Skočiť na obsah


Fotografia
- - - - -

Log Erika


  • Prosím prihláste sa ak chcete odpovedať
Téma má 10 príspevkov

#1 giia

giia

    Newbie

  • Members
  • 4 príspevkov
  • 1 tém

Príspevok bol napísaný: 25. August 2008 - 22:59:59

[code]Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:39:33, on 25.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\lphcn8fj0ecce.exe
C:\Program Files\rhcj8fj0ecce\rhcj8fj0ecce.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\pphcn8fj0ecce.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\a\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.booom.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: 222.124.95.134 msk1.drweb.com
O1 - Hosts: 42.5.144.121 www.msk1.drweb.com
O1 - Hosts: 76.30.74.30 msk2.drweb.com
O1 - Hosts: 132.140.229.178 www.msk2.drweb.com
O1 - Hosts: 130.239.199.194 msk3.drweb.com
O1 - Hosts: 215.71.52.146 www.msk3.drweb.com
O1 - Hosts: 170.182.104.192 msk4.drweb.com
O1 - Hosts: 172.136.227.37 www.msk4.drweb.com
O1 - Hosts: 78.112.5.252 boss.drweb.comdrweb.com
O1 - Hosts: 49.20.218.70 www.boss.drweb.comdrweb.com
O1 - Hosts: 45.176.222.157 viruslist.com
O1 - Hosts: 52.111.215.205 www.viruslist.com
O1 - Hosts: 71.144.126.196 norman.com
O1 - Hosts: 216.149.228.78 www.norman.com
O1 - Hosts: 202.38.254.251 sandbox.norman.com
O1 - Hosts: 196.230.219.118 www.sandbox.norman.com
O1 - Hosts: 16.168.174.19 esaugumas.lt
O1 - Hosts: 251.64.25.194 www.esaugumas.lt
O1 - Hosts: 214.245.200.36 antivirus.esaugumas.lt
O1 - Hosts: 192.150.187.233 www.antivirus.esaugumas.lt
O1 - Hosts: 246.64.47.2 esecurity.lt
O1 - Hosts: 73.220.111.6 www.esecurity.lt
O1 - Hosts: 208.233.237.212 virustotal.com
O1 - Hosts: 218.124.145.122 www.virustotal.com
O1 - Hosts: 78.231.153.54 virusscan.jotti.org
O1 - Hosts: 225.102.230.25 www.virusscan.jotti.org
O1 - Hosts: 26.90.239.113 bkav.com.vn
O1 - Hosts: 109.33.46.197 www.bkav.com.vn
O1 - Hosts: 69.56.86.48 bitdefender.com
O1 - Hosts: 224.228.160.242 www.bitdefender.com
O1 - Hosts: 119.8.240.135 aonealarm.com
O1 - Hosts: 158.163.54.249 www.aonealarm.com
O1 - Hosts: 111.135.199.219 barracudanetworks.com
O1 - Hosts: 128.93.176.48 www.barracudanetworks.com
O1 - Hosts: 18.233.73.136 free-av.com
O1 - Hosts: 139.143.13.108 www.free-av.com
O1 - Hosts: 39.22.168.252 avast.com
O1 - Hosts: 234.173.82.215 www.avast.com
O1 - Hosts: 217.43.92.59 pandasecurity.com
O1 - Hosts: 105.155.8.110 www.pandasecurity.com
O1 - Hosts: 56.248.158.92 nod32-es.com
O1 - Hosts: 251.53.188.129 www.nod32-es.com
O1 - Hosts: 183.128.238.9 nod32.com
O1 - Hosts: 53.200.126.54 www.nod32.com
O1 - Hosts: 176.125.142.3 eset.com
O1 - Hosts: 208.151.99.7 www.eset.com
O1 - Hosts: 220.217.4.155 nod32.it
O1 - Hosts: 43.87.4.63 www.nod32.it
O1 - Hosts: 219.54.156.58 nod32.de
O1 - Hosts: 198.179.253.129 www.nod32.de
O1 - Hosts: 178.102.227.218 nod32.nl
O1 - Hosts: 200.200.110.65 www.nod32.nl
O1 - Hosts: 72.244.46.139 nod32.datsec.de
O1 - Hosts: 122.170.124.73 www.nod32.datsec.de
O1 - Hosts: 232.153.17.239 u0.eset.com
O1 - Hosts: 202.222.209.54 u1.eset.com
O1 - Hosts: 194.200.232.190 u2.eset.com
O1 - Hosts: 201.222.24.248 u3.eset.com
O1 - Hosts: 105.35.81.67 u4.eset.com
O1 - Hosts: 46.152.131.85 u5.eset.com
O1 - Hosts: 87.3.176.221 u6.eset.com
O1 - Hosts: 208.239.69.102 u7.eset.com
O1 - Hosts: 101.244.170.127 u8.eset.com
O1 - Hosts: 48.56.24.25 u9.eset.com
O1 - Hosts: 83.54.171.48 u10.eset.com
O1 - Hosts: 237.190.184.174 u11.eset.com
O1 - Hosts: 70.61.96.140 u12.eset.com
O1 - Hosts: 77.63.101.58 u13.eset.com
O1 - Hosts: 69.50.61.65 u14.eset.com
O1 - Hosts: 187.109.101.39 u15.eset.com
O1 - Hosts: 187.113.248.146 u16.eset.com
O1 - Hosts: 67.110.128.177 u17.eset.com
O1 - Hosts: 248.9.12.216 u18.eset.com
O1 - Hosts: 24.92.131.106 u19.eset.com
O1 - Hosts: 176.62.55.252 u20.eset.com
O1 - Hosts: 15.197.189.183 u21.eset.com
O1 - Hosts: 122.10.253.254 u22.eset.com
O1 - Hosts: 33.44.133.81 u23.eset.com
O1 - Hosts: 82.152.35.114 u24.eset.com
O1 - Hosts: 237.135.178.198 u25.eset.com
O1 - Hosts: 24.200.52.253 u26.eset.com
O1 - Hosts: 51.191.33.246 u27.eset.com
O1 - Hosts: 15.174.255.220 u28.eset.com
O1 - Hosts: 90.51.51.150 u29.eset.com
O1 - Hosts: 94.18.23.94 u30.eset.com
O1 - Hosts: 236.53.76.175 u31.eset.com
O1 - Hosts: 146.241.82.101 u32.eset.com
O1 - Hosts: 20.139.85.32 u33.eset.com
O1 - Hosts: 26.251.74.233 u34.eset.com
O1 - Hosts: 39.239.59.24 u35.eset.com
O1 - Hosts: 202.19.223.116 u36.eset.com
O1 - Hosts: 24.144.110.157 u37.eset.com
O1 - Hosts: 89.210.179.167 u38.eset.com
O1 - Hosts: 2.143.99.8 u39.eset.com
O1 - Hosts: 228.5.173.180 u40.eset.com
O1 - Hosts: 162.131.18.134 u41.eset.com
O1 - Hosts: 104.42.119.226 u42.eset.com
O1 - Hosts: 218.245.121.153 u43.eset.com
O1 - Hosts: 75.247.0.12 u44.eset.com
O1 - Hosts: 48.228.23.149 u45.eset.com
O1 - Hosts: 212.211.251.34 u46.eset.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and rekord Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lphcn8fj0ecce] C:\WINDOWS\system32\lphcn8fj0ecce.exe
O4 - HKLM\..\Run: [SMrhcj8fj0ecce] C:\Program Files\rhcj8fj0ecce\rhcj8fj0ecce.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265YYIE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} (JOJ_Explorer_Player Control) - http://www.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 18286 bytes
[code][/code][/code]
  • 0

#2 Klingonka

Klingonka

    Captain

  • Active Members
  • PipPipPipPipPip
  • 519 príspevkov
  • 4 tém

Príspevok bol napísaný: 26. August 2008 - 14:22:12

Máš tam kopu spywaru (MyWebSearch, FunWebProducts).
  • 0

#3 giia

giia

    Newbie

  • Members
  • 4 príspevkov
  • 1 tém

Príspevok bol napísaný: 26. August 2008 - 19:35:48

kopu spywaru tam mam znamena ze to mam vymazat nejako alebo co mam robit?
  • 0

#4 valcik

valcik

    Commodore

  • Banned
  • PipPipPipPipPipPip
  • 2132 príspevkov
  • 10 tém

Príspevok bol napísaný: 26. August 2008 - 20:12:31

keď si pozrieš ostatné témy s logmi, nájdeš tam kopu odkazov na programy ktoré hľadajú a odstraňujú spyware. skús si niektorý nainštalovať, aktualizovať a spustiť. potrvá to trocha dlhšie, tak si na to rezervuj aspoň dve hodinky, ale stojí to za to.

podľa mňa sa oplatí začať programom Spybot - Search & Destroy,

[url="http://www.safer-networking.org/cz/index.html"]tu[/url] si ho môžeš stiahnuť z domovskej stránky,
[url="http://www.slunecnice.cz/sw/spybot/"]tu[/url] je download z českej stránky slunecnice.cz

spybot je freeware, netreba zaň platiť a je to plná verzia. dokáže vyhľadať a odstrániť viac vecí, nielen spyware.
  • 0

#5 giia

giia

    Newbie

  • Members
  • 4 príspevkov
  • 1 tém

Príspevok bol napísaný: 26. August 2008 - 23:54:22

co to znamena ,,is not valid for win 32" co ma byt ten win 32? lebo akykolvek spybot, spyterminator a skratka veskere spy veci mi skoncia pri tomto ozname a nemozem ich nainstalovat do pc...
  • 0

#6 valcik

valcik

    Commodore

  • Banned
  • PipPipPipPipPipPip
  • 2132 príspevkov
  • 10 tém

Príspevok bol napísaný: 27. August 2008 - 07:38:23

[quote name='giia' post='81515' date='27. 8. 2008 00:54:22']co to znamena ,,is not valid for win 32" co ma byt ten win 32?[/quote]
táto hláška znamená, že aplikácia ktorú sa snažíš nainštalovať nie je programovaná pre 32bitovú verziu Windows, ktorú používaš.

to však neznamená, že to tak skutočne je. možno bol len inštalačný súbor poškodený pri sťahovaní, možno sú v tvojom systéme momentálne niektoré dôležité súbory poškodené a preto sa tam ten oznam objavuje.

môžeš skúsiť ten program rozbehnúť na inom PC, ak sa to podarí, chyba bude v tvojom operačnom systéme. ak áno, ostáva ti len pohľadať nejaký portable program ktorý sa dá spustiť bez inštalácie. (napr. z USB kľúča)

..ak by sa toto prihodilo mne, zrejme celý Windows preinštalujem, ktovie čo všetko tam je poškodené a či sa s tým oplatí zápasiť. ešte počkaj, možno poradia aj ďalší ľudia.
  • 0

#7 giia

giia

    Newbie

  • Members
  • 4 príspevkov
  • 1 tém

Príspevok bol napísaný: 27. August 2008 - 10:26:16

A co vsetko sa mysli pod tym ,,preinstalovat windows" lebo uz viaceri mi to radili, ale ja som v zahranici a neviem ci tu mam aj instalacne cd so sebou. To preinstalovanie zvladam aj sama alebo na to treba niekoho.
  • 0

#8 valcik

valcik

    Commodore

  • Banned
  • PipPipPipPipPipPip
  • 2132 príspevkov
  • 10 tém

Príspevok bol napísaný: 27. August 2008 - 10:37:35

pri preinštalovaní OS je dobré úplne zmazať disk (alebo partíciu) na ktorom je teraz Windows a najlepšie je odznova ho naformátovať, to znamená že zo svojho systémového disku kompletne odstrániš všetky údaje, ktoré na ňom sú. (spolu s vírusmi : )

potom sa odznova nahrá systém z inštalačného CD, okrem toho však potom treba doplniť do nového systému niektoré ovládače a programy. nie je to také zložité ako to vyzerá, myslím že človek ktorý trocha vie čo robí to zvládne sám. ak ale nemáš chuť na experimenty, lepšie bude ak ti s tým prvýkrát pomôže niekto z okolia, kto s tým má viac skúseností.
  • 0

#9 Darkman

Darkman

    Winzárten

  • FS Members
  • PipPipPipPipPipPipPip
  • 4583 príspevkov
  • 9 tém

Príspevok bol napísaný: 27. August 2008 - 11:16:21

Vzhladom na to ze podla vsetkeho toho moc o PC nevies, tak ti vazne odporucam, zozen si niekoho kto vie. Nie je to sice moc zlozite, ale instalacia by ta asi zahltila terminmi ktorym nerozumies (particia, suborovy system, formatovanie.....) a teda by si tapala a isla naslepo, co by nemuselo robit dobrotu :)

S tym pocitacom nic ine poriadne nespravis, tam ten spyware narobil taku sarapatu v konfiguracii ze s tym uz nikto nic nespravi... len reinstall.

[quote]co to znamena ,,is not valid for win 32" co ma byt ten win 32? lebo akykolvek spybot, spyterminator a skratka veskere spy veci mi skoncia pri tomto ozname a nemozem ich nainstalovat do pc...[/quote]
Win32 je Windows.
Teraz ide v principe o to, ze spyware nastavil tvoj windows tak, ze sam spyware kontroluje ktore aplikacie povoli spustit a ktore nie. A odstranenie tohoto je naozaj na dlhe lakte :lol:
Len reinstall :)
  • 0

#10 Klingonka

Klingonka

    Captain

  • Active Members
  • PipPipPipPipPip
  • 519 príspevkov
  • 4 tém

Príspevok bol napísaný: 27. August 2008 - 14:50:20

keď som dala ten log analyzovať, tak vyskočilo aspoň 10 riadkov že je chybných , strašne to má chytené a ešte tam je ASIi aj falošný Svchost.

[i]Mne pomohol aj anti-spyware, aj ručné mazanie, aj CC Cleaner, aj nejaký Malicous software remover ten tiež niečo zmazal keď som mala víry. A Nod sa mi samozrejme ozval až keď som nejaký súbor chcela vymazať ručne.[/i]
[code]C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe[/code]
[code]C:\WINDOWS\system32\drivers\svchost.exe[/code]
[code]R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL[/code]
[code]O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL[/code]
[code]O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL[/code]
[code]O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL[/code]
O[code]4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF[/code]
[code]O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe[/code]
[code]O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe[/code]

[b]Musí být opraven! Added by the ZAPCHAS-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup![/b]
[code]O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265YYIE[/code]
[code]O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitia lSetup1.0.1.0.cab[/code]
[code]O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe[/code]

Tu ozaj pomôže iba reinstall. Alebo môžeš sa pustiť do mazania a fixovania, v podstate je to jedno, lebo iná možnosť neni 2 antivíry mať nemôžeš, keď už máš avast, možno by ešte pomohol nejaký online scan...
  • 0

#11 Diallix

Diallix

    Newbie

  • Members
  • 20 príspevkov
  • 0 tém

Príspevok bol napísaný: 5. January 2009 - 13:24:19

Aplikujte Combofix:

Stiahnite si na plochu [url="http://download.bleepingcomputer.com/sUBs/ComboFix.exe"][b]ComboFix[/b][/url]

Nasledne ho spustite (ucet Administratora).
Po spusteni naskocia licencne podmienky s ktorymi suhlaste a pokracujte ANO/YES/OK.
Zacne sken pocas ktoreho neklikajte pomimo okna. Cely sken trva cca. 10 minut.
Po skene ComboFix vygeneruje log, ktory ulozi do cielovej jednotky, napr. c:\ s nazvom [b]ComboFix.log[/b]. Obsah celeho logu skopirujte sem.
  • 0