giia Posted August 25, 2008 Share Posted August 25, 2008 Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:39:33, on 25.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\lphcn8fj0ecce.exe C:\Program Files\rhcj8fj0ecce\rhcj8fj0ecce.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\ICQ6\ICQ.exe C:\WINDOWS\system32\drivers\svchost.exe C:\WINDOWS\system32\pphcn8fj0ecce.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\a\Desktop\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.booom.sk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O1 - Hosts: 222.124.95.134 msk1.drweb.com O1 - Hosts: 42.5.144.121 www.msk1.drweb.com O1 - Hosts: 76.30.74.30 msk2.drweb.com O1 - Hosts: 132.140.229.178 www.msk2.drweb.com O1 - Hosts: 130.239.199.194 msk3.drweb.com O1 - Hosts: 215.71.52.146 www.msk3.drweb.com O1 - Hosts: 170.182.104.192 msk4.drweb.com O1 - Hosts: 172.136.227.37 www.msk4.drweb.com O1 - Hosts: 78.112.5.252 boss.drweb.comdrweb.com O1 - Hosts: 49.20.218.70 www.boss.drweb.comdrweb.com O1 - Hosts: 45.176.222.157 viruslist.com O1 - Hosts: 52.111.215.205 www.viruslist.com O1 - Hosts: 71.144.126.196 norman.com O1 - Hosts: 216.149.228.78 www.norman.com O1 - Hosts: 202.38.254.251 sandbox.norman.com O1 - Hosts: 196.230.219.118 www.sandbox.norman.com O1 - Hosts: 16.168.174.19 esaugumas.lt O1 - Hosts: 251.64.25.194 www.esaugumas.lt O1 - Hosts: 214.245.200.36 antivirus.esaugumas.lt O1 - Hosts: 192.150.187.233 www.antivirus.esaugumas.lt O1 - Hosts: 246.64.47.2 esecurity.lt O1 - Hosts: 73.220.111.6 www.esecurity.lt O1 - Hosts: 208.233.237.212 virustotal.com O1 - Hosts: 218.124.145.122 www.virustotal.com O1 - Hosts: 78.231.153.54 virusscan.jotti.org O1 - Hosts: 225.102.230.25 www.virusscan.jotti.org O1 - Hosts: 26.90.239.113 bkav.com.vn O1 - Hosts: 109.33.46.197 www.bkav.com.vn O1 - Hosts: 69.56.86.48 bitdefender.com O1 - Hosts: 224.228.160.242 www.bitdefender.com O1 - Hosts: 119.8.240.135 aonealarm.com O1 - Hosts: 158.163.54.249 www.aonealarm.com O1 - Hosts: 111.135.199.219 barracudanetworks.com O1 - Hosts: 128.93.176.48 www.barracudanetworks.com O1 - Hosts: 18.233.73.136 free-av.com O1 - Hosts: 139.143.13.108 www.free-av.com O1 - Hosts: 39.22.168.252 avast.com O1 - Hosts: 234.173.82.215 www.avast.com O1 - Hosts: 217.43.92.59 pandasecurity.com O1 - Hosts: 105.155.8.110 www.pandasecurity.com O1 - Hosts: 56.248.158.92 nod32-es.com O1 - Hosts: 251.53.188.129 www.nod32-es.com O1 - Hosts: 183.128.238.9 nod32.com O1 - Hosts: 53.200.126.54 www.nod32.com O1 - Hosts: 176.125.142.3 eset.com O1 - Hosts: 208.151.99.7 www.eset.com O1 - Hosts: 220.217.4.155 nod32.it O1 - Hosts: 43.87.4.63 www.nod32.it O1 - Hosts: 219.54.156.58 nod32.de O1 - Hosts: 198.179.253.129 www.nod32.de O1 - Hosts: 178.102.227.218 nod32.nl O1 - Hosts: 200.200.110.65 www.nod32.nl O1 - Hosts: 72.244.46.139 nod32.datsec.de O1 - Hosts: 122.170.124.73 www.nod32.datsec.de O1 - Hosts: 232.153.17.239 u0.eset.com O1 - Hosts: 202.222.209.54 u1.eset.com O1 - Hosts: 194.200.232.190 u2.eset.com O1 - Hosts: 201.222.24.248 u3.eset.com O1 - Hosts: 105.35.81.67 u4.eset.com O1 - Hosts: 46.152.131.85 u5.eset.com O1 - Hosts: 87.3.176.221 u6.eset.com O1 - Hosts: 208.239.69.102 u7.eset.com O1 - Hosts: 101.244.170.127 u8.eset.com O1 - Hosts: 48.56.24.25 u9.eset.com O1 - Hosts: 83.54.171.48 u10.eset.com O1 - Hosts: 237.190.184.174 u11.eset.com O1 - Hosts: 70.61.96.140 u12.eset.com O1 - Hosts: 77.63.101.58 u13.eset.com O1 - Hosts: 69.50.61.65 u14.eset.com O1 - Hosts: 187.109.101.39 u15.eset.com O1 - Hosts: 187.113.248.146 u16.eset.com O1 - Hosts: 67.110.128.177 u17.eset.com O1 - Hosts: 248.9.12.216 u18.eset.com O1 - Hosts: 24.92.131.106 u19.eset.com O1 - Hosts: 176.62.55.252 u20.eset.com O1 - Hosts: 15.197.189.183 u21.eset.com O1 - Hosts: 122.10.253.254 u22.eset.com O1 - Hosts: 33.44.133.81 u23.eset.com O1 - Hosts: 82.152.35.114 u24.eset.com O1 - Hosts: 237.135.178.198 u25.eset.com O1 - Hosts: 24.200.52.253 u26.eset.com O1 - Hosts: 51.191.33.246 u27.eset.com O1 - Hosts: 15.174.255.220 u28.eset.com O1 - Hosts: 90.51.51.150 u29.eset.com O1 - Hosts: 94.18.23.94 u30.eset.com O1 - Hosts: 236.53.76.175 u31.eset.com O1 - Hosts: 146.241.82.101 u32.eset.com O1 - Hosts: 20.139.85.32 u33.eset.com O1 - Hosts: 26.251.74.233 u34.eset.com O1 - Hosts: 39.239.59.24 u35.eset.com O1 - Hosts: 202.19.223.116 u36.eset.com O1 - Hosts: 24.144.110.157 u37.eset.com O1 - Hosts: 89.210.179.167 u38.eset.com O1 - Hosts: 2.143.99.8 u39.eset.com O1 - Hosts: 228.5.173.180 u40.eset.com O1 - Hosts: 162.131.18.134 u41.eset.com O1 - Hosts: 104.42.119.226 u42.eset.com O1 - Hosts: 218.245.121.153 u43.eset.com O1 - Hosts: 75.247.0.12 u44.eset.com O1 - Hosts: 48.228.23.149 u45.eset.com O1 - Hosts: 212.211.251.34 u46.eset.com O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and rekord Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [lphcn8fj0ecce] C:\WINDOWS\system32\lphcn8fj0ecce.exe O4 - HKLM\..\Run: [SMrhcj8fj0ecce] C:\Program Files\rhcj8fj0ecce\rhcj8fj0ecce.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265YYIE O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} (JOJ_Explorer_Player Control) - http://www.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe -- End of file - 18286 bytes [code][/code] Link to comment Share on other sites More sharing options...
Klingonka Posted August 26, 2008 Share Posted August 26, 2008 Máš tam kopu spywaru (MyWebSearch, FunWebProducts). Link to comment Share on other sites More sharing options...
giia Posted August 26, 2008 Author Share Posted August 26, 2008 kopu spywaru tam mam znamena ze to mam vymazat nejako alebo co mam robit? Link to comment Share on other sites More sharing options...
valcik Posted August 26, 2008 Share Posted August 26, 2008 keď si pozrieš ostatné témy s logmi, nájdeš tam kopu odkazov na programy ktoré hľadajú a odstraňujú spyware. skús si niektorý nainštalovať, aktualizovať a spustiť. potrvá to trocha dlhšie, tak si na to rezervuj aspoň dve hodinky, ale stojí to za to. podľa mňa sa oplatí začať programom Spybot - Search & Destroy, tu si ho môžeš stiahnuť z domovskej stránky, tu je download z českej stránky slunecnice.cz spybot je freeware, netreba zaň platiť a je to plná verzia. dokáže vyhľadať a odstrániť viac vecí, nielen spyware. Link to comment Share on other sites More sharing options...
giia Posted August 26, 2008 Author Share Posted August 26, 2008 co to znamena ,,is not valid for win 32" co ma byt ten win 32? lebo akykolvek spybot, spyterminator a skratka veskere spy veci mi skoncia pri tomto ozname a nemozem ich nainstalovat do pc... Link to comment Share on other sites More sharing options...
valcik Posted August 27, 2008 Share Posted August 27, 2008 co to znamena ,,is not valid for win 32" co ma byt ten win 32? táto hláška znamená, že aplikácia ktorú sa snažíš nainštalovať nie je programovaná pre 32bitovú verziu Windows, ktorú používaš. to však neznamená, že to tak skutočne je. možno bol len inštalačný súbor poškodený pri sťahovaní, možno sú v tvojom systéme momentálne niektoré dôležité súbory poškodené a preto sa tam ten oznam objavuje. môžeš skúsiť ten program rozbehnúť na inom PC, ak sa to podarí, chyba bude v tvojom operačnom systéme. ak áno, ostáva ti len pohľadať nejaký portable program ktorý sa dá spustiť bez inštalácie. (napr. z USB kľúča) ..ak by sa toto prihodilo mne, zrejme celý Windows preinštalujem, ktovie čo všetko tam je poškodené a či sa s tým oplatí zápasiť. ešte počkaj, možno poradia aj ďalší ľudia. Link to comment Share on other sites More sharing options...
giia Posted August 27, 2008 Author Share Posted August 27, 2008 A co vsetko sa mysli pod tym ,,preinstalovat windows" lebo uz viaceri mi to radili, ale ja som v zahranici a neviem ci tu mam aj instalacne cd so sebou. To preinstalovanie zvladam aj sama alebo na to treba niekoho. Link to comment Share on other sites More sharing options...
valcik Posted August 27, 2008 Share Posted August 27, 2008 pri preinštalovaní OS je dobré úplne zmazať disk (alebo partíciu) na ktorom je teraz Windows a najlepšie je odznova ho naformátovať, to znamená že zo svojho systémového disku kompletne odstrániš všetky údaje, ktoré na ňom sú. (spolu s vírusmi : ) potom sa odznova nahrá systém z inštalačného CD, okrem toho však potom treba doplniť do nového systému niektoré ovládače a programy. nie je to také zložité ako to vyzerá, myslím že človek ktorý trocha vie čo robí to zvládne sám. ak ale nemáš chuť na experimenty, lepšie bude ak ti s tým prvýkrát pomôže niekto z okolia, kto s tým má viac skúseností. Link to comment Share on other sites More sharing options...
Darkman Posted August 27, 2008 Share Posted August 27, 2008 Vzhladom na to ze podla vsetkeho toho moc o PC nevies, tak ti vazne odporucam, zozen si niekoho kto vie. Nie je to sice moc zlozite, ale instalacia by ta asi zahltila terminmi ktorym nerozumies (particia, suborovy system, formatovanie.....) a teda by si tapala a isla naslepo, co by nemuselo robit dobrotu :) S tym pocitacom nic ine poriadne nespravis, tam ten spyware narobil taku sarapatu v konfiguracii ze s tym uz nikto nic nespravi... len reinstall. co to znamena ,,is not valid for win 32" co ma byt ten win 32? lebo akykolvek spybot, spyterminator a skratka veskere spy veci mi skoncia pri tomto ozname a nemozem ich nainstalovat do pc... Win32 je Windows. Teraz ide v principe o to, ze spyware nastavil tvoj windows tak, ze sam spyware kontroluje ktore aplikacie povoli spustit a ktore nie. A odstranenie tohoto je naozaj na dlhe lakte :lol: Len reinstall :) Link to comment Share on other sites More sharing options...
Klingonka Posted August 27, 2008 Share Posted August 27, 2008 keď som dala ten log analyzovať, tak vyskočilo aspoň 10 riadkov že je chybných , strašne to má chytené a ešte tam je ASIi aj falošný Svchost. Mne pomohol aj anti-spyware, aj ručné mazanie, aj CC Cleaner, aj nejaký Malicous software remover ten tiež niečo zmazal keď som mala víry. A Nod sa mi samozrejme ozval až keď som nejaký súbor chcela vymazať ručne. C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe C:\WINDOWS\system32\drivers\svchost.exe R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe Musí být opraven! Added by the ZAPCHAS-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265YYIE O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitia lSetup1.0.1.0.cab O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe Tu ozaj pomôže iba reinstall. Alebo môžeš sa pustiť do mazania a fixovania, v podstate je to jedno, lebo iná možnosť neni 2 antivíry mať nemôžeš, keď už máš avast, možno by ešte pomohol nejaký online scan... Link to comment Share on other sites More sharing options...
Diallix Posted January 5, 2009 Share Posted January 5, 2009 Aplikujte Combofix: Stiahnite si na plochu ComboFix Nasledne ho spustite (ucet Administratora). Po spusteni naskocia licencne podmienky s ktorymi suhlaste a pokracujte ANO/YES/OK. Zacne sken pocas ktoreho neklikajte pomimo okna. Cely sken trva cca. 10 minut. Po skene ComboFix vygeneruje log, ktory ulozi do cielovej jednotky, napr. c:\ s nazvom ComboFix.log. Obsah celeho logu skopirujte sem. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now