Dobry vecer,chci poprosit o kontrolu logu z meho laptopu. Vyskakujou mi okna s reklamama....Diky Ondra
Logfile of random's system information tool 1.08 (written by random/random)
Run by Ondraaadika at 2010-08-28 22:13:54
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 62 GB (62%) free of 100 GB
Total RAM: 2045 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:14:27, on 28/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\Bmygaa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Ondraaadika\AppData\Local\Temp\Bth.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Ondraaadika\Downloads\RSIT(2).exe
C:\Windows\System32\osk.exe
C:\Program Files\trend micro\Ondraaadika.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: CrowdStar Gamebar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [XBV6RD5SZF] C:\Users\Ondraaadika\AppData\Local\Temp\Bth.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CCC.lnk = ?
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZRfox000
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9400 bytes
======Scheduled tasks folder======
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL [2010-07-07 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2010-07-07 434271]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2006-11-16 299008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
CrowdStar Gamebar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-06-30 1390984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2006-11-16 151552]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2010-07-07 434271]
{D4027C7F-154A-4066-A1AD-4243D8127440} - CrowdStar Gamebar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-06-30 1390984]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-20 4018176]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"Acer Tour"= []
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"SetPanel"= []
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-11-15 614400]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-11-17 453120]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-06-29 1990704]
"MyWebSearch Plugin"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2010-07-07 24688]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2010-07-07 32838]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"????r"= []
"?????????"=??????????????e []
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2010-07-07 32838]
"XBV6RD5SZF"=C:\Users\Ondraaadika\AppData\Local\Temp\Bth.exe [2010-08-28 181760]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Ondraaadika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-08-28 22:09:46 ----D---- C:\Program Files\trend micro
2010-08-28 22:09:45 ----D---- C:\rsit
2010-08-28 21:49:33 ----D---- C:\Windows\Sun
2010-08-28 09:40:55 ----A---- C:\Windows\Bmygaa.exe
2010-08-28 09:40:33 ----RASH---- C:\MSDOS.SYS
2010-08-28 09:40:33 ----RASH---- C:\IO.SYS
2010-08-13 21:51:26 ----D---- C:\Program Files\Common Files\Java
2010-08-13 21:50:59 ----A---- C:\Windows\system32\javaws.exe
2010-08-13 21:50:59 ----A---- C:\Windows\system32\javaw.exe
2010-08-13 21:50:59 ----A---- C:\Windows\system32\java.exe
2010-08-12 22:56:53 ----D---- C:\Program Files\3DJournal - FREE
2010-08-12 12:07:43 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 12:07:40 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\mshtmled.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 12:07:37 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 12:07:37 ----A---- C:\Windows\system32\ieencode.dll
2010-08-12 12:07:37 ----A---- C:\Windows\system32\ieapfltr.dll
2010-08-12 12:07:35 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 12:07:29 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 12:07:26 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 12:07:16 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 12:07:16 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 12:07:14 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 12:07:13 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 12:07:13 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 12:07:11 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-03 08:11:25 ----A---- C:\Windows\system32\shell32.dll
2010-07-29 12:11:55 ----D---- C:\Downloads
======List of files/folders modified in the last 1 months======
2010-08-28 22:13:59 ----D---- C:\Windows\Temp
2010-08-28 22:13:25 ----D---- C:\Windows\Prefetch
2010-08-28 22:09:46 ----RD---- C:\Program Files
2010-08-28 21:51:51 ----D---- C:\Windows\System32
2010-08-28 21:51:51 ----D---- C:\Windows\inf
2010-08-28 21:51:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-28 21:49:33 ----D---- C:\Windows
2010-08-28 21:45:38 ----D---- C:\Windows\system32\Tasks
2010-08-28 21:45:35 ----D---- C:\Windows\Tasks
2010-08-28 00:30:42 ----SHD---- C:\System Volume Information
2010-08-25 19:57:55 ----D---- C:\Users\Ondraaadika\AppData\Roaming\Skype
2010-08-25 17:21:16 ----D---- C:\Users\Ondraaadika\AppData\Roaming\skypePM
2010-08-23 22:36:49 ----D---- C:\Windows\system32\catroot2
2010-08-20 09:20:03 ----SHD---- C:\Windows\Installer
2010-08-19 21:25:16 ----D---- C:\Program Files\Yahoo!
2010-08-19 21:25:15 ----HD---- C:\ProgramData
2010-08-13 21:51:26 ----D---- C:\Program Files\Common Files
2010-08-13 21:50:53 ----D---- C:\Program Files\Java
2010-08-13 09:01:26 ----D---- C:\Windows\Microsoft.NET
2010-08-13 08:50:46 ----RSD---- C:\Windows\assembly
2010-08-13 08:19:02 ----D---- C:\Windows\winsxs
2010-08-13 08:06:06 ----D---- C:\Program Files\Movie Maker
2010-08-13 08:06:03 ----D---- C:\Windows\system32\drivers
2010-08-13 00:29:03 ----D---- C:\Windows\system32\catroot
2010-08-13 00:28:49 ----D---- C:\Program Files\Windows Mail
2010-08-10 23:57:46 ----SD---- C:\Users\Ondraaadika\AppData\Roaming\Microsoft
2010-08-03 19:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-29 13:05:29 ----D---- C:\Program Files\Ask.com
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 10624]
R0 PSDNServ;PSDNSERVER; C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 7936]
R0 psdvdisk;psdvdisk; C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 53760]
R0 SI3112;ATI-4379 Serial ATA Controller; C:\Windows\system32\DRIVERS\SI3112.sys [2008-08-20 74280]
R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\DRIVERS\SiWinAcc.sys [2008-08-20 19240]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2006-08-28 13952]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2006-11-13 69632]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-18 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-05-28 1870848]
R3 Cam5603D;Acer OrbiCam; C:\Windows\System32\Drivers\BisonCam.sys [2006-11-23 806320]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-25 76928]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-23 1652968]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-11-14 6144]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 2313216]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-06 51200]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 drmkaud;Dekodér zvuku DRM jádra spolecnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2006-11-02 20992]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;Ovladac zvuku USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-01-08 557056]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-11-30 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 118784]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2010-07-07 28762]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 131072]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nejakej sajrajt v laptopu..
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
o.n.y.s.e.k
- Návštěvník
- Příspěvky: 131
- Registrován: 01 lis 2006 12:43
- Bydliště: Praha
Re: Nejakej sajrajt v laptopu..
dobrý večer 
pěknej binec
Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
-spusťte ho a nechejte pracovat. Sám se ukončí.
-
Ted nerestartujte počítač!
Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
pěknej binec
Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jinýRkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
-spusťte ho a nechejte pracovat. Sám se ukončí.
-
Ted nerestartujte počítač! Spusťte combofix podle tohoto návoduhttp://www.bleepingcomputer.com/combofi ... t-combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
o.n.y.s.e.k
- Návštěvník
- Příspěvky: 131
- Registrován: 01 lis 2006 12:43
- Bydliště: Praha
Re: Nejakej sajrajt v laptopu..
tak tady je log z comofixu.....
ComboFix 10-08-28.01 - Ondraaadika 29/08/2010 9:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1029.18.2045.922 [GMT 1:00]
Running from: c:\users\Ondraaadika\Downloads\ComboFix.exe
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files\FunWebProducts
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSrcas.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.
2010-08-29 08:35 . 2010-08-29 08:37 -------- d-----w- C:\32788R22FWJFW
2010-08-28 21:09 . 2010-08-28 21:14 -------- d-----w- c:\program files\trend micro
2010-08-28 21:09 . 2010-08-28 21:10 -------- d-----w- C:\rsit
2010-08-28 20:49 . 2010-08-28 20:49 -------- d-----w- c:\windows\Sun
2010-08-28 08:40 . 2010-08-28 08:40 210432 ----a-w- c:\windows\Bmygaa.exe
2010-08-13 20:51 . 2010-08-13 20:51 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 21:56 . 2010-08-12 21:56 -------- d-----w- c:\program files\3DJournal - FREE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 08:49 . 2006-11-14 14:39 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-29 07:11 . 2010-05-30 15:34 34574 ----a-w- c:\windows\system32\perfh005.dat
2010-08-29 07:11 . 2010-05-30 15:34 13826 ----a-w- c:\windows\system32\perfc005.dat
2010-08-27 22:47 . 2010-06-05 22:10 1 ----a-w- c:\users\Ondraaadika\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-25 18:57 . 2010-06-03 18:13 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\Skype
2010-08-25 16:21 . 2010-06-03 18:20 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\skypePM
2010-08-19 20:25 . 2006-11-14 15:11 -------- d-----w- c:\program files\Yahoo!
2010-08-13 20:50 . 2010-05-30 14:20 -------- d-----w- c:\program files\Java
2010-08-12 23:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-29 12:05 . 2010-06-01 21:52 -------- d-----w- c:\program files\Ask.com
2010-07-29 10:30 . 2010-07-29 10:30 2956168 ----a-w- c:\users\Ondraaadika\AppData\Roaming\Mozilla\Firefox\Profiles\s312rq2u.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-17 04:00 . 2010-05-30 14:52 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 21:12 . 2010-06-02 22:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-07 19:20 . 2010-07-07 19:20 -------- d-----w- c:\program files\CCleaner
2010-06-29 15:47 . 2010-08-12 11:07 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 11:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 08:00 . 2010-07-07 21:12 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-21 13:37 . 2010-08-12 11:07 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 11:07 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 11:07 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 11:07 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-12 11:07 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-12 11:07 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 11:07 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-12 11:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 11:07 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-08 16:10 . 2010-07-07 21:12 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-08 16:10 . 2010-07-07 21:12 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-05 22:11 . 2010-05-30 12:29 54560 ----a-w- c:\users\Ondraaadika\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-04 23:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-04 21:35 . 2010-06-04 21:35 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-06-03 18:20 . 2010-06-03 18:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-02 13:32 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-02 13:32 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-30 1390984]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-30 21:51 1390984 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-30 1390984]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-30 1390984]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-11-15 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Ondraaadika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-11-14 528384]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):43,fd,d7,7a,0b,03,cb,01
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.uk.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\users\Ondraaadika\AppData\Roaming\Mozilla\Firefox\Profiles\s312rq2u.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS&o=16188&locale=en_US&apn_uid=4CF09FDF-D2C6-422E-BAC7-8AEAD94D45CE&apn_ptnrs=QP&apn_sauid=F6236C9F-1DC4-4770-B7F5-9134DACE8F67&apn_dtid=&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-SetPanel - (no file)
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
ActiveSetup-ccc-core-static - msiexec
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4676)
c:\program files\FlashGet\fgmgr.dll
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\osk.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\Bmygaa.exe
.
**************************************************************************
.
Completion time: 2010-08-29 09:57:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-29 08:57
Pre-Run: Volných bajtu: 64,836,517,888
Post-Run: Volných bajtu: 64,948,281,344
- - End Of File - - 6EC3966321B8D1988FD90082FF5040C9
ComboFix 10-08-28.01 - Ondraaadika 29/08/2010 9:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1029.18.2045.922 [GMT 1:00]
Running from: c:\users\Ondraaadika\Downloads\ComboFix.exe
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
c:\program files\FunWebProducts
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJpeg.dll
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\1.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCrctr.dll
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSrcas.dll
c:\windows\system32\f3PSSavr.scr
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.
2010-08-29 08:35 . 2010-08-29 08:37 -------- d-----w- C:\32788R22FWJFW
2010-08-28 21:09 . 2010-08-28 21:14 -------- d-----w- c:\program files\trend micro
2010-08-28 21:09 . 2010-08-28 21:10 -------- d-----w- C:\rsit
2010-08-28 20:49 . 2010-08-28 20:49 -------- d-----w- c:\windows\Sun
2010-08-28 08:40 . 2010-08-28 08:40 210432 ----a-w- c:\windows\Bmygaa.exe
2010-08-13 20:51 . 2010-08-13 20:51 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 21:56 . 2010-08-12 21:56 -------- d-----w- c:\program files\3DJournal - FREE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 08:49 . 2006-11-14 14:39 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-29 07:11 . 2010-05-30 15:34 34574 ----a-w- c:\windows\system32\perfh005.dat
2010-08-29 07:11 . 2010-05-30 15:34 13826 ----a-w- c:\windows\system32\perfc005.dat
2010-08-27 22:47 . 2010-06-05 22:10 1 ----a-w- c:\users\Ondraaadika\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-25 18:57 . 2010-06-03 18:13 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\Skype
2010-08-25 16:21 . 2010-06-03 18:20 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\skypePM
2010-08-19 20:25 . 2006-11-14 15:11 -------- d-----w- c:\program files\Yahoo!
2010-08-13 20:50 . 2010-05-30 14:20 -------- d-----w- c:\program files\Java
2010-08-12 23:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-29 12:05 . 2010-06-01 21:52 -------- d-----w- c:\program files\Ask.com
2010-07-29 10:30 . 2010-07-29 10:30 2956168 ----a-w- c:\users\Ondraaadika\AppData\Roaming\Mozilla\Firefox\Profiles\s312rq2u.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-17 04:00 . 2010-05-30 14:52 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 21:12 . 2010-06-02 22:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-07 19:20 . 2010-07-07 19:20 -------- d-----w- c:\program files\CCleaner
2010-06-29 15:47 . 2010-08-12 11:07 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 11:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 08:00 . 2010-07-07 21:12 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-21 13:37 . 2010-08-12 11:07 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 11:07 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 11:07 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 11:07 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-12 11:07 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-12 11:07 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 11:07 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-12 11:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 11:07 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-08 16:10 . 2010-07-07 21:12 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-08 16:10 . 2010-07-07 21:12 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-05 22:11 . 2010-05-30 12:29 54560 ----a-w- c:\users\Ondraaadika\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-04 23:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-04 21:35 . 2010-06-04 21:35 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-06-03 18:20 . 2010-06-03 18:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-02 13:32 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-02 13:32 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-30 1390984]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-30 21:51 1390984 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-30 1390984]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-30 1390984]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-11-15 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Ondraaadika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-11-14 528384]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):43,fd,d7,7a,0b,03,cb,01
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.uk.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\users\Ondraaadika\AppData\Roaming\Mozilla\Firefox\Profiles\s312rq2u.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS&o=16188&locale=en_US&apn_uid=4CF09FDF-D2C6-422E-BAC7-8AEAD94D45CE&apn_ptnrs=QP&apn_sauid=F6236C9F-1DC4-4770-B7F5-9134DACE8F67&apn_dtid=&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-SetPanel - (no file)
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
ActiveSetup-ccc-core-static - msiexec
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4676)
c:\program files\FlashGet\fgmgr.dll
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\osk.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\Bmygaa.exe
.
**************************************************************************
.
Completion time: 2010-08-29 09:57:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-29 08:57
Pre-Run: Volných bajtu: 64,836,517,888
Post-Run: Volných bajtu: 64,948,281,344
- - End Of File - - 6EC3966321B8D1988FD90082FF5040C9
Re: Nejakej sajrajt v laptopu..
Stahněte MBAM z mého podpisu-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
o.n.y.s.e.k
- Návštěvník
- Příspěvky: 131
- Registrován: 01 lis 2006 12:43
- Bydliště: Praha
Re: Nejakej sajrajt v laptopu..
Tak zde je log z mbam.....
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4504
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
29/08/2010 22:45:05
mbam-log-2010-08-29 (22-45-05).txt
Typ skenu: Rychlý sken
Skenované objekty: 130133
Uplynulý èas: 24 minuta(y), 40 sekunda(y)
Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 1
Infikované klíèe registru: 42
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v pamìti:
(Žádné škodlivé položky nebyly zjištìny)
Infikované moduly v pamìti:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
Infikované klíèe registru:
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištìny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištìny)
Infikované soubory:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4504
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
29/08/2010 22:45:05
mbam-log-2010-08-29 (22-45-05).txt
Typ skenu: Rychlý sken
Skenované objekty: 130133
Uplynulý èas: 24 minuta(y), 40 sekunda(y)
Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 1
Infikované klíèe registru: 42
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2
Infikované procesy v pamìti:
(Žádné škodlivé položky nebyly zjištìny)
Infikované moduly v pamìti:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
Infikované klíèe registru:
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> No action taken.
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištìny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištìny)
Infikované soubory:
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
Re: Nejakej sajrajt v laptopu..
Vše smažte a udělejte uplný sken mbamem.
Od půlnoci nepujde zhruba 40 minut forum
Od půlnoci nepujde zhruba 40 minut forum
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
o.n.y.s.e.k
- Návštěvník
- Příspěvky: 131
- Registrován: 01 lis 2006 12:43
- Bydliště: Praha
Re: Nejakej sajrajt v laptopu..
Tak zde je komletni scan....
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4504
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
30/08/2010 17:20:08
mbam-log-2010-08-30 (17-20-08).txt
Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 219608
Uplynulý èas: 46 minuta(y), 38 sekunda(y)
Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 27
Infikované procesy v pamìti:
(Žádné škodlivé položky nebyly zjištìny)
Infikované moduly v pamìti:
(Žádné škodlivé položky nebyly zjištìny)
Infikované klíèe registru:
(Žádné škodlivé položky nebyly zjištìny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištìny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištìny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištìny)
Infikované soubory:
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> No action taken.
D:\Instalacky a drivery\PopularScreensaversSetup2.3.50.26.ZRfox000.exe (Adware.MyWebSearch) -> No action taken.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4504
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
30/08/2010 17:20:08
mbam-log-2010-08-30 (17-20-08).txt
Typ skenu: Úplný sken (C:\|D:\|)
Skenované objekty: 219608
Uplynulý èas: 46 minuta(y), 38 sekunda(y)
Infikované procesy v pamìti: 0
Infikované moduly v pamìti: 0
Infikované klíèe registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 27
Infikované procesy v pamìti:
(Žádné škodlivé položky nebyly zjištìny)
Infikované moduly v pamìti:
(Žádné škodlivé položky nebyly zjištìny)
Infikované klíèe registru:
(Žádné škodlivé položky nebyly zjištìny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištìny)
Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištìny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištìny)
Infikované soubory:
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\PROGRA~1\MYWEBS~1\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\System32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> No action taken.
D:\Instalacky a drivery\PopularScreensaversSetup2.3.50.26.ZRfox000.exe (Adware.MyWebSearch) -> No action taken.
Re: Nejakej sajrajt v laptopu..
Vše smažte a poprosím o nový log ze rsitu. Jak to vypadá s počítačem?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
o.n.y.s.e.k
- Návštěvník
- Příspěvky: 131
- Registrován: 01 lis 2006 12:43
- Bydliště: Praha
Re: Nejakej sajrajt v laptopu..
Tak jsem smazal a zde je log z rsitu. A pocitac se chova dobre. Nic nevyskakuje a vyda ok..
Logfile of random's system information tool 1.08 (written by random/random)
Run by Ondraaadika at 2010-08-30 22:50:15
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 62 GB (62%) free of 100 GB
Total RAM: 2045 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:50:26, on 30/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Ondraaadika\Downloads\RSIT(2).exe
C:\Windows\System32\osk.exe
C:\Program Files\trend micro\Ondraaadika.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: CrowdStar Gamebar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: CCC.lnk = ?
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7446 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2006-11-16 299008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
CrowdStar Gamebar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-06-30 1390984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2006-11-16 151552]
{D4027C7F-154A-4066-A1AD-4243D8127440} - CrowdStar Gamebar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-06-30 1390984]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-20 4018176]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-11-15 614400]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-11-17 453120]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-06-29 1990704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"????r"= []
"?????????"=??????????????e []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Ondraaadika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-08-30 16:03:49 ----D---- C:\Users\Ondraaadika\AppData\Roaming\AVS4YOU
2010-08-30 16:03:45 ----D---- C:\ProgramData\AVS4YOU
2010-08-30 16:01:45 ----D---- C:\Program Files\Common Files\AVSMedia
2010-08-30 16:00:52 ----A---- C:\Windows\system32\mfc70.dll
2010-08-30 16:00:51 ----A---- C:\Windows\system32\msxml3a.dll
2010-08-30 16:00:51 ----A---- C:\Windows\system32\msvcr70.dll
2010-08-30 16:00:51 ----A---- C:\Windows\system32\msvcp70.dll
2010-08-30 16:00:50 ----D---- C:\Program Files\AVS4YOU
2010-08-29 22:15:00 ----D---- C:\Users\Ondraaadika\AppData\Roaming\Malwarebytes
2010-08-29 22:13:46 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-29 22:13:45 ----D---- C:\ProgramData\Malwarebytes
2010-08-29 22:13:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-29 22:13:45 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-29 09:57:25 ----A---- C:\ComboFix.txt
2010-08-29 09:51:31 ----D---- C:\$RECYCLE.BIN
2010-08-29 09:48:20 ----D---- C:\Windows\temp
2010-08-29 09:37:15 ----A---- C:\Windows\zip.exe
2010-08-29 09:37:15 ----A---- C:\Windows\SWSC.exe
2010-08-29 09:37:15 ----A---- C:\Windows\SWREG.exe
2010-08-29 09:37:15 ----A---- C:\Windows\sed.exe
2010-08-29 09:37:15 ----A---- C:\Windows\PEV.exe
2010-08-29 09:37:15 ----A---- C:\Windows\NIRCMD.exe
2010-08-29 09:37:15 ----A---- C:\Windows\MBR.exe
2010-08-29 09:37:15 ----A---- C:\Windows\grep.exe
2010-08-29 09:37:08 ----D---- C:\Windows\ERDNT
2010-08-29 09:36:29 ----D---- C:\Qoobox
2010-08-29 09:35:59 ----A---- C:\Windows\SWXCACLS.exe
2010-08-29 09:35:54 ----D---- C:\32788R22FWJFW
2010-08-28 22:09:46 ----D---- C:\Program Files\trend micro
2010-08-28 22:09:45 ----D---- C:\rsit
2010-08-28 21:49:33 ----D---- C:\Windows\Sun
2010-08-28 09:40:55 ----A---- C:\Windows\Bmygaa.exe
2010-08-28 09:40:33 ----RASH---- C:\MSDOS.SYS
2010-08-28 09:40:33 ----RASH---- C:\IO.SYS
2010-08-13 21:51:26 ----D---- C:\Program Files\Common Files\Java
2010-08-13 21:50:59 ----A---- C:\Windows\system32\javaws.exe
2010-08-13 21:50:59 ----A---- C:\Windows\system32\javaw.exe
2010-08-13 21:50:59 ----A---- C:\Windows\system32\java.exe
2010-08-12 22:56:53 ----D---- C:\Program Files\3DJournal - FREE
2010-08-12 12:07:43 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 12:07:40 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\mshtmled.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 12:07:37 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 12:07:37 ----A---- C:\Windows\system32\ieencode.dll
2010-08-12 12:07:37 ----A---- C:\Windows\system32\ieapfltr.dll
2010-08-12 12:07:35 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 12:07:29 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 12:07:26 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 12:07:16 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 12:07:16 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 12:07:14 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 12:07:13 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 12:07:13 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 12:07:11 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-03 08:11:25 ----A---- C:\Windows\system32\shell32.dll
======List of files/folders modified in the last 1 months======
2010-08-30 21:49:06 ----D---- C:\Windows\System32
2010-08-30 21:49:06 ----D---- C:\Windows\inf
2010-08-30 21:49:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-30 17:29:58 ----D---- C:\Windows\system32\WDI
2010-08-30 16:03:45 ----D---- C:\ProgramData
2010-08-30 16:01:45 ----SHD---- C:\Windows\Installer
2010-08-30 16:01:45 ----D---- C:\Program Files\Common Files
2010-08-30 16:01:42 ----D---- C:\Windows\winsxs
2010-08-30 16:00:50 ----RD---- C:\Program Files
2010-08-30 15:01:08 ----D---- C:\Windows\system32\drivers
2010-08-30 15:01:08 ----D---- C:\Windows\Panther
2010-08-30 14:59:20 ----D---- C:\Windows\Tasks
2010-08-30 14:35:59 ----D---- C:\Windows\system32\Tasks
2010-08-30 08:24:06 ----SHD---- C:\System Volume Information
2010-08-30 08:10:58 ----D---- C:\Windows
2010-08-29 09:51:37 ----A---- C:\Windows\system.ini
2010-08-29 09:51:27 ----D---- C:\Windows\system32\drivers\etc
2010-08-29 09:49:10 ----D---- C:\Windows\system32\config
2010-08-29 09:49:10 ----D---- C:\Boot
2010-08-29 09:47:26 ----D---- C:\Program Files\Internet Explorer
2010-08-29 09:44:19 ----D---- C:\Windows\AppPatch
2010-08-29 09:37:26 ----D---- C:\Windows\Prefetch
2010-08-25 19:57:55 ----D---- C:\Users\Ondraaadika\AppData\Roaming\Skype
2010-08-25 17:21:16 ----D---- C:\Users\Ondraaadika\AppData\Roaming\skypePM
2010-08-23 22:36:49 ----D---- C:\Windows\system32\catroot2
2010-08-19 21:25:16 ----D---- C:\Program Files\Yahoo!
2010-08-13 21:50:53 ----D---- C:\Program Files\Java
2010-08-13 09:01:26 ----D---- C:\Windows\Microsoft.NET
2010-08-13 08:50:46 ----RSD---- C:\Windows\assembly
2010-08-13 08:06:06 ----D---- C:\Program Files\Movie Maker
2010-08-13 00:29:03 ----D---- C:\Windows\system32\catroot
2010-08-13 00:28:49 ----D---- C:\Program Files\Windows Mail
2010-08-10 23:57:46 ----SD---- C:\Users\Ondraaadika\AppData\Roaming\Microsoft
2010-08-03 19:09:31 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 10624]
R0 PSDNServ;PSDNSERVER; C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 7936]
R0 psdvdisk;psdvdisk; C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 53760]
R0 SI3112;ATI-4379 Serial ATA Controller; C:\Windows\system32\DRIVERS\SI3112.sys [2008-08-20 74280]
R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\DRIVERS\SiWinAcc.sys [2008-08-20 19240]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2006-08-28 13952]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2006-11-13 69632]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-18 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-05-28 1870848]
R3 Cam5603D;Acer OrbiCam; C:\Windows\System32\Drivers\BisonCam.sys [2006-11-23 806320]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-25 76928]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-23 1652968]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-11-14 6144]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 2313216]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-06 51200]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuku DRM jádra spolecnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2006-11-02 20992]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;Ovladac zvuku USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-01-08 557056]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-11-30 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 118784]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 131072]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Ondraaadika at 2010-08-30 22:50:15
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 62 GB (62%) free of 100 GB
Total RAM: 2045 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:50:26, on 30/08/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Ondraaadika\Downloads\RSIT(2).exe
C:\Windows\System32\osk.exe
C:\Program Files\trend micro\Ondraaadika.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: CrowdStar Gamebar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: CCC.lnk = ?
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 7446 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2006-11-16 299008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
CrowdStar Gamebar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-06-30 1390984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2006-11-16 151552]
{D4027C7F-154A-4066-A1AD-4243D8127440} - CrowdStar Gamebar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-06-30 1390984]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-11-20 4018176]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-11-15 614400]
"eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2006-11-17 453120]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-06-29 1990704]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"????r"= []
"?????????"=??????????????e []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-05-13 26192168]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Ondraaadika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2010-08-30 16:03:49 ----D---- C:\Users\Ondraaadika\AppData\Roaming\AVS4YOU
2010-08-30 16:03:45 ----D---- C:\ProgramData\AVS4YOU
2010-08-30 16:01:45 ----D---- C:\Program Files\Common Files\AVSMedia
2010-08-30 16:00:52 ----A---- C:\Windows\system32\mfc70.dll
2010-08-30 16:00:51 ----A---- C:\Windows\system32\msxml3a.dll
2010-08-30 16:00:51 ----A---- C:\Windows\system32\msvcr70.dll
2010-08-30 16:00:51 ----A---- C:\Windows\system32\msvcp70.dll
2010-08-30 16:00:50 ----D---- C:\Program Files\AVS4YOU
2010-08-29 22:15:00 ----D---- C:\Users\Ondraaadika\AppData\Roaming\Malwarebytes
2010-08-29 22:13:46 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-29 22:13:45 ----D---- C:\ProgramData\Malwarebytes
2010-08-29 22:13:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-29 22:13:45 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-29 09:57:25 ----A---- C:\ComboFix.txt
2010-08-29 09:51:31 ----D---- C:\$RECYCLE.BIN
2010-08-29 09:48:20 ----D---- C:\Windows\temp
2010-08-29 09:37:15 ----A---- C:\Windows\zip.exe
2010-08-29 09:37:15 ----A---- C:\Windows\SWSC.exe
2010-08-29 09:37:15 ----A---- C:\Windows\SWREG.exe
2010-08-29 09:37:15 ----A---- C:\Windows\sed.exe
2010-08-29 09:37:15 ----A---- C:\Windows\PEV.exe
2010-08-29 09:37:15 ----A---- C:\Windows\NIRCMD.exe
2010-08-29 09:37:15 ----A---- C:\Windows\MBR.exe
2010-08-29 09:37:15 ----A---- C:\Windows\grep.exe
2010-08-29 09:37:08 ----D---- C:\Windows\ERDNT
2010-08-29 09:36:29 ----D---- C:\Qoobox
2010-08-29 09:35:59 ----A---- C:\Windows\SWXCACLS.exe
2010-08-29 09:35:54 ----D---- C:\32788R22FWJFW
2010-08-28 22:09:46 ----D---- C:\Program Files\trend micro
2010-08-28 22:09:45 ----D---- C:\rsit
2010-08-28 21:49:33 ----D---- C:\Windows\Sun
2010-08-28 09:40:55 ----A---- C:\Windows\Bmygaa.exe
2010-08-28 09:40:33 ----RASH---- C:\MSDOS.SYS
2010-08-28 09:40:33 ----RASH---- C:\IO.SYS
2010-08-13 21:51:26 ----D---- C:\Program Files\Common Files\Java
2010-08-13 21:50:59 ----A---- C:\Windows\system32\javaws.exe
2010-08-13 21:50:59 ----A---- C:\Windows\system32\javaw.exe
2010-08-13 21:50:59 ----A---- C:\Windows\system32\java.exe
2010-08-12 22:56:53 ----D---- C:\Program Files\3DJournal - FREE
2010-08-12 12:07:43 ----A---- C:\Windows\system32\iccvid.dll
2010-08-12 12:07:40 ----A---- C:\Windows\system32\mshtml.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\wininet.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\urlmon.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\mshtmled.dll
2010-08-12 12:07:38 ----A---- C:\Windows\system32\ieframe.dll
2010-08-12 12:07:37 ----A---- C:\Windows\system32\iepeers.dll
2010-08-12 12:07:37 ----A---- C:\Windows\system32\ieencode.dll
2010-08-12 12:07:37 ----A---- C:\Windows\system32\ieapfltr.dll
2010-08-12 12:07:35 ----A---- C:\Windows\system32\schannel.dll
2010-08-12 12:07:29 ----A---- C:\Windows\system32\win32k.sys
2010-08-12 12:07:26 ----A---- C:\Windows\system32\rtutils.dll
2010-08-12 12:07:16 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-12 12:07:16 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-12 12:07:14 ----A---- C:\Windows\system32\msxml3.dll
2010-08-12 12:07:13 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-12 12:07:13 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-12 12:07:11 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-03 08:11:25 ----A---- C:\Windows\system32\shell32.dll
======List of files/folders modified in the last 1 months======
2010-08-30 21:49:06 ----D---- C:\Windows\System32
2010-08-30 21:49:06 ----D---- C:\Windows\inf
2010-08-30 21:49:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-30 17:29:58 ----D---- C:\Windows\system32\WDI
2010-08-30 16:03:45 ----D---- C:\ProgramData
2010-08-30 16:01:45 ----SHD---- C:\Windows\Installer
2010-08-30 16:01:45 ----D---- C:\Program Files\Common Files
2010-08-30 16:01:42 ----D---- C:\Windows\winsxs
2010-08-30 16:00:50 ----RD---- C:\Program Files
2010-08-30 15:01:08 ----D---- C:\Windows\system32\drivers
2010-08-30 15:01:08 ----D---- C:\Windows\Panther
2010-08-30 14:59:20 ----D---- C:\Windows\Tasks
2010-08-30 14:35:59 ----D---- C:\Windows\system32\Tasks
2010-08-30 08:24:06 ----SHD---- C:\System Volume Information
2010-08-30 08:10:58 ----D---- C:\Windows
2010-08-29 09:51:37 ----A---- C:\Windows\system.ini
2010-08-29 09:51:27 ----D---- C:\Windows\system32\drivers\etc
2010-08-29 09:49:10 ----D---- C:\Windows\system32\config
2010-08-29 09:49:10 ----D---- C:\Boot
2010-08-29 09:47:26 ----D---- C:\Program Files\Internet Explorer
2010-08-29 09:44:19 ----D---- C:\Windows\AppPatch
2010-08-29 09:37:26 ----D---- C:\Windows\Prefetch
2010-08-25 19:57:55 ----D---- C:\Users\Ondraaadika\AppData\Roaming\Skype
2010-08-25 17:21:16 ----D---- C:\Users\Ondraaadika\AppData\Roaming\skypePM
2010-08-23 22:36:49 ----D---- C:\Windows\system32\catroot2
2010-08-19 21:25:16 ----D---- C:\Program Files\Yahoo!
2010-08-13 21:50:53 ----D---- C:\Program Files\Java
2010-08-13 09:01:26 ----D---- C:\Windows\Microsoft.NET
2010-08-13 08:50:46 ----RSD---- C:\Windows\assembly
2010-08-13 08:06:06 ----D---- C:\Program Files\Movie Maker
2010-08-13 00:29:03 ----D---- C:\Windows\system32\catroot
2010-08-13 00:28:49 ----D---- C:\Program Files\Windows Mail
2010-08-10 23:57:46 ----SD---- C:\Users\Ondraaadika\AppData\Roaming\Microsoft
2010-08-03 19:09:31 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PSDFilter;PSDFilter; C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 10624]
R0 PSDNServ;PSDNSERVER; C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 7936]
R0 psdvdisk;psdvdisk; C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 53760]
R0 SI3112;ATI-4379 Serial ATA Controller; C:\Windows\system32\DRIVERS\SI3112.sys [2008-08-20 74280]
R0 SiFilter;SATALink driver accelerator; C:\Windows\system32\DRIVERS\SiWinAcc.sys [2008-08-20 19240]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2006-08-28 13952]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 int15;int15; \??\C:\Windows\system32\drivers\int15.sys [2006-11-13 69632]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-18 95744]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2010-05-28 1870848]
R3 Cam5603D;Acer OrbiCam; C:\Windows\System32\Drivers\BisonCam.sys [2006-11-23 806320]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2006-10-25 62208]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2006-10-25 42240]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2006-10-25 76928]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-10-18 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-10-18 206848]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-23 1652968]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2006-11-14 6144]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2007-01-15 9728]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 2313216]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-06 51200]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-10-18 659968]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2006-11-02 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2006-11-02 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2006-11-02 29184]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Dekodér zvuku DRM jádra spolecnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2006-11-02 20992]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 UIUSys;Conexant Setup API; C:\Windows\system32\DRIVERS\UIUSYS.SYS []
S3 usbaudio;Ovladac zvuku USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-01-08 557056]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2006-11-30 24576]
R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 118784]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-13 24576]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 131072]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
-----------------EOF-----------------
Re: Nejakej sajrajt v laptopu..
Pokud nemáte, přesuňte Combofix na plochu-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"????r"=-
"?????????"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
File::
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
Folder::
C:\Program Files\McAfee Security Scan
C:\Program Files\Ask.com
Collect::
c:\windows\Bmygaa.exe
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
o.n.y.s.e.k
- Návštěvník
- Příspěvky: 131
- Registrován: 01 lis 2006 12:43
- Bydliště: Praha
Re: Nejakej sajrajt v laptopu..
ComboFix 10-08-29.04 - Ondraaadika 30/08/2010 23:20:29.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1029.18.2045.972 [GMT 1:00]
Running from: c:\users\Ondraaadika\Downloads\ComboFix.exe
Command switches used :: c:\users\Ondraaadika\Desktop\CFScript.txt.txt
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
file zipped: c:\windows\Bmygaa.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cb_a3db.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_7e8f.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\McAfee Security Scan
c:\program files\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files\McAfee Security Scan\2.0.181\config.dat
c:\program files\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sacore.db
c:\program files\McAfee Security Scan\2.0.181\sacore.dll
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files\McAfee Security Scan\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\windows\Bmygaa.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_McComponentHostService
-------\Service_McComponentHostService
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.
2010-08-30 22:27 . 2010-08-30 22:30 -------- d-----w- c:\users\Ondraaadika\AppData\Local\temp
2010-08-30 22:27 . 2010-08-30 22:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-30 22:27 . 2010-08-30 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-30 22:16 . 2010-08-30 22:17 -------- d-----w- C:\32788R22FWJFW
2010-08-30 15:03 . 2010-08-30 15:03 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\AVS4YOU
2010-08-30 15:03 . 2010-08-30 15:03 -------- d-----w- c:\programdata\AVS4YOU
2010-08-30 15:01 . 2010-08-30 15:37 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-30 15:00 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-08-30 15:00 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-08-30 15:00 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-08-30 15:00 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-30 15:00 . 2010-08-30 15:37 -------- d-----w- c:\program files\AVS4YOU
2010-08-29 21:15 . 2010-08-29 21:15 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\Malwarebytes
2010-08-29 21:13 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 21:13 . 2010-08-29 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 21:13 . 2010-08-29 21:13 -------- d-----w- c:\programdata\Malwarebytes
2010-08-29 21:13 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-28 21:09 . 2010-08-30 21:50 -------- d-----w- c:\program files\trend micro
2010-08-28 21:09 . 2010-08-28 21:10 -------- d-----w- C:\rsit
2010-08-28 20:49 . 2010-08-28 20:49 -------- d-----w- c:\windows\Sun
2010-08-13 20:51 . 2010-08-13 20:51 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 21:56 . 2010-08-12 21:56 -------- d-----w- c:\program files\3DJournal - FREE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 22:29 . 2006-11-14 14:39 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-30 20:49 . 2010-05-30 15:34 34574 ----a-w- c:\windows\system32\perfh005.dat
2010-08-30 20:49 . 2010-05-30 15:34 13826 ----a-w- c:\windows\system32\perfc005.dat
2010-08-29 22:40 . 2010-06-05 22:10 1 ----a-w- c:\users\Ondraaadika\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-25 18:57 . 2010-06-03 18:13 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\Skype
2010-08-25 16:21 . 2010-06-03 18:20 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\skypePM
2010-08-19 20:25 . 2006-11-14 15:11 -------- d-----w- c:\program files\Yahoo!
2010-08-13 20:50 . 2010-05-30 14:20 -------- d-----w- c:\program files\Java
2010-08-12 23:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-29 10:30 . 2010-07-29 10:30 2956168 ----a-w- c:\users\Ondraaadika\AppData\Roaming\Mozilla\Firefox\Profiles\s312rq2u.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-17 04:00 . 2010-05-30 14:52 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 21:12 . 2010-06-02 22:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-07 19:20 . 2010-07-07 19:20 -------- d-----w- c:\program files\CCleaner
2010-06-29 15:47 . 2010-08-12 11:07 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 11:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 08:00 . 2010-07-07 21:12 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-21 13:37 . 2010-08-12 11:07 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 11:07 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 11:07 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 11:07 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-12 11:07 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-12 11:07 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 11:07 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-12 11:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 11:07 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-08 16:10 . 2010-07-07 21:12 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-08 16:10 . 2010-07-07 21:12 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-05 22:11 . 2010-05-30 12:29 54560 ----a-w- c:\users\Ondraaadika\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-04 23:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-04 21:35 . 2010-06-04 21:35 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-06-03 18:20 . 2010-06-03 18:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-02 13:32 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-02 13:32 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-11-15 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Ondraaadika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-11-14 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):43,fd,d7,7a,0b,03,cb,01
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.uk.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\users\Ondraaadika\AppData\Roaming\Mozilla\Firefox\Profiles\s312rq2u.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS&o=16188&locale=en_US&apn_uid=4CF09FDF-D2C6-422E-BAC7-8AEAD94D45CE&apn_ptnrs=QP&apn_sauid=F6236C9F-1DC4-4770-B7F5-9134DACE8F67&apn_dtid=&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3580)
c:\program files\FlashGet\fgmgr.dll
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\osk.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-08-30 23:36:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-30 22:36
ComboFix2.txt 2010-08-29 08:57
Pre-Run: Volných bajtu: 65,246,052,352
Post-Run: Volných bajtu: 65,060,892,672
- - End Of File - - AD574ABCDEF789885C957517835A9059
Upload was successful
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1029.18.2045.972 [GMT 1:00]
Running from: c:\users\Ondraaadika\Downloads\ComboFix.exe
Command switches used :: c:\users\Ondraaadika\Desktop\CFScript.txt.txt
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
file zipped: c:\windows\Bmygaa.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Ask.com
c:\program files\Ask.com\cb_a3db.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_7e8f.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\McAfee Security Scan
c:\program files\McAfee Security Scan\2.0.181\AVScanComponent.dll
c:\program files\McAfee Security Scan\2.0.181\AVScanner.ini
c:\program files\McAfee Security Scan\2.0.181\avvclean.dat
c:\program files\McAfee Security Scan\2.0.181\avvnames.dat
c:\program files\McAfee Security Scan\2.0.181\avvscan.dat
c:\program files\McAfee Security Scan\2.0.181\config.dat
c:\program files\McAfee Security Scan\2.0.181\ftconfig.ini
c:\program files\McAfee Security Scan\2.0.181\McAfee.ico
c:\program files\McAfee Security Scan\2.0.181\mcbrwsr2.dll
c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe
c:\program files\McAfee Security Scan\2.0.181\MCCompHostConfig.ini
c:\program files\McAfee Security Scan\2.0.181\mcscan32.dll
c:\program files\McAfee Security Scan\2.0.181\mcuicnt.exe
c:\program files\McAfee Security Scan\2.0.181\McUpdater.dll
c:\program files\McAfee Security Scan\2.0.181\sa_cache_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sa_http_win32.dll
c:\program files\McAfee Security Scan\2.0.181\sa_mbl.dll
c:\program files\McAfee Security Scan\2.0.181\sa_store_sqlite.dll
c:\program files\McAfee Security Scan\2.0.181\sacore.db
c:\program files\McAfee Security Scan\2.0.181\sacore.dll
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_filetypes.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_hosting.txt
c:\program files\McAfee Security Scan\2.0.181\sacoredata\uds_tlds.txt
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner.dll
c:\program files\McAfee Security Scan\2.0.181\SecurityScanner_LD.dll
c:\program files\McAfee Security Scan\2.0.181\sqlite3.dll
c:\program files\McAfee Security Scan\2.0.181\SSCustom_LD.dll
c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files\McAfee Security Scan\2.0.181\WebInfoScanner.dll
c:\program files\McAfee Security Scan\2.0.181\WMIScanner.dll
c:\program files\McAfee Security Scan\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\windows\Bmygaa.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_McComponentHostService
-------\Service_McComponentHostService
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.
2010-08-30 22:27 . 2010-08-30 22:30 -------- d-----w- c:\users\Ondraaadika\AppData\Local\temp
2010-08-30 22:27 . 2010-08-30 22:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-30 22:27 . 2010-08-30 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-30 22:16 . 2010-08-30 22:17 -------- d-----w- C:\32788R22FWJFW
2010-08-30 15:03 . 2010-08-30 15:03 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\AVS4YOU
2010-08-30 15:03 . 2010-08-30 15:03 -------- d-----w- c:\programdata\AVS4YOU
2010-08-30 15:01 . 2010-08-30 15:37 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-08-30 15:00 . 2008-08-13 09:22 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-08-30 15:00 . 2008-08-13 09:22 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-08-30 15:00 . 2008-08-13 09:22 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-08-30 15:00 . 2008-08-13 09:22 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-08-30 15:00 . 2010-08-30 15:37 -------- d-----w- c:\program files\AVS4YOU
2010-08-29 21:15 . 2010-08-29 21:15 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\Malwarebytes
2010-08-29 21:13 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 21:13 . 2010-08-29 21:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 21:13 . 2010-08-29 21:13 -------- d-----w- c:\programdata\Malwarebytes
2010-08-29 21:13 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-28 21:09 . 2010-08-30 21:50 -------- d-----w- c:\program files\trend micro
2010-08-28 21:09 . 2010-08-28 21:10 -------- d-----w- C:\rsit
2010-08-28 20:49 . 2010-08-28 20:49 -------- d-----w- c:\windows\Sun
2010-08-13 20:51 . 2010-08-13 20:51 -------- d-----w- c:\program files\Common Files\Java
2010-08-12 21:56 . 2010-08-12 21:56 -------- d-----w- c:\program files\3DJournal - FREE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 22:29 . 2006-11-14 14:39 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-30 20:49 . 2010-05-30 15:34 34574 ----a-w- c:\windows\system32\perfh005.dat
2010-08-30 20:49 . 2010-05-30 15:34 13826 ----a-w- c:\windows\system32\perfc005.dat
2010-08-29 22:40 . 2010-06-05 22:10 1 ----a-w- c:\users\Ondraaadika\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-25 18:57 . 2010-06-03 18:13 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\Skype
2010-08-25 16:21 . 2010-06-03 18:20 -------- d-----w- c:\users\Ondraaadika\AppData\Roaming\skypePM
2010-08-19 20:25 . 2006-11-14 15:11 -------- d-----w- c:\program files\Yahoo!
2010-08-13 20:50 . 2010-05-30 14:20 -------- d-----w- c:\program files\Java
2010-08-12 23:28 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-29 10:30 . 2010-07-29 10:30 2956168 ----a-w- c:\users\Ondraaadika\AppData\Roaming\Mozilla\Firefox\Profiles\s312rq2u.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-17 04:00 . 2010-05-30 14:52 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-07 21:12 . 2010-06-02 22:45 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-07 19:20 . 2010-07-07 19:20 -------- d-----w- c:\program files\CCleaner
2010-06-29 15:47 . 2010-08-12 11:07 834048 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 16:13 . 2010-08-12 11:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-28 08:00 . 2010-07-07 21:12 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-21 13:37 . 2010-08-12 11:07 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-12 11:07 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-12 11:07 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-12 11:07 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-12 11:07 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-11 16:16 . 2010-08-12 11:07 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-12 11:07 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-12 11:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-12 11:07 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-08 16:10 . 2010-07-07 21:12 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-08 16:10 . 2010-07-07 21:12 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-05 22:11 . 2010-05-30 12:29 54560 ----a-w- c:\users\Ondraaadika\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-04 23:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-06-04 21:35 . 2010-06-04 21:35 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-06-03 18:20 . 2010-06-03 18:20 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-06-02 13:32 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-06-02 13:32 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 4018176]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-11-15 614400]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Ondraaadika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-11-14 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):43,fd,d7,7a,0b,03,cb,01
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.uk.acer.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
FF - ProfilePath - c:\users\Ondraaadika\AppData\Roaming\Mozilla\Firefox\Profiles\s312rq2u.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS&o=16188&locale=en_US&apn_uid=4CF09FDF-D2C6-422E-BAC7-8AEAD94D45CE&apn_ptnrs=QP&apn_sauid=F6236C9F-1DC4-4770-B7F5-9134DACE8F67&apn_dtid=&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(3580)
c:\program files\FlashGet\fgmgr.dll
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\osk.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-08-30 23:36:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-30 22:36
ComboFix2.txt 2010-08-29 08:57
Pre-Run: Volných bajtu: 65,246,052,352
Post-Run: Volných bajtu: 65,060,892,672
- - End Of File - - AD574ABCDEF789885C957517835A9059
Upload was successful
Re: Nejakej sajrajt v laptopu..
odinstalujte všechny virtuální jednotky (Daemon nebo alcohol) Stáhněte SPTD http://www.duplexsecure.com/en/downloads-vyberte verzi podle svého operačního systému. SPTD for Windows (32 bit) nebo (64b)
-uložte na plochu a spusťte
- zvolte možnost Uninstall
- restart PC
Stahněte http://www.jpshortstuff.247fixes.com/Defogger.exe - spustte,
- potvrdte disabled
-log vložte zde
Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, kliknete na Save a tím si uložíte log,který sem vložíte
-Podle návodu v odkazu proveďte druhý sken a log sem také vložte.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
-
o.n.y.s.e.k
- Návštěvník
- Příspěvky: 131
- Registrován: 01 lis 2006 12:43
- Bydliště: Praha
Re: Nejakej sajrajt v laptopu..
Tak zde je log z Defoggeru
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:26 on 31/08/2010 (Ondraaadika)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:26 on 31/08/2010 (Ondraaadika)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
-
o.n.y.s.e.k
- Návštěvník
- Příspěvky: 131
- Registrován: 01 lis 2006 12:43
- Bydliště: Praha
Re: Nejakej sajrajt v laptopu..
A zde je z GMERU
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 16:16:47
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\ONDRAA~1\AppData\Local\Temp\awrdyaob.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] ntdll.dll!LdrLoadDll 770E9390 5 Bytes JMP 010913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5716] USER32.dll!TrackPopupMenu 75D114F3 5 Bytes JMP 66AF721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74137817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7418A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7413BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7412F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7412E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74168395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7413DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7412FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7412FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7415C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7412D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74126853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7412687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74132AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4ff6f35
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a4ff6f35 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 16:16:47
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\ONDRAA~1\AppData\Local\Temp\awrdyaob.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] ntdll.dll!LdrLoadDll 770E9390 5 Bytes JMP 010913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5716] USER32.dll!TrackPopupMenu 75D114F3 5 Bytes JMP 66AF721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74137817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7418A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7413BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7412F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7412E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74168395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7413DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7412FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7412FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7415C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7412D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74126853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7412687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1992] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74132AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4ff6f35
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a4ff6f35 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
-
o.n.y.s.e.k
- Návštěvník
- Příspěvky: 131
- Registrován: 01 lis 2006 12:43
- Bydliště: Praha
Re: Nejakej sajrajt v laptopu..
A zde je prvi scan z GMERu
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-31 16:19:42
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\ONDRAA~1\AppData\Local\Temp\awrdyaob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-31 16:19:42
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\ONDRAA~1\AppData\Local\Temp\awrdyaob.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Přispějete na provoz fóra?