Scanner
================================================================
[S] audiodg.exe
Proces se nepodařilo otevřít
ROOTKIT? Skrytá cesta
Spouští se po startu HKLM Run [IgfxTray]
Nelze otevřít

[S] SLsvc.exe
EntryPoint v sekci: .TEXT
|_ Celkový počet sekcí: 5

[?] AEADISRV.EXE
Non Microsoft v System32:
Nemá okno

[?] agrsmsvc.exe
Non Microsoft v System32:
Nemá okno

[?] LSSrvc.exe
Nemá okno
Soubor 7%

[R] pdfsvc.exe
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8

[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]

[R] igfxtray.exe
Spouští se po startu HKLM Run [IgfxTray]

[R] hkcmd.exe
Spouští se po startu HKLM Run [HotKeysCmds]

[R] igfxpers.exe
Spouští se po startu HKLM Run [Persistence]

[?] smax4pnp.exe
Spouští se po startu HKLM Run [SoundMAXPnP]

[R] IAAnotif.exe
Spouští se po startu HKLM Run [IAAnotif]

[R] pdfsty.exe
Spouští se po startu HKLM Run [PDF Complete]
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8

[R] SynTPEnh.exe
Spouští se po startu HKLM Run [SynTPEnh]

[S] rundll32.exe
Spouští se po startu HKLM IC [{89B4C1CD-B018-4511-B0A1-5476DBF70820}]


Po spuštění
================================================================

HKLM Run
|_ [?][SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
|_ [R][Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /runcleanupscript

HKLM ShellServiceObjectDelayLoad
|_ [X][WebCheck] (Soubor nenalezen)

HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

HKLM Winlogon Notify
|_ [?][igfxcui] C:\windows\system32\igfxdev.dll


HKLM BHO
|_ [X][{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] C:\Program Files\AVG\AVG9\avgssie.dll (Soubor nenalezen)

HKCU IE WebBrowser Toolbar
|_ [X][{DE9C389F-3316-41A7-809B-AA305ED9D922}] (Soubor nenalezen)
|_ [X][{F2CF5485-4E02-4F68-819C-B92DE9277049}] (Soubor nenalezen)
|_ [X][{D4027C7F-154A-4066-A1AD-4243D8127440}] (Soubor nenalezen)
|_ [X][{EEE6C35B-6118-11DC-9C72-001320C79847}] (Soubor nenalezen)

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Andrea ADI Filters Service
|_ Cesta: C:\windows\system32\AEADISRV.EXE
| |_ Výrobce: Andrea Electronics Corporation
| |_ Popis: Andrea filters APO access service (32-bit)
| |_ MD5: 12D23758621B00B8D3134095EC3325FD
|
|_ Jméno: AEADIFilters
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Agere Modem Call Progress Audio
|_ Cesta: C:\Windows\system32\agrsmsvc.exe
| |_ Výrobce: Agere Systems
| |_ Popis: Agere Soft Modem Call Progress Service
| |_ MD5: 8ED60797908FD394EEE0D6949F493224
|
|_ Jméno: AgereModemAudio
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[X] Služba Google Update (gupdate1ca5a45dfb31a7)
|_ Cesta: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: gupdate1ca5a45dfb31a7
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS

[?] LightScribeService Direct Disc Labeling Service
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
| |_ Výrobce: Hewlett-Packard Company
| |_ Popis: LightScribe Service
| |_ MD5: C215E09622118383B236DD56C2065183
|
|_ Jméno: LightScribeService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Net Driver HPZ12
|_ Cesta: C:\windows\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 3794B461C45882E06856F282EEF025AF
|
|_ ServiceDLL: C:\Windows\system32\HPZinw12.dll
| |_ Výrobce: Hewlett-Packard
| |_ Popis: Dot4Net Module
| |_ MD5: 51C6D8BFBD4EA5B62A1BA7F4469250D3
|
|_ Jméno: Net Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Pml Driver HPZ12
|_ Cesta: C:\windows\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 3794B461C45882E06856F282EEF025AF
|
|_ ServiceDLL: C:\Windows\system32\HPZipm12.dll
| |_ Výrobce: Hewlett-Packard
| |_ Popis: PmlDrv Module
| |_ MD5: 79834AA2FBF9FE81EEBB229024F6F7FC
|
|_ Jméno: Pml Driver HPZ12
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:


Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] ADI UAA Function Driver for High Definition Audio Service
|_ Cesta: C:\windows\system32\drivers\ADIHdAud.sys
| |_ Výrobce: Analog Devices, Inc.
| |_ Popis: High Definition Audio Function Driver
| |_ MD5: FB9ECE3F7B8A03E474E611031AD4CD23
|
|_ Jméno: ADIHdAudAddService
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Agere Systems Soft Modem
|_ Cesta: C:\windows\system32\DRIVERS\AGRSM.sys
| |_ Výrobce: Agere Systems
| |_ Popis: SoftModem Device Driver
| |_ MD5: 38325C6AA8EAE011897D61CE48EC6435
|
|_ Jméno: AgereSoftModem
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] HBtnKey
|_ Cesta: C:\windows\system32\DRIVERS\cpqbttn.sys
| |_ Výrobce: Hewlett-Packard Development Company, L.P.
| |_ Popis: HP Tablet PC Key Button HID Driver
| |_ MD5: DE15777902A5D9121857D155873A1D1B
|
|_ Jméno: HBtnKey
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] HpqKbFilter Driver
|_ Cesta: C:\windows\system32\DRIVERS\HpqKbFiltr.sys
| |_ Výrobce: Hewlett-Packard Development Company, L.P.
| |_ Popis: HpqKbFiltr Keyboard Filter Driver
| |_ MD5: 35956140E686D53BF676CF0C778880FC
|
|_ Jméno: HpqKbFiltr
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] igfx
|_ Cesta: C:\windows\system32\DRIVERS\igdkmd32.sys
| |_ Výrobce: Intel Corporation
| |_ Popis: Intel Graphics Kernel Mode Driver
| |_ MD5: 9378D57E2B96C0A185D844770AD49948
|
|_ Jméno: igfx
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:


Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] hpu5pm.dll
|_ Cesta: C:\Windows\System32\hpu5pm.DLL
|_ MD5: 0393D3A8BDB4D9865AC9127B1F971FEF
|_ Výrobce: Hewlett-Packard
|_ Procesy
|_ spoolsv.exe (1704)

[?] hpu5pmw.dll
|_ Cesta: C:\Windows\System32\hpu5pmw.dll
|_ MD5: 4A725E915B7DFE20E5D99035473D629D
|_ Výrobce: Hewlett-Packard
|_ Procesy
|_ spoolsv.exe (1704)

[?] hpzpp073.dll
|_ Cesta: C:\Windows\System32\spool\prtprocs\w32x86\hpzpp073.dll
|_ MD5: 59D57604C9FA2CA57773657010D0C3EA
|_ Výrobce: Hewlett-Packard Corporation
|_ Procesy
|_ spoolsv.exe (1704)

[?] isdi.dll
|_ Cesta: C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
|_ MD5: 974EE55B9A17D606A783ADD021AA65AD
|_ Výrobce: Intel Corporation
|_ Procesy
|_ IAANTmon.exe (900)
|_ IAAnotif.exe (2796)

[?] lssproxy.dll
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSSProxy.dll
|_ MD5: D942F41C920EF342BCA4800036A4E1FE
|_ Výrobce: Hewlett-Packard Company
|_ Procesy
|_ LSSrvc.exe (1552)

[?] lslog.dll
|_ Cesta: C:\Program Files\Common Files\LightScribe\LSLog.dll
|_ MD5: F5054C87E1035F7ECE54B4BA7D32251F
|_ Výrobce: Hewlett-Packard Company
|_ Procesy
|_ LSSrvc.exe (1552)

[?] rpcnet.dll
|_ Cesta: C:\Windows\System32\rpcnet.dll
|_ MD5: 2F4158CFE7801A73BEAA7E8A9DFCAD26
|_ Výrobce: Absolute Software Corp.
|_ Procesy
|_ rpcnet.exe (2056)

[?] unlockercom.dll
|_ Cesta: C:\Program Files\Unlocker\UnlockerCOM.dll
|_ MD5: 1CAD1A64B2633B496F65CD4F8553CD5D
|_ Výrobce:
|_ Procesy
|_ explorer.exe (2532)

[X] rarlng.dll
|_ Cesta: C:\Program Files\WinRAR\rarlng.dll
|_ MD5: 82C6E0E74EB68B7A7C0C4B41631F16D2
|_ Výrobce:
|_ Procesy
|_ explorer.exe (2532)

[?] btncopy.dll
|_ Cesta: C:\Windows\System32\BTNCopy.dll
|_ MD5: 8B53725014C4E32B8B9AD6E4106B117E
|_ Výrobce: Broadcom Corporation.
|_ Procesy
|_ explorer.exe (2532)



================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]










Logfile of random's system information tool 1.06 (written by random/random)
Run by Ja at 2010-04-16 08:36:32
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 87 GB (61%) free of 143 GB
Total RAM: 2039 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:42, on 16.4.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\rundll32.exe
C:\windows\system32\conime.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Ja\Desktop\RSIT.exe
F:\install\HijackThis\Ja.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Služba Google Update (gupdate1ca5a45dfb31a7) (gupdate1ca5a45dfb31a7) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\system32\rpcnet.exe

--
End of file - 5459 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-24 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-05-22 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-05-22 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-05-22 133656]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-02-21 1183744]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2007-05-08 331552]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-04-21 197904]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-30 1086856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b45b36e0-1ac5-11df-9580-002186c2aa34}]
shell\Setup\command - F:\setup.exe


======List of files/folders created in the last 1 months======

2010-04-16 08:36:32 ----D---- C:\rsit
2010-04-16 08:32:25 ----D---- C:\Program Files\Ultimate Process Manager
2010-04-16 08:19:58 ----SD---- C:\ComboFix
2010-04-16 08:19:42 ----A---- C:\windows\SWXCACLS.exe
2010-04-15 22:10:49 ----D---- C:\windows\Minidump
2010-04-15 22:03:18 ----A---- C:\windows\ntbtlog.txt
2010-04-15 21:18:10 ----A---- C:\windows\zip.exe
2010-04-15 21:18:10 ----A---- C:\windows\SWSC.exe
2010-04-15 21:18:10 ----A---- C:\windows\SWREG.exe
2010-04-15 21:18:10 ----A---- C:\windows\sed.exe
2010-04-15 21:18:10 ----A---- C:\windows\PEV.exe
2010-04-15 21:18:10 ----A---- C:\windows\NIRCMD.exe
2010-04-15 21:18:10 ----A---- C:\windows\MBR.exe
2010-04-15 21:18:10 ----A---- C:\windows\grep.exe
2010-04-15 21:18:04 ----D---- C:\windows\ERDNT
2010-04-15 21:13:22 ----D---- C:\Qoobox
2010-04-15 20:02:30 ----SHD---- C:\Config.Msi
2010-04-15 14:38:59 ----D---- C:\windows\pss
2010-04-15 14:37:16 ----D---- C:\Users\Ja\AppData\Roaming\Malwarebytes
2010-04-15 14:37:05 ----D---- C:\ProgramData\Malwarebytes
2010-04-15 14:37:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-15 14:35:31 ----D---- C:\Program Files\Wise Registry Cleaner
2010-04-15 12:26:55 ----A---- C:\windows\system32\ntkrnlpa.exe
2010-04-15 12:26:54 ----A---- C:\windows\system32\ntoskrnl.exe
2010-04-15 12:26:32 ----A---- C:\windows\system32\vbscript.dll
2010-04-15 12:26:13 ----A---- C:\windows\system32\iphlpsvc.dll
2010-04-15 12:25:36 ----A---- C:\windows\system32\wintrust.dll
2010-04-15 12:25:29 ----A---- C:\windows\system32\cabview.dll
2010-04-11 13:12:12 ----D---- C:\Program Files\VirtualDJ
2010-04-11 12:50:08 ----D---- C:\Program Files\Loop Recorder
2010-04-11 12:50:06 ----A---- C:\windows\system32\W95Inf32.DLL
2010-04-11 12:50:06 ----A---- C:\windows\system32\W95Inf16.DLL
2010-04-08 14:25:11 ----A---- C:\windows\system32\browserchoice.exe
2010-03-31 08:11:29 ----A---- C:\windows\system32\occache.dll
2010-03-31 08:11:29 ----A---- C:\windows\system32\mshtml.dll
2010-03-31 08:11:28 ----A---- C:\windows\system32\wininet.dll
2010-03-31 08:11:28 ----A---- C:\windows\system32\urlmon.dll
2010-03-31 08:11:28 ----A---- C:\windows\system32\ieframe.dll
2010-03-31 08:11:27 ----A---- C:\windows\system32\ieapfltr.dll
2010-03-31 08:11:26 ----A---- C:\windows\system32\mstime.dll
2010-03-31 08:11:26 ----A---- C:\windows\system32\mshtmled.dll
2010-03-31 08:11:26 ----A---- C:\windows\system32\msfeeds.dll
2010-03-31 08:11:26 ----A---- C:\windows\system32\ieUnatt.exe
2010-03-31 08:11:26 ----A---- C:\windows\system32\iertutil.dll
2010-03-31 08:11:26 ----A---- C:\windows\system32\iepeers.dll
2010-03-31 08:11:26 ----A---- C:\windows\system32\iedkcs32.dll
2010-03-31 08:11:26 ----A---- C:\windows\system32\ieaksie.dll
2010-03-31 08:11:25 ----A---- C:\windows\system32\jsproxy.dll
2010-03-31 08:11:25 ----A---- C:\windows\system32\ieencode.dll

======List of files/folders modified in the last 1 months======

2010-04-16 08:36:35 ----D---- C:\windows\Temp
2010-04-16 08:33:01 ----D---- C:\windows\System32
2010-04-16 08:33:01 ----D---- C:\windows\inf
2010-04-16 08:33:01 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-04-16 08:32:25 ----RD---- C:\Program Files
2010-04-16 08:24:36 ----D---- C:\windows\system32\catroot2
2010-04-16 08:23:17 ----A---- C:\windows\system32\rpcnetp.exe
2010-04-16 08:23:14 ----A---- C:\windows\system32\rpcnetp.dll
2010-04-16 08:23:14 ----A---- C:\windows\system32\rpcnet.dll
2010-04-16 08:21:03 ----D---- C:\windows\system32\drivers
2010-04-16 08:04:22 ----D---- C:\Windows
2010-04-16 07:36:27 ----SHD---- C:\System Volume Information
2010-04-15 22:28:13 ----SD---- C:\windows\Downloaded Program Files
2010-04-15 21:57:32 ----D---- C:\windows\system32\LogFiles
2010-04-15 21:57:32 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-04-15 21:28:23 ----SD---- C:\Users\Ja\AppData\Roaming\Microsoft
2010-04-15 21:28:19 ----HD---- C:\ProgramData
2010-04-15 21:18:26 ----D---- C:\windows\Prefetch
2010-04-15 21:04:03 ----D---- C:\Program Files\Mozilla Firefox
2010-04-15 20:31:11 ----D---- C:\windows\L2Schemas
2010-04-15 20:10:51 ----D---- C:\windows\Debug
2010-04-15 20:06:07 ----SHD---- C:\windows\Installer
2010-04-15 20:05:18 ----D---- C:\Program Files\Winamp
2010-04-15 20:04:33 ----D---- C:\ProgramData\Norton
2010-04-15 20:04:33 ----D---- C:\Program Files\Norton Security Scan
2010-04-15 20:04:25 ----D---- C:\windows\Tasks
2010-04-15 18:01:23 ----D---- C:\Program Files\Stylish Profile
2010-04-15 15:46:15 ----D---- C:\Program Files\WinRAR
2010-04-15 15:25:37 ----D---- C:\windows\winsxs
2010-04-15 15:18:17 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-04-15 15:14:50 ----D---- C:\windows\system32\catroot
2010-04-15 15:12:02 ----D---- C:\Program Files\Windows Mail
2010-04-15 15:01:01 ----D---- C:\Users\Ja\AppData\Roaming\Skype
2010-04-15 14:51:37 ----RSD---- C:\windows\Fonts
2010-04-15 14:46:42 ----D---- C:\Program Files\AVG
2010-04-15 14:46:16 ----D---- C:\Program Files\Common Files\microsoft shared
2010-04-11 21:27:13 ----D---- C:\Users\Ja\AppData\Roaming\ICQ
2010-04-09 16:48:34 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-04-08 20:27:05 ----D---- C:\Users\Ja\AppData\Roaming\dvdcss
2010-04-06 19:52:54 ----A---- C:\windows\system32\mrt.exe
2010-04-01 09:05:57 ----D---- C:\Program Files\Internet Explorer
2010-03-31 16:10:44 ----D---- C:\Program Files\ICQ7.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2008-04-24 309248]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\windows\system32\DRIVERS\bcmwl6.sys [2008-03-21 1207288]
R3 BthEnum;Služba Bluetooth Enumerator; C:\windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2008-04-22 80424]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2008-04-22 80936]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2008-04-22 16168]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\windows\system32\DRIVERS\e1e6032.sys [2007-05-24 223616]
R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2008-03-27 199472]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 catchme;catchme; \??\C:\Users\Ja\AppData\Local\Temp\catchme.sys [2010-04-16 31744]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nmwcd;Nokia USB Phone Parent; C:\windows\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\windows\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbser;USB Modem Driver; C:\windows\system32\DRIVERS\usbser.sys [2008-01-21 28160]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 WpdUsb;WpdUsb; C:\windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\windows\system32\rpcnet.exe [2009-11-04 56680]
S2 gupdate1ca5a45dfb31a7;Služba Google Update (gupdate1ca5a45dfb31a7); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-31 133104]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\Windows\system32\flcdlock.exe [2007-06-08 172131]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S4 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S4 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-04-16 165192]
S4 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 08:10
od meteorolog
Dobrý den :)

můžete sem dát log z MBAM před smazáním havěti?

použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter, restartujte PC a postup zopakujte - znovu stáhněte ComboFix a spusťte

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 08:36
od gropa
bohužel jsem tu prvně tak mě nenapadlo před čištěním udělat log. příště budu chytřejší. T-cleaner jsem použil. restartoval. stahl combofix a opět se combofix asi sekl na vyhledávání nakažených souborů. To samé mi dělal combofix včera a nedojel dál i když jsem ho nechal přes noc. Ty logy co jsem dal jsou čisté? Nebo co by mohlo udělat tu falešnou asociaci lnk souborů na explorer? Díky moc za pomoc. Ondřej

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 08:48
od meteorolog
logy jsou v programu MBAM uloženy v záložce Záznamy - tak najděte podle data poslední a vložte ho sem (ale aby tam byly vidět ty smazané soubory)

soubor C:\ComboFix.txt se nevytvořil?

a ještě mi přesněji popište ten problém - na jaké soubory s příponou .Ink klikáte a proč a co se vám otevře - Internet Explorer?

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 09:01
od gropa
tady jsou poslední tři logy MBAM ze včerejška. Combofix se sekne a musim vypnout comp natvrdo. Sekne se na vyhledávání nakažených souborů. AŤ nechám jakkoliv dlouho. Všechny soubory lnk tj na ploše odkazy na programy ve startu ve všech programech zkrátka všechny lnk po poklikaní otevře internet explorer (mají i jeho ikonu)
a zahlásí chcete soubore otevřít nebo uložit (Total Comander.lnk) pokud jdám otevřít udělá se to samé tj skočí stejná tabulka (cyklus)


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3990

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

15.4.2010 14:45:47
mbam-log-2010-04-15 (14-45-47).txt

Typ skenu: Rychlý sken
Skenované objekty: 6199
Uplynulý čas: 7 minuta(y), 28 sekunda(y)

Infikované procesy v paměti: 2
Infikované moduly v paměti: 3
Infikované klíče registru: 63
Infikované hodnoty registru: 5
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 20

Infikované procesy v paměti:
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Infikované moduly v paměti:
C:\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.

Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.









Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3990

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

15.4.2010 15:11:17
mbam-log-2010-04-15 (15-11-17).txt

Typ skenu: Rychlý sken
Skenované objekty: 108976
Uplynulý čas: 12 minuta(y), 4 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 41
Infikované hodnoty registru: 2
Infikované datové položky registru: 6
Infikované složky: 3
Infikované soubory: 1

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\CustomizeSearch (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com) -> Quarantined and deleted successfully.

Infikované složky:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Users\Ja\downloads\SmileyCentralPFSetup2.3.50.45.ZNfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.







Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3990

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

15.4.2010 18:01:23
mbam-log-2010-04-15 (18-01-23).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 284037
Uplynulý čas: 1 hodina(y), 12 minuta(y), 10 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 19

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1682466265-3218161042-3317477814-1004\$R75O5DC\bar\firefox\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\WinRAR\RAR Slayer v1.1.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Program Files\Stylish Profile\enlbrdr.dll (Trojan.BHO) -> Quarantined and deleted successfully.
D:\WinRAR 3.80 final\Path\RAR Slayer v1.1.exe (Malware.Tool) -> Quarantined and deleted successfully.

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 09:11
od meteorolog
s MBAM proveďte nový sken a vložte sem aktuální log (co najde dejte opět smazat)

stáhněte OTMoveIt3 - http://www.viry.cz/forum/viewtopic.php?f=15&t=72743 a použijte tento script:
:files
C:\WINDOWS\system32\*.tmp.dll /s
c:\WINDOWS\system32\drivers\*.tmp.dll /s
c:\WINDOWS\system32\dllcache\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:commands
[purity]
[emptytemp]
[reboot]
vložte sem log, který program vytvoří

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 09:34
od gropa
tak MBAM rychlý sken nenašel nic log je zde

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3990

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

16.4.2010 10:28:28
mbam-log-2010-04-16 (10-28-28).txt

Typ skenu: Rychlý sken
Skenované objekty: 107615
Uplynulý čas: 3 minuta(y), 32 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)




LOG z OTM

All processes killed
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder c:\WINDOWS\system32\drivers\*.tmp.dll not found.
File/Folder c:\WINDOWS\system32\dllcache\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2EBD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7695.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP981.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9AF7.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9B0.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA5B0.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0D7.tmp folder moved successfully.
C:\WINDOWS\Installer\MSICFC1.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ja
->Temp folder emptied: 57331 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 1121339 bytes
->FireFox cache emptied: 23138608 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3308 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 23,00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04162010_103013




Zatím problém přetrvává

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 09:40
od meteorolog
OTMoveIt3 - nový script:
:services
PEVSystemStart

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

:commands
[reboot]
vložte sem log, který program vytvoří

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 09:44
od gropa
skript aplikován

Log z OTM je zde

========== SERVICES/DRIVERS ==========
Error: No service named PEVSystemStart was found to stop!
Service\Driver key PEVSystemStart not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart\ not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.10.1 log created on 04162010_104204

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 09:50
od meteorolog
OK, znovu použijte http://sweb.cz/Marinus/T-Cleaner.exe - pro potvrzení stiskněte vždy klávesu A nebo Enter

potom CCleaner - položky Čistič a Registry - čištění opakujte do odstranění všech problémů

a nakonec ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1:

po spuštění staženého souboru se objeví okno:

Obrázek

zatrhněte Select All, klikněte na Empty Selected a Exit

stejným způsobem vymažte případně cache Firefoxu a Opery :-)

restartujte PC

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 09:56
od gropa
hotovo. projeto všemy třemi programy. Co dál? Díky Ondřej

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 10:11
od meteorolog
zkuste ještě tento program - http://sapcupgrades.com/Spywaretools/daft.exe
- stáhněte, spusťte
- dejte sken, červeně označené řádky označte a klikněte na fix
- pak dejte vědět zda to pomohlo

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 10:16
od gropa
píše alll asociations are ok.

LOG je tady

DAFT Log saved on 2010-04-16 11:12:58
-----------------------------------------------------------------------
All associations okay!


Ještě zkouším aktuální úplný scan MBAM a jak dojede dám sem LOG.

Nevíte proč mi nejede COMBOFIX? Existuje k COMBOFIK alternativa?

Díky moc Ondřej

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 10:33
od meteorolog
nemáte zač :)

jinak lze CF přejmenovat na něco.exe (.bat, .com) nebo spustit v nouzovém režimu, případně jako alternativu lze použít OTL

Re: log UPM a RSIT - prosím o kontrolu -soubory *.lnk otevír

Napsal: 16 dub 2010 11:22
od gropa
Problém stále přetrvává MBAM plný sken nic nenajde viz

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3994

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

16.4.2010 12:02:58
mbam-log-2010-04-16 (12-02-58).txt

Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 277219
Uplynulý čas: 48 minuta(y), 40 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)



Combofix se stále sekne.

Nějaký ještě nápad?? Ondřej
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz