Jump to content

Log Erika


giia
 Share

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:39:33, on 25.8.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\lphcn8fj0ecce.exe
C:\Program Files\rhcj8fj0ecce\rhcj8fj0ecce.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ICQ6\ICQ.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\pphcn8fj0ecce.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\a\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.rd.yahoo.com/customize/ycomp/defaults/sb/*http://uk.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.booom.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: 222.124.95.134 msk1.drweb.com
O1 - Hosts: 42.5.144.121 www.msk1.drweb.com
O1 - Hosts: 76.30.74.30 msk2.drweb.com
O1 - Hosts: 132.140.229.178 www.msk2.drweb.com
O1 - Hosts: 130.239.199.194 msk3.drweb.com
O1 - Hosts: 215.71.52.146 www.msk3.drweb.com
O1 - Hosts: 170.182.104.192 msk4.drweb.com
O1 - Hosts: 172.136.227.37 www.msk4.drweb.com
O1 - Hosts: 78.112.5.252 boss.drweb.comdrweb.com
O1 - Hosts: 49.20.218.70 www.boss.drweb.comdrweb.com
O1 - Hosts: 45.176.222.157 viruslist.com
O1 - Hosts: 52.111.215.205 www.viruslist.com
O1 - Hosts: 71.144.126.196 norman.com
O1 - Hosts: 216.149.228.78 www.norman.com
O1 - Hosts: 202.38.254.251 sandbox.norman.com
O1 - Hosts: 196.230.219.118 www.sandbox.norman.com
O1 - Hosts: 16.168.174.19 esaugumas.lt
O1 - Hosts: 251.64.25.194 www.esaugumas.lt
O1 - Hosts: 214.245.200.36 antivirus.esaugumas.lt
O1 - Hosts: 192.150.187.233 www.antivirus.esaugumas.lt
O1 - Hosts: 246.64.47.2 esecurity.lt
O1 - Hosts: 73.220.111.6 www.esecurity.lt
O1 - Hosts: 208.233.237.212 virustotal.com
O1 - Hosts: 218.124.145.122 www.virustotal.com
O1 - Hosts: 78.231.153.54 virusscan.jotti.org
O1 - Hosts: 225.102.230.25 www.virusscan.jotti.org
O1 - Hosts: 26.90.239.113 bkav.com.vn
O1 - Hosts: 109.33.46.197 www.bkav.com.vn
O1 - Hosts: 69.56.86.48 bitdefender.com
O1 - Hosts: 224.228.160.242 www.bitdefender.com
O1 - Hosts: 119.8.240.135 aonealarm.com
O1 - Hosts: 158.163.54.249 www.aonealarm.com
O1 - Hosts: 111.135.199.219 barracudanetworks.com
O1 - Hosts: 128.93.176.48 www.barracudanetworks.com
O1 - Hosts: 18.233.73.136 free-av.com
O1 - Hosts: 139.143.13.108 www.free-av.com
O1 - Hosts: 39.22.168.252 avast.com
O1 - Hosts: 234.173.82.215 www.avast.com
O1 - Hosts: 217.43.92.59 pandasecurity.com
O1 - Hosts: 105.155.8.110 www.pandasecurity.com
O1 - Hosts: 56.248.158.92 nod32-es.com
O1 - Hosts: 251.53.188.129 www.nod32-es.com
O1 - Hosts: 183.128.238.9 nod32.com
O1 - Hosts: 53.200.126.54 www.nod32.com
O1 - Hosts: 176.125.142.3 eset.com
O1 - Hosts: 208.151.99.7 www.eset.com
O1 - Hosts: 220.217.4.155 nod32.it
O1 - Hosts: 43.87.4.63 www.nod32.it
O1 - Hosts: 219.54.156.58 nod32.de
O1 - Hosts: 198.179.253.129 www.nod32.de
O1 - Hosts: 178.102.227.218 nod32.nl
O1 - Hosts: 200.200.110.65 www.nod32.nl
O1 - Hosts: 72.244.46.139 nod32.datsec.de
O1 - Hosts: 122.170.124.73 www.nod32.datsec.de
O1 - Hosts: 232.153.17.239 u0.eset.com
O1 - Hosts: 202.222.209.54 u1.eset.com
O1 - Hosts: 194.200.232.190 u2.eset.com
O1 - Hosts: 201.222.24.248 u3.eset.com
O1 - Hosts: 105.35.81.67 u4.eset.com
O1 - Hosts: 46.152.131.85 u5.eset.com
O1 - Hosts: 87.3.176.221 u6.eset.com
O1 - Hosts: 208.239.69.102 u7.eset.com
O1 - Hosts: 101.244.170.127 u8.eset.com
O1 - Hosts: 48.56.24.25 u9.eset.com
O1 - Hosts: 83.54.171.48 u10.eset.com
O1 - Hosts: 237.190.184.174 u11.eset.com
O1 - Hosts: 70.61.96.140 u12.eset.com
O1 - Hosts: 77.63.101.58 u13.eset.com
O1 - Hosts: 69.50.61.65 u14.eset.com
O1 - Hosts: 187.109.101.39 u15.eset.com
O1 - Hosts: 187.113.248.146 u16.eset.com
O1 - Hosts: 67.110.128.177 u17.eset.com
O1 - Hosts: 248.9.12.216 u18.eset.com
O1 - Hosts: 24.92.131.106 u19.eset.com
O1 - Hosts: 176.62.55.252 u20.eset.com
O1 - Hosts: 15.197.189.183 u21.eset.com
O1 - Hosts: 122.10.253.254 u22.eset.com
O1 - Hosts: 33.44.133.81 u23.eset.com
O1 - Hosts: 82.152.35.114 u24.eset.com
O1 - Hosts: 237.135.178.198 u25.eset.com
O1 - Hosts: 24.200.52.253 u26.eset.com
O1 - Hosts: 51.191.33.246 u27.eset.com
O1 - Hosts: 15.174.255.220 u28.eset.com
O1 - Hosts: 90.51.51.150 u29.eset.com
O1 - Hosts: 94.18.23.94 u30.eset.com
O1 - Hosts: 236.53.76.175 u31.eset.com
O1 - Hosts: 146.241.82.101 u32.eset.com
O1 - Hosts: 20.139.85.32 u33.eset.com
O1 - Hosts: 26.251.74.233 u34.eset.com
O1 - Hosts: 39.239.59.24 u35.eset.com
O1 - Hosts: 202.19.223.116 u36.eset.com
O1 - Hosts: 24.144.110.157 u37.eset.com
O1 - Hosts: 89.210.179.167 u38.eset.com
O1 - Hosts: 2.143.99.8 u39.eset.com
O1 - Hosts: 228.5.173.180 u40.eset.com
O1 - Hosts: 162.131.18.134 u41.eset.com
O1 - Hosts: 104.42.119.226 u42.eset.com
O1 - Hosts: 218.245.121.153 u43.eset.com
O1 - Hosts: 75.247.0.12 u44.eset.com
O1 - Hosts: 48.228.23.149 u45.eset.com
O1 - Hosts: 212.211.251.34 u46.eset.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and rekord Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [lphcn8fj0ecce] C:\WINDOWS\system32\lphcn8fj0ecce.exe
O4 - HKLM\..\Run: [SMrhcj8fj0ecce] C:\Program Files\rhcj8fj0ecce\rhcj8fj0ecce.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265YYIE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {CE40C3F1-3DF5-4461-A521-810923235628} (JOJ_Explorer_Player Control) - http://www.joj.sk/fileadmin/joj_player/JOJ_Explorer_Player.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 18286 bytes
[code]

[/code]

Link to comment
Share on other sites

  • Replies 10
  • Created
  • Last Reply

Top Posters In This Topic

  • Darkman

    1

  • Klingonka

    2

  • valcik

    3

  • giia

    4

keď si pozrieš ostatné témy s logmi, nájdeš tam kopu odkazov na programy ktoré hľadajú a odstraňujú spyware. skús si niektorý nainštalovať, aktualizovať a spustiť. potrvá to trocha dlhšie, tak si na to rezervuj aspoň dve hodinky, ale stojí to za to.

 

podľa mňa sa oplatí začať programom Spybot - Search & Destroy,

 

tu si ho môžeš stiahnuť z domovskej stránky,

tu je download z českej stránky slunecnice.cz

 

spybot je freeware, netreba zaň platiť a je to plná verzia. dokáže vyhľadať a odstrániť viac vecí, nielen spyware.

Link to comment
Share on other sites

co to znamena ,,is not valid for win 32" co ma byt ten win 32? lebo akykolvek spybot, spyterminator a skratka veskere spy veci mi skoncia pri tomto ozname a nemozem ich nainstalovat do pc...

Link to comment
Share on other sites

co to znamena ,,is not valid for win 32" co ma byt ten win 32?

táto hláška znamená, že aplikácia ktorú sa snažíš nainštalovať nie je programovaná pre 32bitovú verziu Windows, ktorú používaš.

 

to však neznamená, že to tak skutočne je. možno bol len inštalačný súbor poškodený pri sťahovaní, možno sú v tvojom systéme momentálne niektoré dôležité súbory poškodené a preto sa tam ten oznam objavuje.

 

môžeš skúsiť ten program rozbehnúť na inom PC, ak sa to podarí, chyba bude v tvojom operačnom systéme. ak áno, ostáva ti len pohľadať nejaký portable program ktorý sa dá spustiť bez inštalácie. (napr. z USB kľúča)

 

..ak by sa toto prihodilo mne, zrejme celý Windows preinštalujem, ktovie čo všetko tam je poškodené a či sa s tým oplatí zápasiť. ešte počkaj, možno poradia aj ďalší ľudia.

Link to comment
Share on other sites

A co vsetko sa mysli pod tym ,,preinstalovat windows" lebo uz viaceri mi to radili, ale ja som v zahranici a neviem ci tu mam aj instalacne cd so sebou. To preinstalovanie zvladam aj sama alebo na to treba niekoho.

Link to comment
Share on other sites

pri preinštalovaní OS je dobré úplne zmazať disk (alebo partíciu) na ktorom je teraz Windows a najlepšie je odznova ho naformátovať, to znamená že zo svojho systémového disku kompletne odstrániš všetky údaje, ktoré na ňom sú. (spolu s vírusmi : )

 

potom sa odznova nahrá systém z inštalačného CD, okrem toho však potom treba doplniť do nového systému niektoré ovládače a programy. nie je to také zložité ako to vyzerá, myslím že človek ktorý trocha vie čo robí to zvládne sám. ak ale nemáš chuť na experimenty, lepšie bude ak ti s tým prvýkrát pomôže niekto z okolia, kto s tým má viac skúseností.

Link to comment
Share on other sites

Vzhladom na to ze podla vsetkeho toho moc o PC nevies, tak ti vazne odporucam, zozen si niekoho kto vie. Nie je to sice moc zlozite, ale instalacia by ta asi zahltila terminmi ktorym nerozumies (particia, suborovy system, formatovanie.....) a teda by si tapala a isla naslepo, co by nemuselo robit dobrotu :)

 

S tym pocitacom nic ine poriadne nespravis, tam ten spyware narobil taku sarapatu v konfiguracii ze s tym uz nikto nic nespravi... len reinstall.

 

co to znamena ,,is not valid for win 32" co ma byt ten win 32? lebo akykolvek spybot, spyterminator a skratka veskere spy veci mi skoncia pri tomto ozname a nemozem ich nainstalovat do pc...

Win32 je Windows.

Teraz ide v principe o to, ze spyware nastavil tvoj windows tak, ze sam spyware kontroluje ktore aplikacie povoli spustit a ktore nie. A odstranenie tohoto je naozaj na dlhe lakte :lol:

Len reinstall :)

Link to comment
Share on other sites

keď som dala ten log analyzovať, tak vyskočilo aspoň 10 riadkov že je chybných , strašne to má chytené a ešte tam je ASIi aj falošný Svchost.

 

Mne pomohol aj anti-spyware, aj ručné mazanie, aj CC Cleaner, aj nejaký Malicous software remover ten tiež niečo zmazal keď som mala víry. A Nod sa mi samozrejme ozval až keď som nejaký súbor chcela vymazať ručne.

C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

C:\WINDOWS\system32\drivers\svchost.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL

O

4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe

 

Musí být opraven! Added by the ZAPCHAS-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm265YYIE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitia lSetup1.0.1.0.cab

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe

 

Tu ozaj pomôže iba reinstall. Alebo môžeš sa pustiť do mazania a fixovania, v podstate je to jedno, lebo iná možnosť neni 2 antivíry mať nemôžeš, keď už máš avast, možno by ešte pomohol nejaký online scan...

Link to comment
Share on other sites

  • 4 months later...

Aplikujte Combofix:

 

Stiahnite si na plochu ComboFix

 

Nasledne ho spustite (ucet Administratora).

Po spusteni naskocia licencne podmienky s ktorymi suhlaste a pokracujte ANO/YES/OK.

Zacne sken pocas ktoreho neklikajte pomimo okna. Cely sken trva cca. 10 minut.

Po skene ComboFix vygeneruje log, ktory ulozi do cielovej jednotky, napr. c:\ s nazvom ComboFix.log. Obsah celeho logu skopirujte sem.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share




×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Additional information you can see at Privacy Policy