VIRY.CZ

Ahoj a díky moc za pomoc!

Logfile of random's system information tool 1.09 (written by random/random)
Run by Zch at 2011-07-26 08:43:11
Microsoft® Windows Vista™ Ultimate
System drive C: has 5 GB (11%) free of 50 GB
Total RAM: 1013 MB (37% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\FileCure Default.job
C:\Windows\tasks\FileCure Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Zch.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\RegPowerClean.job
C:\Windows\tasks\RPCReminder.job
C:\Windows\tasks\User_Feed_Synchronization-{9BA134FA-368F-4E72-8A95-1CB81254F195}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Zch\AppData\Roaming\Mozilla\Firefox\Profiles\ldp9vw6c.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "extensions.enabledItems" - "{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3, m3ffxtbr@mywebsearch.com:1.2, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.mywebsearch.com/mywebsear ... searchfor="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"m3ffxtbr@mywebsearch.com"=C:\Program Files\MyWebSearch\bar\3.bin
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npnul32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Zch\AppData\Roaming\Mozilla\Firefox\Profiles\ldp9vw6c.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Users\Zch\AppData\Roaming\Mozilla\Firefox\Profiles\ldp9vw6c.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
mywebsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL [2011-07-05 54704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL [2011-07-05 800272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-04-12 1018616]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL [2011-07-05 800272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2010-07-18 1006264]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-15 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-15 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-15 133656]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe [2011-07-05 32849]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe [2011-07-05 34336]
"conhost"=C:\Users\Zch\AppData\Roaming\Microsoft\conhost.exe []
"wxpdrv"=C:\Windows\services32.exe [2011-07-18 1170432]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-15-0\svchost.exe [2011-07-18 1170432]
"tray_ico1"=C:\Windows\update.tray-7-0\svchost.exe [2011-07-18 1170432]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"3636413.exe"=C:\Users\Zch\AppData\Local\Temp\3636413.exe [2011-07-18 232960]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-18 232960]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-18 232960]
"8457449.exe"=C:\Windows\Temp\8457449.exe [2011-07-18 232960]
"5124810.exe"=C:\Windows\Temp\5124810.exe [2011-07-18 483328]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-18 110592]
"systemup"=C:\Windows\systemup.exe [2011-07-18 114176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-07-09 1232896]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe [2011-07-05 32849]
"NVIDIA driver monitor"=C:\Users\Public\nvsvc32.exe []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"Badoo Desktop"=C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe [2011-06-07 1017344]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-05-26 15147400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableSecureUIAPaths"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-26 08:43:12 ----D---- C:\Program Files\trend micro
2011-07-26 08:43:11 ----D---- C:\rsit
2011-07-24 22:56:43 ----A---- C:\Windows\system32\vlc-log.txt
2011-07-21 22:48:48 ----ASH---- C:\hiberfil.sys
2011-07-18 17:15:38 ----D---- C:\Windows\ufa
2011-07-18 17:15:38 ----D---- C:\Windows\rpcminer
2011-07-18 17:15:38 ----D---- C:\Windows\phoenix
2011-07-18 17:15:36 ----A---- C:\Windows\unrar.exe
2011-07-18 16:50:48 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-18 16:50:35 ----A---- C:\Windows\ddh_iplist.txt
2011-07-18 16:50:27 ----A---- C:\Windows\systemup.exe
2011-07-18 16:50:27 ----A---- C:\Windows\l1rezerv.exe
2011-07-18 16:50:11 ----HD---- C:\Windows\update.2
2011-07-18 16:31:32 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-18 16:30:58 ----HD---- C:\Windows\update.5.0
2011-07-18 16:30:48 ----A---- C:\Windows\sysdriver32_.exe
2011-07-18 16:30:47 ----A---- C:\Windows\iplist.txt
2011-07-18 16:30:25 ----A---- C:\Windows\sysdriver32.exe
2011-07-18 16:29:56 ----A---- C:\Windows\front_ip_list.txt
2011-07-18 15:32:52 ----AH---- C:\Windows\system32\ezsidmv.dat
2011-07-18 15:31:41 ----D---- C:\Windows\av_ico
2011-07-18 15:31:07 ----A---- C:\Windows\system32\igfxres.dll
2011-07-18 15:29:27 ----HD---- C:\Windows\update.1
2011-07-18 15:29:22 ----HD---- C:\Windows\update.tray-15-0-lnk
2011-07-18 15:29:22 ----HD---- C:\Windows\update.tray-15-0
2011-07-18 15:29:21 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-18 15:29:21 ----HD---- C:\Windows\update.tray-7-0
2011-07-18 15:15:48 ----A---- C:\Windows\winlog-ids.txt
2011-07-18 15:15:48 ----A---- C:\Windows\winlog-dirs.txt
2011-07-18 15:14:52 ----A---- C:\Windows\services32.exe
2011-07-04 23:40:45 ----D---- C:\ProgramData\Skype Extras
2011-07-04 23:34:30 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 month======

2011-07-26 08:43:12 ----RD---- C:\Program Files
2011-07-26 08:43:07 ----D---- C:\Windows\Temp
2011-07-26 08:04:42 ----D---- C:\Users\Zch\AppData\Roaming\skypePM
2011-07-26 07:44:37 ----D---- C:\Users\Zch\AppData\Roaming\Skype
2011-07-25 12:27:08 ----SHD---- C:\System Volume Information
2011-07-25 12:26:57 ----D---- C:\Windows\Prefetch
2011-07-24 22:59:04 ----D---- C:\Users\Zch\AppData\Roaming\vlc
2011-07-24 22:56:43 ----D---- C:\Windows\System32
2011-07-23 17:50:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-07-23 00:17:20 ----D---- C:\Windows\inf
2011-07-23 00:17:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-21 23:17:15 ----D---- C:\Windows\system32\drivers\etc
2011-07-20 20:24:58 ----A---- C:\Windows\ntbtlog.txt
2011-07-19 19:10:59 ----HD---- C:\ProgramData
2011-07-19 19:09:30 ----D---- C:\Windows\Debug
2011-07-19 19:07:58 ----D---- C:\Windows\Logs
2011-07-19 16:30:41 ----D---- C:\Windows\system32\catroot2
2011-07-19 13:35:15 ----SD---- C:\Users\Zch\AppData\Roaming\Microsoft
2011-07-19 13:35:15 ----D---- C:\Windows\system32\drivers
2011-07-18 18:16:17 ----D---- C:\Windows
2011-07-18 16:17:36 ----HD---- C:\Windows\system32\GroupPolicy
2011-07-18 15:55:00 ----D---- C:\ProgramData\DivX
2011-07-18 15:54:58 ----D---- C:\Program Files\DivX
2011-07-18 15:40:08 ----D---- C:\Program Files\Common Files\DivX Shared
2011-07-18 15:29:26 ----SHD---- C:\$Recycle.Bin
2011-07-18 09:40:02 ----D---- C:\Windows\Minidump
2011-07-16 23:18:23 ----D---- C:\Users\Zch\AppData\Roaming\dvdcss
2011-07-16 13:05:53 ----SHD---- C:\Windows\Installer
2011-07-16 12:15:13 ----D---- C:\ProgramData\Skype
2011-07-14 03:03:30 ----SHD---- C:\Config.Msi
2011-07-14 03:03:30 ----D---- C:\ProgramData\Microsoft Help
2011-07-05 00:09:01 ----D---- C:\Windows\system32\Tasks
2011-07-04 23:35:21 ----RD---- C:\Program Files\Skype
2011-07-04 23:34:30 ----D---- C:\Program Files\Common Files
2011-07-01 09:54:42 ----A---- C:\Windows\system32\mrt.exe
2011-07-01 09:33:45 ----D---- C:\Program Files\Mozilla Firefox
2011-07-01 09:32:51 ----D---- C:\Users\Zch\AppData\Roaming\Zoner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2006-11-02 121960]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-07-09 82432]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-17 278528]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2010-07-09 19456]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-07-09 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-07-09 29184]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-07-04 15600]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-04-12 246520]
R2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe [2011-07-05 28762]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-07-18 340480]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-07-18 483328]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-07-18 232960]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-07-18 1170432]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-03 135664]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-03 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Verze databáze: 7035

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

26.7.2011 10:34:52
mbam-log-2011-07-26 (10-34-11).txt

Typ: Úplná kontrola (C:\|D:\|)
Kontrolované objekty: 251658
Uplynulý čas: 42 minut, 42 sekund

Infikované procesy v paměti: 23
Infikované moduly v paměti: 3
Infikované klíče v registru: 137
Infikované hodnoty v registru: 23
Infikované datové položky v registru: 4
Infikované složky: 19
Infikované soubory: 97

Infikované procesy v paměti:
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2856 -> No action taken.
c:\program files\mywebsearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 2180 -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> 2092 -> No action taken.
c:\Windows\update.tray-15-0\svchost.exe (Trojan.Dropper) -> 2636 -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 2292 -> No action taken.
c:\Windows\l1rezerv.exe (Backdoor.Delf) -> 3588 -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> 2632 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 2692 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 2056 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2500 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3816 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 956 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3052 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3804 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3952 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2548 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 1112 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 2036 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 1208 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3576 -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> 3960 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2480 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2512 -> No action taken.

Infikované moduly v paměti:
c:\program files\mywebsearch\bar\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken.

Infikované klíče v registru:
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Backdoor.Delf) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (http://www.helpmeopen.com/?n=app&ext=%s) Good: (http://shell.windows.com/fileassoc/%04x ... asp?Ext=%s) -> No action taken.

Infikované složky:
c:\program files\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\chrome (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

Infikované soubory:
c:\program files\mywebsearch\bar\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
c:\Windows\update.tray-15-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\l1rezerv.exe (Backdoor.Delf) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3REGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
c:\Users\Zch\AppData\Local\Google\Chrome\user data\Default\Cache\f_00013a (Trojan.Dropper) -> No action taken.
c:\Users\Zch\downloads\p1753577.jpg-www.facebook.exe (Worm.Palevo) -> No action taken.
c:\Users\Zch\downloads\p17535732.jpg-www.facebook.exe (Worm.Palevo) -> No action taken.
c:\Users\Zch\downloads\flash-player (1).exe (Trojan.Dropper) -> No action taken.
c:\Users\Zch\downloads\flash-player.exe (Trojan.Dropper) -> No action taken.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
c:\Windows\Temp\3324186.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9096568.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\tmp00000001b0a8c99e76965c45 (Adware.MyWebSearch) -> No action taken.
c:\Windows\Temp\tmp00000001f405536b7ff85933 (Adware.MyWebSearch) -> No action taken.
c:\Windows\Temp\7155629.exe (Backdoor.Delf) -> No action taken.
c:\Windows\Temp\8340120.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-15-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\Windows\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\chrome.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\INSTALL.RDF (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\M3TPINST.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\3.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.

Vše, co MBAM nalezl, smažte. Pak dejte nový log z RSIT.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Zch at 2011-07-26 14:20:47
Microsoft® Windows Vista™ Ultimate
System drive C: has 5 GB (11%) free of 50 GB
Total RAM: 1013 MB (20% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\FileCure Default.job
C:\Windows\tasks\FileCure Startup.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Zch.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\RegPowerClean.job
C:\Windows\tasks\RPCReminder.job
C:\Windows\tasks\User_Feed_Synchronization-{9BA134FA-368F-4E72-8A95-1CB81254F195}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Zch\AppData\Roaming\Mozilla\Firefox\Profiles\ldp9vw6c.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "extensions.enabledItems" - "{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3, m3ffxtbr@mywebsearch.com:1.2, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.mywebsearch.com/mywebsear ... searchfor="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"m3ffxtbr@mywebsearch.com"=C:\Program Files\MyWebSearch\bar\3.bin
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=C:\Program Files\MyWebSearch\bar\3.bin\NPMyWebS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npnul32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Zch\AppData\Roaming\Mozilla\Firefox\Profiles\ldp9vw6c.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Users\Zch\AppData\Roaming\Mozilla\Firefox\Profiles\ldp9vw6c.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
mywebsearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-04-12 1018616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2010-07-18 1006264]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-15 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-15 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-15 133656]
"tray_ico"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"3636413.exe"=C:\Users\Zch\AppData\Local\Temp\3636413.exe [2011-07-18 232960]
"8457449.exe"=C:\Windows\Temp\8457449.exe [2011-07-18 232960]
"5124810.exe"=C:\Windows\Temp\5124810.exe [2011-07-18 483328]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-07-09 1232896]
"NVIDIA driver monitor"=C:\Users\Public\nvsvc32.exe []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"Badoo Desktop"=C:\ProgramData\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe [2011-06-07 1017344]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-05-26 15147400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-01-02 200704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableSecureUIAPaths"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-07-26 09:49:01 ----D---- C:\Users\Zch\AppData\Roaming\Malwarebytes
2011-07-26 09:48:04 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-07-26 09:48:03 ----D---- C:\ProgramData\Malwarebytes
2011-07-26 09:48:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-26 09:48:00 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-26 08:43:12 ----D---- C:\Program Files\trend micro
2011-07-26 08:43:11 ----D---- C:\rsit
2011-07-24 22:56:43 ----A---- C:\Windows\system32\vlc-log.txt
2011-07-21 22:48:48 ----ASH---- C:\hiberfil.sys
2011-07-18 17:15:38 ----D---- C:\Windows\ufa
2011-07-18 17:15:38 ----D---- C:\Windows\rpcminer
2011-07-18 17:15:38 ----D---- C:\Windows\phoenix
2011-07-18 17:15:36 ----A---- C:\Windows\unrar.exe
2011-07-18 16:50:48 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-18 16:50:35 ----A---- C:\Windows\ddh_iplist.txt
2011-07-18 16:50:11 ----HD---- C:\Windows\update.2
2011-07-18 16:31:32 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-18 16:30:58 ----HD---- C:\Windows\update.5.0
2011-07-18 16:30:47 ----A---- C:\Windows\iplist.txt
2011-07-18 16:29:56 ----A---- C:\Windows\front_ip_list.txt
2011-07-18 15:32:52 ----AH---- C:\Windows\system32\ezsidmv.dat
2011-07-18 15:31:41 ----D---- C:\Windows\av_ico
2011-07-18 15:31:07 ----A---- C:\Windows\system32\igfxres.dll
2011-07-18 15:29:27 ----HD---- C:\Windows\update.1
2011-07-18 15:29:22 ----HD---- C:\Windows\update.tray-15-0-lnk
2011-07-18 15:29:22 ----HD---- C:\Windows\update.tray-15-0
2011-07-18 15:29:21 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-18 15:29:21 ----HD---- C:\Windows\update.tray-7-0
2011-07-18 15:15:48 ----A---- C:\Windows\winlog-ids.txt
2011-07-18 15:15:48 ----A---- C:\Windows\winlog-dirs.txt
2011-07-04 23:40:45 ----D---- C:\ProgramData\Skype Extras
2011-07-04 23:34:30 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 month======

2011-07-26 14:20:48 ----D---- C:\Windows\Temp
2011-07-26 14:20:38 ----D---- C:\Windows\system
2011-07-26 14:20:38 ----D---- C:\Windows\Prefetch
2011-07-26 14:19:53 ----D---- C:\Users\Zch\AppData\Roaming\Skype
2011-07-26 14:17:33 ----RD---- C:\Program Files
2011-07-26 14:17:33 ----D---- C:\Windows\system32\drivers
2011-07-26 14:15:44 ----D---- C:\Windows\schemas
2011-07-26 14:15:26 ----D---- C:\Windows
2011-07-26 09:48:03 ----HD---- C:\ProgramData
2011-07-26 08:45:49 ----D---- C:\Windows\System32
2011-07-26 08:45:49 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-26 08:45:48 ----D---- C:\Windows\inf
2011-07-26 08:04:42 ----D---- C:\Users\Zch\AppData\Roaming\skypePM
2011-07-25 12:27:08 ----SHD---- C:\System Volume Information
2011-07-24 22:59:04 ----D---- C:\Users\Zch\AppData\Roaming\vlc
2011-07-23 17:50:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-07-21 23:17:15 ----D---- C:\Windows\system32\drivers\etc
2011-07-20 20:24:58 ----A---- C:\Windows\ntbtlog.txt
2011-07-19 19:09:30 ----D---- C:\Windows\Debug
2011-07-19 19:07:58 ----D---- C:\Windows\Logs
2011-07-19 16:30:41 ----D---- C:\Windows\system32\catroot2
2011-07-19 13:35:15 ----SD---- C:\Users\Zch\AppData\Roaming\Microsoft
2011-07-18 16:17:36 ----HD---- C:\Windows\system32\GroupPolicy
2011-07-18 15:55:00 ----D---- C:\ProgramData\DivX
2011-07-18 15:54:58 ----D---- C:\Program Files\DivX
2011-07-18 15:40:08 ----D---- C:\Program Files\Common Files\DivX Shared
2011-07-18 15:29:26 ----SHD---- C:\$Recycle.Bin
2011-07-18 09:40:02 ----D---- C:\Windows\Minidump
2011-07-16 23:18:23 ----D---- C:\Users\Zch\AppData\Roaming\dvdcss
2011-07-16 13:05:53 ----SHD---- C:\Windows\Installer
2011-07-16 12:15:13 ----D---- C:\ProgramData\Skype
2011-07-14 03:03:30 ----SHD---- C:\Config.Msi
2011-07-14 03:03:30 ----D---- C:\ProgramData\Microsoft Help
2011-07-05 00:09:01 ----D---- C:\Windows\system32\Tasks
2011-07-04 23:35:21 ----RD---- C:\Program Files\Skype
2011-07-04 23:34:30 ----D---- C:\Program Files\Common Files
2011-07-01 09:54:42 ----A---- C:\Windows\system32\mrt.exe
2011-07-01 09:33:45 ----D---- C:\Program Files\Mozilla Firefox
2011-07-01 09:32:51 ----D---- C:\Users\Zch\AppData\Roaming\Zoner

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 fvevol;BitLocker Drive Encryption Filter Driver; C:\Windows\System32\DRIVERS\fvevol.sys [2006-11-02 121960]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 2016256]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-07-06 22712]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-07-09 82432]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-17 278528]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2010-07-09 19456]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2010-07-09 220160]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2010-07-09 29184]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-07-04 15600]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-04-12 246520]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-03 135664]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-03 135664]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

Ještě jsou tam zbytky. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

ComboFix 11-07-26.02 - Zch 26.07.2011 15:23:57.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1250.420.1029.18.1013.303 [GMT 2:00]
Spuštěný z: c:\users\Zch\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\system32\f3PSSavr.scr
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-26 do 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 14:27 . 2011-07-26 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 07:49 . 2011-07-26 07:49 -------- d-----w- c:\users\Zch\AppData\Roaming\Malwarebytes
2011-07-26 07:48 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 07:48 . 2011-07-26 07:48 -------- d-----w- c:\programdata\Malwarebytes
2011-07-26 07:48 . 2011-07-26 07:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-26 07:48 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 06:43 . 2011-07-26 06:43 -------- d-----w- c:\program files\trend micro
2011-07-26 06:43 . 2011-07-26 06:43 -------- d-----w- C:\rsit
2011-07-24 20:00 . 2006-11-02 12:32 2565432 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECD4E8CF-1478-41C5-A98B-2CD258F7FA9B}\mpengine.dll
2011-07-18 15:15 . 2011-07-18 16:07 -------- d-----w- c:\windows\ufa
2011-07-18 15:15 . 2011-07-18 16:07 -------- d-----w- c:\windows\rpcminer
2011-07-18 15:15 . 2011-07-18 16:07 -------- d-----w- c:\windows\phoenix
2011-07-18 15:15 . 2011-07-18 16:16 246272 ----a-w- c:\windows\unrar.exe
2011-07-18 13:31 . 2011-07-18 13:31 -------- d-----w- c:\windows\av_ico
2011-07-18 13:31 . 2008-01-02 14:37 176128 ----a-w- c:\windows\system32\igfxres.dll
2011-07-18 13:29 . 2011-07-26 12:15 -------- d--h--w- c:\windows\update.tray-15-0
2011-07-18 13:29 . 2011-07-26 12:15 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-07-18 13:29 . 2011-07-26 12:15 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-18 13:29 . 2011-07-26 12:15 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-04 21:40 . 2011-07-04 22:19 -------- d-----w- c:\programdata\Skype Extras
2011-07-04 21:34 . 2011-07-04 21:34 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 20:46 . 2011-06-18 20:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 17:14 . 2010-07-07 16:31 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-07-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Badoo Desktop"="c:\programdata\Badoo\Badoo Desktop\1.5.3.949\Badoo.Desktop.exe" [2011-06-07 1017344]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 135664]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 135664]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-04-12 246520]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2011-06-18 c:\windows\Tasks\FileCure Default.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2010-03-28 19:47]
.
2011-07-26 c:\windows\Tasks\FileCure Startup.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2010-03-28 19:47]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 09:00]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 09:00]
.
2011-07-25 c:\windows\Tasks\Norton Security Scan for Zch.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-09-18 02:14]
.
2011-07-25 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]
.
2011-07-14 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]
.
2011-07-26 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe [2010-07-07 12:10]
.
2011-07-26 c:\windows\Tasks\RegPowerClean.job
- c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe [2010-07-07 12:48]
.
2011-07-26 c:\windows\Tasks\RPCReminder.job
- c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe [2010-07-07 12:34]
.
2011-07-25 c:\windows\Tasks\User_Feed_Synchronization-{9BA134FA-368F-4E72-8A95-1CB81254F195}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp:/www.seznam.cz
uInternet Settings,ProxyServer = http=127.0.0.1:58687
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.2.100.1 192.168.100.1
FF - ProfilePath - c:\users\Zch\AppData\Roaming\Mozilla\Firefox\Profiles\ldp9vw6c.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=rVM6uZ1P0.rHoziZfSwI0Q&ind=2010080315&ptnrS=GRfox000&si=&n=77cf643b&psa=&st=kwd&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-avast5 - c:\program files\Alwil Software\Avast5\aswRunDll.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 16:28
Windows 6.0.6000 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2011-07-26 16:32:56
ComboFix-quarantined-files.txt 2011-07-26 14:32
.
Před spuštěním: 6 936 129 536
Po spuštění: Volných bajtů: 11 914 313 728
.
- - End Of File - - B932F0B5B4EEF2FD2C96BF479B9ED762

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\unrar.exe

Folder::
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\av_ico
c:\windows\system32\igfxres.dll
c:\windows\update.tray-15-0
c:\windows\update.tray-15-0-lnk
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Provedl jsem, znovu proběhl ComboFix. Mám sem dát zase nějaký log?

roula píše:Provedl jsem, znovu proběhl ComboFix. Mám sem dát zase nějaký log?

Ano, log z posledního skenu CF.

ComboFix 11-07-26.02 - Zch 27.07.2011 11:49:06.3.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1250.420.1029.18.1013.300 [GMT 2:00]
Spuštěný z: f:\fb_vir\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zch\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 09:58 . 2011-07-27 09:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-27 06:26 . 2011-07-27 06:26 -------- d-----w- c:\programdata\Alwil Software
2011-07-27 06:26 . 2011-07-27 06:26 -------- d-----w- c:\program files\AVAST Software
2011-07-26 13:21 . 2011-07-27 09:46 -------- d-----w- C:\32788R22FWJFW
2011-07-26 07:49 . 2011-07-26 07:49 -------- d-----w- c:\users\Zch\AppData\Roaming\Malwarebytes
2011-07-26 07:48 . 2011-07-26 07:48 -------- d-----w- c:\programdata\Malwarebytes
2011-07-26 06:43 . 2011-07-26 06:43 -------- d-----w- c:\program files\trend micro
2011-07-26 06:43 . 2011-07-26 06:43 -------- d-----w- C:\rsit
2011-07-18 13:31 . 2008-01-02 14:37 176128 ----a-w- c:\windows\system32\igfxres.dll
2011-07-04 21:40 . 2011-07-04 22:19 -------- d-----w- c:\programdata\Skype Extras
2011-07-04 21:34 . 2011-07-04 21:34 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 20:46 . 2011-06-18 20:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-24 17:14 . 2010-07-07 16:31 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-07-09 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-26 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 135664]
R3 CFcatchme;CFcatchme;c:\users\Zch\AppData\Local\Temp\CFcatchme.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 135664]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-04-12 246520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 09:00]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-03 09:00]
.
2011-07-27 c:\windows\Tasks\User_Feed_Synchronization-{9BA134FA-368F-4E72-8A95-1CB81254F195}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp:/www.seznam.cz
uInternet Settings,ProxyServer = http=127.0.0.1:58687
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.2.100.1 192.168.100.1
FF - ProfilePath - c:\users\Zch\AppData\Roaming\Mozilla\Firefox\Profiles\ldp9vw6c.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=rVM6uZ1P0.rHoziZfSwI0Q&ind=2010080315&ptnrS=GRfox000&si=&n=77cf643b&psa=&st=kwd&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-27 12:00
Windows 6.0.6000 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2011-07-27 12:07:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 10:07
ComboFix2.txt 2011-07-27 05:30
ComboFix3.txt 2011-07-26 14:32
.
Před spuštěním: Volných bajtů: 12 931 604 480
Po spuštění: Volných bajtů: 12 789 030 912
.
- - End Of File - - 5B6E6116437DD574CB0E27802D7EC1BE

Log již vypadá čistý. Nastala nějaká změna?

doinstaloval jsem znovu antivir, odpoledne připojím PC na Internet, tak uvidíme. Díky moc Rudy za pomoc. Kdybych věděl kam, poslal bych nějkou tu plzíňku na revanš.

Nemáte zač!

......nějkou tu plzíňku na revanš.

Třeba se někdy sejdeme a půjdeme na jednu, či na dvě.